JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.159.237.231

154.159.237.231 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 69%: ?

69%

ISP	Airtel Networks Kenya Limited
Usage Type	Mobile ISP
ASN	AS36926
Hostname(s)	231-237-159-154.r.airtelkenya.com
Domain Name	airtel.in
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.159.237.231

Whois 154.159.237.231

IP Abuse Reports for 154.159.237.231:

This IP address has been reported a total of 45 times from 25 distinct sources. 154.159.237.231 was first reported on May 13th 2025, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-24 03:42:54 (2 hours ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 23:42:49.558012 2026] [security2:error] [pid 18338:tid 18338] [client 154.159.237.231:10231] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|mfleetservice.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mfleetservice.com"] [uri "/xmlrpc.php"] [unique_id "ajtSOXsVo8B1bw6nJ4_8MgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-24 02:30:00 (4 hours ago)	2.988 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇩🇪 abdubhai	2026-06-24 01:37:04 (5 hours ago)	154.159.237.231 - - [24/Jun/2026 ...	Brute-Force
🇺🇸 TPI-Abuse	2026-06-23 22:24:44 (8 hours ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 18:24:36.277597 2026] [security2:error] [pid 2332:tid 2332] [client 154.159.237.231:4460] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|boaredraven.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "boaredraven.com"] [uri "/xmlrpc.php"] [unique_id "ajsHpDi-LLVXUmaolgLt1AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-23 18:05:06 (12 hours ago)	(xmlrpc_405) XMLRPC-Bot 405 154.159.237.231 (KE/Kenya/231-237-159-154.r.airtelkenya.com)	Hacking
🇺🇸 integrantservices.com	2026-06-23 14:19:40 (16 hours ago)	(wordpress) Failed wordpress login from 154.159.237.231 (KE/Kenya/231-237-159-154.r.airtelkenya.com)	Brute-Force
🇫🇷 dynamix	2026-06-23 13:48:41 (16 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 12:27:12 (18 hours ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 08:27:05.196554 2026] [security2:error] [pid 31011:tid 31011] [client 154.159.237.231:17056] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|uphillfarmvt.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "uphillfarmvt.com"] [uri "/xmlrpc.php"] [unique_id "ajp7mUvmaRicQcTc57UZ_wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 10:24:37 (20 hours ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 06:24:34.214841 2026] [security2:error] [pid 19145:tid 19145] [client 154.159.237.231:17167] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|bernsteinip.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bernsteinip.com"] [uri "/xmlrpc.php"] [unique_id "ajpe4pg2J72hHBlGXZT70AAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 08:24:52 (22 hours ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 04:24:48.471477 2026] [security2:error] [pid 9500:tid 9500] [client 154.159.237.231:13827] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|scrunchiebuttbikinis.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "scrunchiebuttbikinis.com"] [uri "/xmlrpc.php"] [unique_id "ajpC0IRX3N-1ggZpXdVVBwAAAE8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 06:41:13 (23 hours ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 02:41:05.642790 2026] [security2:error] [pid 23847:tid 23985] [client 154.159.237.231:16175] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|pwihatah.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pwihatah.com"] [uri "/xmlrpc.php"] [unique_id "ajoqgboZRgAKgez6t-KyQgAAAdM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 02:03:41 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 22:03:37.113793 2026] [security2:error] [pid 8081:tid 8081] [client 154.159.237.231:15502] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|johncyphers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "johncyphers.com"] [uri "/xmlrpc.php"] [unique_id "ajnpeYc0cgbASrvpqSrcgwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 01:02:52 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 21:02:44.707738 2026] [security2:error] [pid 17115:tid 17115] [client 154.159.237.231:11654] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|odinathletes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "odinathletes.com"] [uri "/xmlrpc.php"] [unique_id "ajnbNEhM4V7sB9b5sgCHqQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 17:00:57 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 13:00:49.431940 2026] [security2:error] [pid 13773:tid 13773] [client 154.159.237.231:45879] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|bigheartskitchen.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bigheartskitchen.net"] [uri "/xmlrpc.php"] [unique_id "ajlqQWtiKdS7rRnOKyu05wAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 10:16:47 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.231 (231-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 06:16:40.503994 2026] [security2:error] [pid 24240:tid 24240] [client 154.159.237.231:17794] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.231 (+1 hits since last alert)\|dynamic-therapy-mn.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dynamic-therapy-mn.com"] [uri "/xmlrpc.php"] [unique_id "ajkLiMwzHB4IyuacDyZijAAAACA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.149.178

🇪🇬 154.177.248.130

🇬🇧 87.236.176.93

🇱🇹 62.60.130.219

🇺🇸 54.235.45.181

🇨🇭 45.39.7.48

🇸🇪 185.202.108.186

🇺🇸 162.158.155.188

🇮🇩 148.230.102.84

🇫🇷 91.231.89.151

🇺🇸 45.66.208.80

🇺🇸 195.184.76.241

🇺🇸 192.169.136.182

🇮🇳 182.78.197.66

🇳🇱 176.65.139.181

🇺🇸 107.150.98.168

🇮🇩 103.8.59.250

🇫🇷 91.231.89.226

🇳🇱 88.210.63.69

🇺🇸 64.62.156.204