JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 119.157.161.237

119.157.161.237 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 47%: ?

47%

ISP	IPTV
Usage Type	Fixed Line ISP
ASN	AS17557
Domain Name	ptcl.net.pk
Country	🇵🇰 Pakistan
City	Bahawalpur, Punjab

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 119.157.161.237

Whois 119.157.161.237

IP Abuse Reports for 119.157.161.237:

This IP address has been reported a total of 13 times from 9 distinct sources. 119.157.161.237 was first reported on June 5th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-12 10:07:03 (1 week ago)	Trying to access config files	Web App Attack
🇩🇪 rh24	2026-06-11 09:33:51 (1 week ago)	(wordpress) Failed wordpress login from 119.157.161.237 (PK/Pakistan/-): (CF_ENABLE)	Brute-Force
Anonymous	2026-06-11 06:06:03 (1 week ago)	Trying to access config files	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 06:27:06 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 119.157.161.237 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 119.157.161.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 02:27:01.009154 2026] [security2:error] [pid 22803:tid 22803] [client 119.157.161.237:57746] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 119.157.161.237 (+1 hits since last alert)\|internetnameregistration.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "internetnameregistration.com"] [uri "/xmlrpc.php"] [unique_id "aikDtfjl_fd9srHqYWb7OAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 06:26:15 (1 week ago)	(wordpress) Failed wordpress login from 119.157.161.237 (PK/Pakistan/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-10 04:54:20 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 119.157.161.237 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 119.157.161.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 00:54:13.198870 2026] [security2:error] [pid 28205:tid 28205] [client 119.157.161.237:64790] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 119.157.161.237 (+1 hits since last alert)\|globaldentalservices.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "globaldentalservices.com"] [uri "/xmlrpc.php"] [unique_id "aijt9UELzPa3FUwMV8L1mgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 04:51:45 (1 week ago)	Fail2ban filtered ...	Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 10:41:32 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 119.157.161.237 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 119.157.161.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 06:41:28.135313 2026] [security2:error] [pid 9991:tid 9991] [client 119.157.161.237:64615] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 119.157.161.237 (+1 hits since last alert)\|rochesterhistorical.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rochesterhistorical.org"] [uri "/xmlrpc.php"] [unique_id "aift2MDfunpDB3U2ywYjywAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 cwytech	2026-06-09 08:35:23 (1 week ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wp-us-login-only-high.	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 04:06:11 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 119.157.161.237 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 119.157.161.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 00:06:07.462593 2026] [security2:error] [pid 31621:tid 31621] [client 119.157.161.237:59462] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 119.157.161.237 (+1 hits since last alert)\|imbrasacademic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "imbrasacademic.com"] [uri "/xmlrpc.php"] [unique_id "aieRL4NnDHJbqr9bq_t1wwAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-06-05 08:42:22 (2 weeks ago)	(wordpress) Failed wordpress login from 119.157.161.237 (PK/Pakistan/-)	Brute-Force
🇫🇷 dynamix	2026-06-05 08:41:38 (2 weeks ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 graphics-muse.org	2026-06-05 07:47:12 (2 weeks ago)	Fri Jun 05 01:46:55.775021 2026119.157.161.237 - - [05/Jun/2026:01:46:54 -0600] "POST /xmlrpc.php HT ... show more Fri Jun 05 01:46:55.775021 2026119.157.161.237 - - [05/Jun/2026:01:46:54 -0600] "POST /xmlrpc.php HTTP/1.1" 200 449 Fri Jun 05 01:46:55.775021 2026119.157.161.237 - - [05/Jun/2026:01:46:54 -0600] "POST /xmlrpc.php HTTP/1.1" 200 2619 "-" "WordPress.com; https://wordpress.com" Fri Jun 05 01:47:00.715833 2026119.157.161.237 - - [05/Jun/2026:01:47:00 -0600] "POST /xmlrpc.php HTTP/1.1" 200 449 Fri Jun 05 01:47:00.715833 2026119.157.161.237 - - [05/Jun/2026:01:47:00 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3379 "-" "Jetpack/12.5; WordPress/6.1; http://site23982181.com" Fri Jun 05 01:47:11.645245 2026119.157.161.237 - - [05/Jun/2026:01:47:11 -0600] "POST /xmlrpc.php HTTP/1.1" 200 449 Fri Jun 05 01:47:11.645245 2026119.157.161.237 - - [05/Jun/2026:01:47:11 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3380 "-" "Jetpack/12.1; WordPress/6.1; http://site45128755.com" ... show less	Brute-Force Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 217.60.195.138

🇸🇬 194.5.82.106

🇸🇪 185.195.233.193

🇰🇷 175.203.61.49

🇺🇸 159.26.103.95

🇺🇸 147.185.132.15

🇨🇳 120.48.54.130

🇺🇸 66.132.224.26

🇩🇪 65.111.27.212

🇻🇳 45.117.179.232

🇺🇸 34.16.206.249

🇩🇪 194.88.98.119

🇵🇾 190.52.128.174

🇺🇸 147.185.132.126

🇬🇧 134.122.105.106

🇫🇷 85.217.140.10

🇮🇩 69.5.0.120

🇺🇸 65.49.1.222

🇹🇼 59.115.55.237

🇳🇱 45.148.10.141