JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 163.128.165.254

163.128.165.254 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 71%: ?

71%

ISP	OM SHIV SAI INTERNET SERVICE OPC PVT LTD
Usage Type	Fixed Line ISP
ASN	AS149214
Domain Name	omshivsai.com
Country	🇮🇳 India
City	Virar, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 163.128.165.254

Whois 163.128.165.254

IP Abuse Reports for 163.128.165.254:

This IP address has been reported a total of 22 times from 13 distinct sources. 163.128.165.254 was first reported on June 10th 2026, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-23 13:14:48 (7 hours ago)	[redacted] 163.128.165.254 - - [23/Jun/2026:15:13:32 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "W ... show more [redacted] 163.128.165.254 - - [23/Jun/2026:15:13:32 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "WordPress.com; https://wordpress.com" [redacted] 163.128.165.254 - - [23/Jun/2026:15:14:06 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack/12.5; WordPress/6.3; http://site53561168.com" [redacted] 163.128.165.254 - - [23/Jun/2026:15:14:27 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" [redacted] 163.128.165.254 - - [23/Jun/2026:15:14:39 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" [redacted] 163.128.165.254 - - [23/Jun/2026:15:14:47 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 12:48:37 (7 hours ago)	(mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 08:48:32.710078 2026] [security2:error] [pid 32165:tid 32165] [client 163.128.165.254:54658] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 163.128.165.254 (+1 hits since last alert)\|technesa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "technesa.com"] [uri "/xmlrpc.php"] [unique_id "ajqAoOZhp-1zeuRIZuqCgAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 10:55:28 (9 hours ago)	(mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 06:55:23.441185 2026] [security2:error] [pid 1317:tid 1317] [client 163.128.165.254:52254] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 163.128.165.254 (+1 hits since last alert)\|tigerpathteam.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tigerpathteam.org"] [uri "/xmlrpc.php"] [unique_id "ajpmGzndVTdxTx2O_ANj7QAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-06-23 10:52:30 (9 hours ago)	(wordpress) Failed wordpress login from 163.128.165.254 (IN/India/-)	Brute-Force
🇩🇪 ger-stg-sifi1	2026-06-20 11:53:00 (3 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2026-06-20 08:56:10 (3 days ago)	Attac	Brute-Force
Anonymous	2026-06-19 10:35:10 (4 days ago)	163.128.165.254 - - [19/Jun/2026:12:34:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress. ... show more 163.128.165.254 - - [19/Jun/2026:12:34:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com" 163.128.165.254 - - [19/Jun/2026:12:34:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 163.128.165.254 - - [19/Jun/2026:12:34:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.1; WordPress/6.2; http://site66202197.com" 163.128.165.254 - - [19/Jun/2026:12:34:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/12.1; WordPress/6.2; http://site66202197.com" 163.128.165.254 - - [19/Jun/2026:12:35:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 08:55:59 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 04:55:52.160132 2026] [security2:error] [pid 31544:tid 31544] [client 163.128.165.254:63549] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 163.128.165.254 (+1 hits since last alert)\|therealseska.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "therealseska.com"] [uri "/xmlrpc.php"] [unique_id "ajUEGGph7Ce0wlaUShjSCwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 04:38:28 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 00:38:23.918679 2026] [security2:error] [pid 14572:tid 14572] [client 163.128.165.254:58828] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 163.128.165.254 (+1 hits since last alert)\|36sovereignchambers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "36sovereignchambers.com"] [uri "/xmlrpc.php"] [unique_id "ajTHv6dnMweKW-ebMgZkvAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 13:59:33 (5 days ago)	(wordpress) Failed wordpress login from 163.128.165.254 (IN/India/-)	Brute-Force
🇫🇷 dynamix	2026-06-18 13:58:16 (5 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 10:04:06 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 06:04:03.200172 2026] [security2:error] [pid 8045:tid 8092] [client 163.128.165.254:64767] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 163.128.165.254 (+1 hits since last alert)\|datuinc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "datuinc.com"] [uri "/xmlrpc.php"] [unique_id "ajPCk32wlkzt-S3saKpdvgAAAUc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-17 22:27:22 (5 days ago)		Brute-Force Web App Attack
Anonymous	2026-06-17 13:29:05 (6 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 09:12:28 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 163.128.165.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 05:12:22.701020 2026] [security2:error] [pid 25371:tid 25371] [client 163.128.165.254:50899] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 163.128.165.254 (+1 hits since last alert)\|artevoix.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "artevoix.com"] [uri "/xmlrpc.php"] [unique_id "ajJk9kPwYRooQdjfv9cQhAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 2a06:4882:7000::70

🇧🇩 203.190.14.163

🇳🇵 103.156.26.25

🇳🇱 91.92.40.4

🇳🇱 45.148.10.151

🇩🇪 18.198.50.184

🇷🇺 217.144.173.208

🇨🇳 202.105.98.252

🇺🇸 198.144.178.157

🇬🇧 193.163.125.165

🇧🇷 177.155.89.198

🇷🇴 2.57.121.112

🇺🇸 205.210.31.97

🇮🇩 203.161.30.174

🇹🇭 203.154.2.158

🇧🇷 189.60.49.160

🇯🇵 163.44.101.215

🇮🇩 103.217.145.41

🇺🇸 74.125.186.80

🇵🇰 72.255.19.131