JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.68.64.181

154.68.64.181 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 66%: ?

66%

ISP	Rwanda Ministry of Education
Usage Type	Government
ASN	AS37654
Domain Name	mineduc.gov.rw
Country	🇷🇼 Rwanda
City	Kigali, Kigali

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.68.64.181

Whois 154.68.64.181

IP Abuse Reports for 154.68.64.181:

This IP address has been reported a total of 44 times from 29 distinct sources. 154.68.64.181 was first reported on March 5th 2025, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-24 07:51:53 (4 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇳🇱 Site.eu	2026-06-22 18:07:50 (1 day ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-22 13:04:40 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 154.68.64.181 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 154.68.64.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 09:04:33.439936 2026] [security2:error] [pid 10290:tid 10290] [client 154.68.64.181:26179] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.68.64.181 (+1 hits since last alert)\|knoxbestos.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "knoxbestos.com"] [uri "/xmlrpc.php"] [unique_id "ajky4VYXM6SN221w2sAGMwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-21 10:25:51 (3 days ago)	(wordpress) Failed wordpress login from 154.68.64.181 (RW/Rwanda/-)	Brute-Force
Anonymous	2026-06-20 15:16:16 (3 days ago)	Blocked by ModSec and CSF	Port Scan
🇺🇸 TPI-Abuse	2026-06-19 23:38:55 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 154.68.64.181 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 154.68.64.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 19:38:51.374923 2026] [security2:error] [pid 24914:tid 24914] [client 154.68.64.181:45504] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.68.64.181 (+1 hits since last alert)\|barecreationsaz.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "barecreationsaz.com"] [uri "/xmlrpc.php"] [unique_id "ajXTCw0yyHa3XG4w-9dg_wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 22:57:02 (4 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
Anonymous	2026-06-19 20:12:09 (4 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-18 21:05:44 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 154.68.64.181 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 154.68.64.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:05:37.807750 2026] [security2:error] [pid 13330:tid 13351] [client 154.68.64.181:30306] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|mtiminis.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mtiminis.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajRdoWDytWbfRLKxnSytogAAAEg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 16:31:12 (5 days ago)	(wordpress) Failed wordpress login from 154.68.64.181 (RW/Rwanda/-)	Brute-Force
🇫🇷 masterguru	2026-06-18 15:16:44 (5 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇦🇺 screwlooseit.com.au	2026-06-16 19:56:23 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC RW/Rwanda/-	Web App Attack
Anonymous	2026-06-14 23:55:40 (1 week ago)	(wordpress) Failed wordpress login from 154.68.64.181 (RW/Rwanda/-)	Brute-Force
🇫🇷 masterguru	2026-06-13 14:16:29 (1 week ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TPI-Abuse	2026-06-08 19:04:18 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 154.68.64.181 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 154.68.64.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 15:04:11.376358 2026] [security2:error] [pid 4004:tid 4004] [client 154.68.64.181:11095] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.68.64.181 (+1 hits since last alert)\|dianamead.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dianamead.com"] [uri "/xmlrpc.php"] [unique_id "aicSK1Mvaiqmd2RamrP9WQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 211.20.14.156

🇹🇭 203.154.158.195

🇮🇷 164.215.175.43

🇮🇩 103.191.14.243

🇳🇱 45.148.10.151

🇬🇧 213.166.84.44

🇧🇪 207.175.78.178

🇬🇧 193.32.209.236

🇷🇺 178.178.222.50

🇨🇳 175.168.126.150

🇷🇺 95.163.227.46

🇺🇸 66.222.85.162

🇺🇸 138.197.1.36

🇨🇳 106.75.144.106

🇹🇼 101.13.4.124

🇳🇱 45.148.10.152

🇫🇷 2001:41d0:33a:a00::401

🇺🇸 191.101.33.114

🇺🇸 158.94.187.61

🇦🇪 152.32.180.138