JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 121.52.158.154

121.52.158.154 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 65%: ?

65%

ISP	PERN-Pakistan Education & Research Network is an
Usage Type	University/College/School
ASN	AS45773
Hostname(s)	old-pu.edu.pk
Domain Name	pern.pk
Country	🇵🇰 Pakistan
City	Vihari, Punjab

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 121.52.158.154

Whois 121.52.158.154

IP Abuse Reports for 121.52.158.154:

This IP address has been reported a total of 27 times from 20 distinct sources. 121.52.158.154 was first reported on May 25th 2021, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 myintarweb	2026-06-15 07:19:23 (1 day ago)	121.52.158.154 - - [15/Jun/2026:08:19:22 +0100] 443 "POST /xmlrpc.php HTTP/1.1" 405 4871 "-" "Mozill ... show more 121.52.158.154 - - [15/Jun/2026:08:19:22 +0100] 443 "POST /xmlrpc.php HTTP/1.1" 405 4871 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/76.0.0.0 Safari/537.36" ... show less	Hacking Bad Web Bot Web App Attack
🇫🇷 Kenshin869	2026-06-15 07:13:23 (1 day ago)	Wordpress unauthorized access attempt	Brute-Force
🇫🇷 francoisunix	2026-06-13 10:56:45 (3 days ago)	121.52.158.154 - - [13/Jun/2026:10:56:01 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12. ... show more 121.52.158.154 - - [13/Jun/2026:10:56:01 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.5; WordPress/6.1; http://site84691079.com" 121.52.158.154 - - [13/Jun/2026:10:56:11 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/13.0; WordPress/6.4; http://site57197558.com" 121.52.158.154 - - [13/Jun/2026:10:56:21 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" 121.52.158.154 - - [13/Jun/2026:10:56:32 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "WordPress.com; https://wordpress.com" 121.52.158.154 - - [13/Jun/2026:10:56:43 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.0; WordPress/6.4; http://site20603356.com" ... show less	Web App Attack
🇩🇪 konseptit	2026-06-13 08:24:56 (3 days ago)	(wordpress) Failed wordpress login from 121.52.158.154 (PK/Pakistan/old-pu.edu.pk)	Brute-Force
🇫🇷 tecnicorioja	2026-06-12 22:00:10 (3 days ago)	POST /xmlrpc.php [12/Jun/2026:06:53:47	Brute-Force Web App Attack
Anonymous	2026-06-12 15:17:49 (4 days ago)	[osotir.org] httpd-xmlrpc-post: sites=prostiniki.gr; logs=/var/log/httpd/domains/prostiniki.gr.log; ... show more [osotir.org] httpd-xmlrpc-post: sites=prostiniki.gr; logs=/var/log/httpd/domains/prostiniki.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇳🇱 ConsulHosting	2026-06-12 07:56:10 (4 days ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇺🇸 integrantservices.com	2026-06-12 07:39:55 (4 days ago)	(wordpress) Failed wordpress login from 121.52.158.154 (PK/Pakistan/old-pu.edu.pk)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-11 13:55:38 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 3 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 09:55:33.558818 2026] [security2:error] [pid 1237:tid 1237] [client 121.52.158.154:52802] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.158.154 (+1 hits since last alert)\|dandksupply.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dandksupply.com"] [uri "/xmlrpc.php"] [unique_id "aiq-VbMg3MAiqX56IqkW8gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 09:51:49 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 3 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 05:51:44.276829 2026] [security2:error] [pid 29313:tid 29313] [client 121.52.158.154:62447] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.158.154 (+1 hits since last alert)\|richmondrents.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "richmondrents.com"] [uri "/xmlrpc.php"] [unique_id "aiqFMAhaZ2rQsiFjOFWIAgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 12:51:04 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 3 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 08:50:59.729114 2026] [security2:error] [pid 6549:tid 6549] [client 121.52.158.154:57563] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.158.154 (+1 hits since last alert)\|enriquejezik.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "enriquejezik.com"] [uri "/xmlrpc.php"] [unique_id "ailds75lZF1s6oQ1fWAxVwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 07:47:42 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 3 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 03:47:34.653119 2026] [security2:error] [pid 11475:tid 11475] [client 121.52.158.154:57701] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.158.154 (+1 hits since last alert)\|furbabieslivesmatter.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "furbabieslivesmatter.com"] [uri "/xmlrpc.php"] [unique_id "aikWlh9zYBj-emvfqFjjvgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-09 08:20:48 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC PK/Pakistan/old-pu.edu.pk	Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 06:33:40 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 3 ... show more (mod_security) mod_security (id:240335) triggered by 121.52.158.154 (old-pu.edu.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 02:33:35.856030 2026] [security2:error] [pid 11283:tid 11300] [client 121.52.158.154:64245] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 121.52.158.154 (+1 hits since last alert)\|northtexaslive.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "northtexaslive.com"] [uri "/xmlrpc.php"] [unique_id "aiezvyul6KPFuy3kTedbNQAAAI8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-08 14:40:14 (1 week ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.222

🇳🇱 185.112.59.29

🇯🇵 154.31.117.98

🇺🇸 38.64.56.16

🇺🇸 20.124.84.235

🇲🇽 187.216.224.85

🇳🇱 176.65.139.216

🇺🇸 172.212.158.185

🇯🇵 151.241.5.123

🇺🇸 147.185.132.52

🇺🇸 108.181.3.205

🇵🇰 103.162.136.231

🇳🇱 89.21.67.188

🇧🇬 79.124.58.162

🇺🇸 74.91.127.225

🇩🇪 64.89.163.52

🇨🇳 58.54.160.54

🇵🇱 54.38.52.18

🇳🇱 45.148.10.157

🇺🇸 35.212.190.168