JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 121.52.147.22

121.52.147.22 was found in our database!

This IP was reported 86 times. Confidence of Abuse is 41%: ?

41%

ISP	PERN-Pakistan Education & Research Network is an
Usage Type	University/College/School
ASN	AS45773
Hostname(s)	upesh.edu.pk
Domain Name	pern.pk
Country	🇵🇰 Pakistan
City	Islamabad, Islamabad

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 121.52.147.22

Whois 121.52.147.22

IP Abuse Reports for 121.52.147.22:

This IP address has been reported a total of 86 times from 47 distinct sources. 121.52.147.22 was first reported on May 24th 2023, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇷 Threat.live	2026-06-09 08:15:02 (4 days ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 TPI-Abuse	2026-06-01 17:11:06 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 13:11:00.815269 2026] [security2:error] [pid 11725:tid 11725] [client 121.52.147.22:63372] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.147.22 (+1 hits since last alert)\|velvetculture.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "velvetculture.com"] [uri "/xmlrpc.php"] [unique_id "ah29JDW6FvxgXZn1dzxaSQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (2 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: e316b406-db2c-400a-bc37-dfbfcc0acc61	DDoS Attack
🇬🇧 PeravixGroup	2026-05-21 09:27:51 (3 weeks ago)	Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran. ... show more Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran.cloud show less	FTP Brute-Force Brute-Force
Anonymous	2026-05-18 04:57:39 (3 weeks ago)	2026-05-18 04:57:39 warning[3020586]: host upesh.edu.pk[121.52.147.22]: unauthorized acces ... show more 2026-05-18 04:57:39 warning[3020586]: host upesh.edu.pk[121.52.147.22]: unauthorized access attempted: tcp/21 show less	Port Scan Brute-Force
🇲🇾 Rizzy	2026-05-18 04:22:22 (3 weeks ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 08:55:40 (4 weeks ago)	(mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 04:55:32.203740 2026] [security2:error] [pid 8622:tid 8622] [client 121.52.147.22:50173] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.147.22 (+1 hits since last alert)\|vzan.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "vzan.org"] [uri "/xmlrpc.php"] [unique_id "agWOBEMniKetcSKSyryCWwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 07:31:22 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 ... show more (mod_security) mod_security (id:225170) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 03:31:14.144789 2026] [security2:error] [pid 4791:tid 4791] [client 121.52.147.22:53478] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|tourissue.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tourissue.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agQowvHt-XS6UXkeW5a2ZQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 03:47:41 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 23:47:33.216689 2026] [security2:error] [pid 16795:tid 16795] [client 121.52.147.22:65178] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.147.22 (+1 hits since last alert)\|4115thewestford.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "4115thewestford.com"] [uri "/xmlrpc.php"] [unique_id "agP0VYvPSshyjKtqTiMUjAAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-05-13 03:43:53 (1 month ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-05-11 08:33:05 (1 month ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-07 05:15:17 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 01:15:12.933190 2026] [security2:error] [pid 25673:tid 25673] [client 121.52.147.22:61032] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.147.22 (+1 hits since last alert)\|hayrun.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hayrun.com"] [uri "/xmlrpc.php"] [unique_id "afwf4En-RoT5oPPxB9ViEgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 lostswordfish.com	2026-05-06 07:10:05 (1 month ago)	Wordfence waf block on decarcerationnation	Web App Attack
🇫🇷 applemooz	2026-05-05 08:20:01 (1 month ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-05 04:03:05 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.147.22 (upesh.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 05 00:02:59.488247 2026] [security2:error] [pid 18951:tid 18951] [client 121.52.147.22:55508] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.147.22 (+1 hits since last alert)\|dynamic-therapy-mn.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dynamic-therapy-mn.com"] [uri "/xmlrpc.php"] [unique_id "aflr87iwb0d2iOblVShZFgAAABg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 86 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇿🇲 102.220.158.245

🇨🇭 185.211.94.76

🇫🇷 185.188.249.30

🇵🇪 161.132.56.38

🇳🇱 158.94.209.107

🇨🇳 122.224.205.42

🇺🇸 104.234.208.73

🇫🇷 82.102.18.118

🇫🇮 80.66.83.178

🇸🇬 47.79.202.44

🇨🇭 34.158.23.185

🇺🇸 216.73.217.94

🇺🇸 192.3.145.26

🇮🇳 182.95.107.110

🇨🇳 120.231.37.99

🇷🇴 109.166.202.228

🇺🇸 104.234.208.198

🇬🇧 78.153.140.252

🇬🇧 78.153.140.43

🇨🇳 39.151.79.28