JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 165.165.119.27

165.165.119.27 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 49%: ?

49%

ISP	Telkom SA Limited
Usage Type	Fixed Line ISP
ASN	AS5713
Hostname(s)	8ta-165-119-27.telkomadsl.co.za
Domain Name	telkom.co.za
Country	🇿🇦 South Africa
City	Johannesburg, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 165.165.119.27

Whois 165.165.119.27

IP Abuse Reports for 165.165.119.27:

This IP address has been reported a total of 22 times from 10 distinct sources. 165.165.119.27 was first reported on November 10th 2025, and the most recent report was 4 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-22 07:56:38 (4 minutes ago)	(mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za ... show more (mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 03:56:32.699921 2026] [security2:error] [pid 536:tid 536] [client 165.165.119.27:29219] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.119.27 (+1 hits since last alert)\|artbytracyjane.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "artbytracyjane.com"] [uri "/xmlrpc.php"] [unique_id "ajjqsIRpymxg5jSZzoUNUgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 11:24:40 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za ... show more (mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 07:24:35.593151 2026] [security2:error] [pid 13225:tid 13225] [client 165.165.119.27:4820] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.119.27 (+1 hits since last alert)\|36sovereignchambers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "36sovereignchambers.com"] [uri "/xmlrpc.php"] [unique_id "ajZ4cwQ-kUUlnNikFnBp8gAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WeekendWeb	2026-06-17 14:42:30 (4 days ago)	Wordpress Vunerability attack	Web App Attack
Anonymous	2026-06-17 11:58:20 (4 days ago)	[redacted] 165.165.119.27 - - [17/Jun/2026:13:57:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 165.165.119.27 - - [17/Jun/2026:13:57:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.3; http://site67604027.com" [redacted] 165.165.119.27 - - [17/Jun/2026:13:57:46 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.4; http://site51341528.com" [redacted] 165.165.119.27 - - [17/Jun/2026:13:57:57 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 165.165.119.27 - - [17/Jun/2026:13:58:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 165.165.119.27 - - [17/Jun/2026:13:58:18 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.2; http://site54258703.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 10:28:45 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za ... show more (mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 06:28:38.437031 2026] [security2:error] [pid 732:tid 732] [client 165.165.119.27:29411] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.119.27 (+1 hits since last alert)\|bigholegolf.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bigholegolf.com"] [uri "/xmlrpc.php"] [unique_id "ajJ21jpgOUhmzmzyKDn2EgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 12:19:08 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za ... show more (mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 08:19:01.284444 2026] [security2:error] [pid 24406:tid 24406] [client 165.165.119.27:12100] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.119.27 (+1 hits since last alert)\|guarinofurnituredesigns.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "guarinofurnituredesigns.com"] [uri "/xmlrpc.php"] [unique_id "ai_ttdj4SIJaJSvofsVoKQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-15 10:44:12 (6 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-15 08:12:06 (6 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1, GET / HTTP/1.1	Hacking Web App Attack
Anonymous	2026-06-13 13:28:31 (1 week ago)	[redacted] 165.165.119.27 - - [13/Jun/2026:15:27:47 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 165.165.119.27 - - [13/Jun/2026:15:27:47 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)" [redacted] 165.165.119.27 - - [13/Jun/2026:15:27:57 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 165.165.119.27 - - [13/Jun/2026:15:28:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 165.165.119.27 - - [13/Jun/2026:15:28:18 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 165.165.119.27 - - [13/Jun/2026:15:28:28 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 11:28:13 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za ... show more (mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 07:28:05.598184 2026] [security2:error] [pid 15237:tid 15237] [client 165.165.119.27:25422] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.119.27 (+1 hits since last alert)\|clayrivers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "clayrivers.com"] [uri "/xmlrpc.php"] [unique_id "ai0-xd9VztZ_LRBeVeDk3AAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 ycoskun41	2026-06-12 10:07:42 (1 week ago)	fail2ban: plesk-apache jail on genckocaeli.com	Web App Attack
🇸🇪 vaia.cloud	2026-06-11 12:40:10 (1 week ago)	trying wp-login.php/xmlrpc.php 172 times in 1 minutes	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 13:44:22 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za ... show more (mod_security) mod_security (id:240335) triggered by 165.165.119.27 (8ta-165-119-27.telkomadsl.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 09:44:15.064473 2026] [security2:error] [pid 11718:tid 11718] [client 165.165.119.27:29210] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.119.27 (+1 hits since last alert)\|investorsfundingusa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "investorsfundingusa.com"] [uri "/xmlrpc.php"] [unique_id "ailqL6_o5c6C3DtOOgn4LwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 08:56:46 (1 week ago)	Attac	Brute-Force
🇫🇷 masterguru	2026-06-09 13:51:01 (1 week ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇿 188.113.236.185

🇩🇪 85.114.138.84

🇺🇸 47.251.122.241

🇻🇳 42.96.19.37

🇺🇸 2604:a880:400:d1:0:4:9e8f:c001

🇫🇷 217.76.54.44

🇷🇴 196.245.250.205

🇺🇸 192.178.38.94

🇸🇬 159.223.95.250

🇨🇦 159.203.34.219

🇸🇬 143.198.207.28

🇮🇳 117.250.231.131

🇨🇳 113.206.199.57

🇺🇸 102.129.234.40

🇨🇦 85.217.149.63

🇺🇸 45.146.55.82

🇺🇸 43.135.153.8

🇬🇧 216.226.76.20

🇺🇸 128.24.163.83

🇨🇳 192.144.206.9