JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.192.222.21

154.192.222.21 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 64%: ?

64%

ISP	Nayatel Private Limited
Usage Type	Fixed Line ISP
ASN	AS23674
Domain Name	nayatel.com
Country	🇵🇰 Pakistan
City	Lahore, Punjab

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.192.222.21

Whois 154.192.222.21

IP Abuse Reports for 154.192.222.21:

This IP address has been reported a total of 18 times from 15 distinct sources. 154.192.222.21 was first reported on February 8th 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TNZ	2026-06-16 18:30:39 (11 hours ago)	Automated honeypot: injection:xml_injection \| Path: /xmlrpc.php \| ISP: AS23674 Nayatel (Pvt) Ltd \| A ... show more Automated honeypot: injection:xml_injection \| Path: /xmlrpc.php \| ISP: AS23674 Nayatel (Pvt) Ltd \| ASN: AS23674 Nayatel (Pvt) Ltd \| Abuse score: 64 \| Open ports: [] \| UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x64) AppleWebKit/537.36 (KHTML, like Gec show less	Web App Attack
Anonymous	2026-06-15 16:57:04 (1 day ago)	154.192.222.21 - - [16/Jun/2026:00:57:04 +0800] "POST /xmlrpc.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 ... show more 154.192.222.21 - - [16/Jun/2026:00:57:04 +0800] "POST /xmlrpc.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/69.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 15:24:15 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 154.192.222.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 154.192.222.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 11:24:11.220095 2026] [security2:error] [pid 17878:tid 17878] [client 154.192.222.21:7574] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|alejandrogorsse.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "alejandrogorsse.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajAZG56gz_KnrawNwbLBlAAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-06-13 12:41:24 (3 days ago)	Known malicious PHP file or CMS probe	Web App Attack
🇳🇱 wlt-blocker	2026-06-12 18:21:08 (4 days ago)	Unauthorized access to webpage admin	Web App Attack
🇳🇱 wlt-blocker	2026-06-10 07:03:17 (6 days ago)	Unauthorized access to webpage admin	Web App Attack
🇳🇱 wlt-blocker	2026-06-08 12:29:26 (1 week ago)	Unauthorized access to webpage admin	Web App Attack
Anonymous	2026-06-08 11:05:19 (1 week ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (12/60 min)'; Requests=12	Port Scan
🇩🇪 rh24	2026-06-06 20:05:03 (1 week ago)	(wordpress) Failed wordpress login from 154.192.222.21 (PK/Pakistan/-): (CF_ENABLE)	Brute-Force
Anonymous	2026-06-03 12:20:30 (1 week ago)	[server.tmg.gr] httpd-xmlrpc-post: sites=ikee.gr; logs=/var/log/httpd/domains/ikee.gr.log; samples=/ ... show more [server.tmg.gr] httpd-xmlrpc-post: sites=ikee.gr; logs=/var/log/httpd/domains/ikee.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
Anonymous	2026-06-03 11:47:01 (1 week ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1, GET /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇩🇪 stinpriza	2026-06-02 16:47:02 (2 weeks ago)	Web App Attack	Web App Attack
🇺🇸 WeekendWeb	2026-06-02 15:18:13 (2 weeks ago)	Wordpress Vunerability attack	Web App Attack
🇺🇸 mnsf	2026-06-02 14:11:13 (2 weeks ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇳🇱 wlt-blocker	2026-05-31 16:01:07 (2 weeks ago)	Unauthorized access to webpage admin	Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇪 179.6.1.143

🇧🇷 170.245.123.81

🇺🇸 162.141.167.4

🇨🇳 118.145.242.91

🇰🇷 116.123.150.231

🇺🇸 94.158.247.241

🇫🇷 85.217.140.49

🇳🇱 195.178.110.30

🇭🇰 185.239.84.249

🇰🇷 183.97.44.163

🇰🇪 154.79.248.34

🇺🇸 147.185.132.49

🇺🇸 147.185.132.10

🇺🇸 143.198.134.226

🇷🇴 141.98.83.48

🇸🇬 101.47.156.170

🇫🇷 84.235.235.234

🇳🇱 45.148.10.15

🇩🇪 45.43.62.37

🇨🇳 43.139.53.45