JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.159.237.242

154.159.237.242 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 64%: ?

64%

ISP	Airtel Networks Kenya Limited
Usage Type	Mobile ISP
ASN	AS36926
Hostname(s)	242-237-159-154.r.airtelkenya.com
Domain Name	airtel.in
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.159.237.242

Whois 154.159.237.242

IP Abuse Reports for 154.159.237.242:

This IP address has been reported a total of 44 times from 30 distinct sources. 154.159.237.242 was first reported on March 17th 2023, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 masterguru	2026-06-16 05:03:59 (2 days ago)	(xmlrpc) Failed xmlrpc access from 154.159.237.242 (KE/Kenya/242-237-159-154.r.airtelkenya.com): 5 i ... show more (xmlrpc) Failed xmlrpc access from 154.159.237.242 (KE/Kenya/242-237-159-154.r.airtelkenya.com): 5 in the last 3600 secs (0-122) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-16 04:34:38 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.242 (242-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.242 (242-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 00:34:34.885364 2026] [security2:error] [pid 20153:tid 20153] [client 154.159.237.242:20610] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.242 (+1 hits since last alert)\|williamfitzsimmons.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "williamfitzsimmons.com"] [uri "/xmlrpc.php"] [unique_id "ajDSWpgDB94gC6KW7QyhnAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-16 04:32:36 (2 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-16 03:45:21 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.242 (242-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.242 (242-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 23:45:17.032034 2026] [security2:error] [pid 26584:tid 26584] [client 154.159.237.242:12310] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.242 (+1 hits since last alert)\|cliniquecavalancia.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cliniquecavalancia.com"] [uri "/xmlrpc.php"] [unique_id "ajDGzVE-5lTjkh7mTdvu0AAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-16 03:38:46 (2 days ago)	154.159.237.242 - - [16/Jun/2026:05:38:33 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 154.159.237.242 ... show more 154.159.237.242 - - [16/Jun/2026:05:38:33 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 154.159.237.242 - - [16/Jun/2026:05:38:44 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 ... show less	Brute-Force Bad Web Bot
Anonymous	2026-06-15 13:39:12 (3 days ago)	(wordpress) Failed wordpress login from 154.159.237.242 (KE/Kenya/Nairobi County/Nairobi/242-237-159 ... show more (wordpress) Failed wordpress login from 154.159.237.242 (KE/Kenya/Nairobi County/Nairobi/242-237-159-154.r.airtelkenya.com/[redacted]) show less	Brute-Force
Anonymous	2026-06-15 08:45:09 (3 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇪🇸 masterguru	2026-06-15 04:13:11 (3 days ago)	(xmlrpc) Failed xmlrpc access from 154.159.237.242 (KE/Kenya/242-237-159-154.r.airtelkenya.com): 5 i ... show more (xmlrpc) Failed xmlrpc access from 154.159.237.242 (KE/Kenya/242-237-159-154.r.airtelkenya.com): 5 in the last 3600 secs (0-122) show less	Hacking
Anonymous	2026-06-13 12:30:50 (5 days ago)	154.159.237.242 - - [13/Jun/2026:14:30:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by ... show more 154.159.237.242 - - [13/Jun/2026:14:30:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com" 154.159.237.242 - - [13/Jun/2026:14:30:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)" 154.159.237.242 - - [13/Jun/2026:14:30:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com" 154.159.237.242 - - [13/Jun/2026:14:30:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)" 154.159.237.242 - - [13/Jun/2026:14:30:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "WordPress.com; https://wordpress.com" ... show less	Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-13 10:58:22 (5 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 13:28:58 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.242 (242-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.242 (242-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 09:28:54.466989 2026] [security2:error] [pid 22621:tid 22621] [client 154.159.237.242:22828] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.242 (+1 hits since last alert)\|guarinofurnituredesigns.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "guarinofurnituredesigns.com"] [uri "/xmlrpc.php"] [unique_id "aiwJln7jqPWtzcjSWgC8twAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 06:28:33 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 154.159.237.242 (242-237-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.237.242 (242-237-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 02:28:27.254996 2026] [security2:error] [pid 31416:tid 31416] [client 154.159.237.242:25952] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.237.242 (+1 hits since last alert)\|schlegelcreative.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "schlegelcreative.com"] [uri "/xmlrpc.php"] [unique_id "aiunC_FdGyTxOjONE5_s4wAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-06-12 04:59:53 (6 days ago)	(xmlrpc) Failed xmlrpc access from 154.159.237.242 (KE/Kenya/242-237-159-154.r.airtelkenya.com): 5 i ... show more (xmlrpc) Failed xmlrpc access from 154.159.237.242 (KE/Kenya/242-237-159-154.r.airtelkenya.com): 5 in the last 3600 secs (0-122) show less	Hacking
🇦🇹 urnilxfgbez	2026-05-25 22:45:00 (3 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
Anonymous	2026-05-23 21:16:25 (3 weeks ago)	Unauthorized connection to Telnet port 23	Port Scan

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 91.230.168.139

🇨🇱 68.211.177.55

🇺🇸 2602:80d:1007::75

🇨🇳 219.153.106.29

🇺🇸 206.189.78.39

🇭🇰 185.242.232.164

🇸🇬 152.42.175.252

🇭🇰 150.5.169.138

🇳🇱 104.23.172.30

🇻🇳 103.45.234.213

🇺🇸 91.230.168.197

🇷🇺 45.195.221.26

🇬🇧 35.203.211.179

🇺🇸 2602:80d:1008::23

🇰🇷 211.223.107.86

🇬🇧 161.35.34.88

🇺🇸 64.30.73.87

🇺🇸 45.130.83.104

🇺🇸 34.125.228.73

🇻🇪 190.142.97.50