JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 160.250.254.172

160.250.254.172 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 32%: ?

32%

ISP	Internet Service Provider
Usage Type	Fixed Line ISP
ASN	AS139922
Domain Name	oasis-internet.net
Country	🇳🇵 Nepal
City	Kathmandu, Bagmati Province

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 160.250.254.172

Whois 160.250.254.172

IP Abuse Reports for 160.250.254.172:

This IP address has been reported a total of 16 times from 14 distinct sources. 160.250.254.172 was first reported on May 27th 2025, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Vegascosmetics	2026-06-18 05:53:20 (5 days ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security	DDoS Attack Hacking Exploited Host
🇰🇷 zlhIcd	2026-06-17 00:55:33 (6 days ago)	160.250.254.172 - - [15/Jun/2026:23:14:46 +0900] "GET /pcwiki/index.php?days=14&from=20251116074522& ... show more 160.250.254.172 - - [15/Jun/2026:23:14:46 +0900] "GET /pcwiki/index.php?days=14&from=20251116074522&hideminor=1&limit=500&target=%EB%A7%88%EB%A9%94&title=%ED%8A%B9%EC%88%98%EA%B8%B0%EB%8A%A5:%EB%A7%81%ED%81%AC%EC%B5%9C%EA%B7%BC%EB%B0%94%EB%80%9C HTTP/1.1" 404 460 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.1; rv:127.0) Gecko/20100101 Firefox/127.0" ... show less	Web Spam SQL Injection Bad Web Bot Web App Attack
Anonymous	2026-06-09 09:02:04 (2 weeks ago)	160.250.254.172 - - [09/Jun/2026:11:01:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack/12 ... show more 160.250.254.172 - - [09/Jun/2026:11:01:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack/12.1; WordPress/6.3; http://site88650744.com" 160.250.254.172 - - [09/Jun/2026:11:01:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" 160.250.254.172 - - [09/Jun/2026:11:01:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack/13.0; WordPress/6.2; http://site62395013.com" 160.250.254.172 - - [09/Jun/2026:11:01:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)" 160.250.254.172 - - [09/Jun/2026:11:02:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack/12.0; WordPress/6.2; http://site85153829.com" ... show less	Brute-Force Web App Attack
🇱🇻 garmtech.com	2026-06-09 03:58:38 (2 weeks ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 03:46:54 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 160.250.254.172 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 160.250.254.172 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 23:46:46.913635 2026] [security2:error] [pid 2438:tid 2438] [client 160.250.254.172:6624] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 160.250.254.172 (+1 hits since last alert)\|kadinisi.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kadinisi.org"] [uri "/xmlrpc.php"] [unique_id "aieMph14L-mqzCjHYv85qwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 DrLex0	2026-05-19 13:59:28 (1 month ago)	BnL002: GET with absolute URL, obvious botnet minion; either attempt to find exploitable proxy, or j ... show more BnL002: GET with absolute URL, obvious botnet minion; either attempt to find exploitable proxy, or just plain stupidity from whomever wrote this piece of crap show less	Hacking Bad Web Bot Exploited Host
🇸🇬 aloon78	2026-04-02 00:00:00 (2 months ago)	WordPress xmlrpc.php brute force/exploit attempt on trillactive.com	Brute-Force Web App Attack
🇩🇪 FeG Deutschland	2026-03-25 12:36:14 (2 months ago)	Mail: - login with unknown user - bruteforce	Brute-Force
🇳🇱 EGP Abuse Dept	2026-03-12 06:16:22 (3 months ago)	Scanning for web/db/file exploits on tpc-031.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇮🇩 hermawan	2026-03-11 14:06:38 (3 months ago)	03/11/2026-18:27:31.545667 [Drop] [] [1:9200003:0] Coba - reject apa masuk matomo appears 430 tim ... show more 03/11/2026-18:27:31.545667 [Drop] [] [1:9200003:0] Coba - reject apa masuk matomo appears 430 times match dipake google crawler 66-249-73-193 JA4 hash brazil [**] [Classification: (null)] [Priority: 3] {TCP} 160.250.254.172:1731 -> 103.166.156.58:443 ... show less	Email Spam Hacking
Anonymous	2026-01-04 00:45:38 (5 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2026.01.04 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2026.01.04 is noted in report timestamp show less	Hacking Brute-Force
🇧🇷 hostseries	2025-10-02 18:43:39 (8 months ago)	Trigger: LF_DISTATTACK	Brute-Force
🇳🇱 exxos	2025-08-08 18:10:21 (10 months ago)	HTTP1.x attacks	DDoS Attack
🇳🇱 exxos	2025-08-03 23:26:38 (10 months ago)	HTTP1.x attacks	DDoS Attack
🇳🇱 exxos	2025-08-03 17:13:20 (10 months ago)	HTTP1.x attacks	DDoS Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4001:c18::121

🇨🇭 209.99.186.188

🇧🇷 129.121.42.131

🇨🇦 85.217.149.72

🇺🇸 45.156.129.65

🇮🇹 37.119.250.41

🇬🇧 5.226.140.117

🇺🇸 205.210.31.88

🇮🇳 182.95.245.2

🇺🇸 173.255.243.63

🇮🇳 122.163.127.14

🇱🇻 81.30.98.44

🇮🇩 36.94.63.23

🇵🇱 34.116.149.217

🇺🇸 3.87.27.156

🇧🇷 187.9.12.82

🇺🇸 162.241.132.172

🇺🇸 135.119.73.164

🇨🇳 113.206.147.127

🇺🇸 104.238.221.41