JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 165.165.159.80

165.165.159.80 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 0%: ?

ISP	Telkom SA Limited
Usage Type	Fixed Line ISP
ASN	AS5713
Domain Name	telkom.co.za
Country	🇿🇦 South Africa
City	Bloemfontein, Free State

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 165.165.159.80

Whois 165.165.159.80

IP Abuse Reports for 165.165.159.80:

This IP address has been reported a total of 45 times from 16 distinct sources. 165.165.159.80 was first reported on July 15th 2024, and the most recent report was 10 months ago.

Old Reports: The most recent abuse report for this IP address is from 10 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Hippoline	2025-08-07 06:33:34 (10 months ago)	Aug 7 08:33:01 local wp(XXXX-A)[26229]: Authentication attempt for unknown user admin from 165.165. ... show more Aug 7 08:33:01 local wp(XXXX-A)[26229]: Authentication attempt for unknown user admin from 165.165.159.80 ... show less	Brute-Force Web App Attack
🇫🇷 Hippoline	2025-01-30 02:23:37 (1 year ago)	Jan 30 03:21:04 local wp(XXXX-A)[24672]: Authentication attempt for unknown user admin from 165.165. ... show more Jan 30 03:21:04 local wp(XXXX-A)[24672]: Authentication attempt for unknown user admin from 165.165.159.80 ... show less	Brute-Force Web App Attack
🇭🇰 Little Iguana	2024-08-03 11:49:12 (1 year ago)	Attempt to hack Wordpress Login, XMLRPC or other login	Hacking
🇦🇺 MAGIC	2024-07-27 12:14:20 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2024-07-25 12:03:43 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 25 08:03:37.959222 2024] [security2:error] [pid 6602:tid 6602] [client 165.165.159.80:59175] [client 165.165.159.80] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.159.80 (+1 hits since last alert)\|tedharris.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tedharris.com"] [uri "/xmlrpc.php"] [unique_id "ZqI_GZ9usCKg81lhCWzbcQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Richard Stover	2024-07-24 19:15:12 (1 year ago)	User tried to login as "admin."	Web App Attack
🇺🇸 TPI-Abuse	2024-07-24 05:05:14 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 24 01:05:08.062165 2024] [security2:error] [pid 21200:tid 21200] [client 165.165.159.80:37977] [client 165.165.159.80] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.159.80 (+1 hits since last alert)\|www.josephshv.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.josephshv.com"] [uri "/xmlrpc.php"] [unique_id "ZqCLhBHOnQNwfxK-Isq87AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-24 01:04:37 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 23 21:04:31.990066 2024] [security2:error] [pid 908247:tid 908378] [client 165.165.159.80:35663] [client 165.165.159.80] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.159.80 (+1 hits since last alert)\|www.honorac.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.honorac.com"] [uri "/xmlrpc.php"] [unique_id "ZqBTH1WpmuzYAHrVbNXDDwAAAUo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-23 10:06:07 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 23 06:06:00.217392 2024] [security2:error] [pid 26604:tid 26604] [client 165.165.159.80:33717] [client 165.165.159.80] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.159.80 (+1 hits since last alert)\|www.masalamadrid.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.masalamadrid.com"] [uri "/xmlrpc.php"] [unique_id "Zp-AiEFR5Udg5eNzO8xgCwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-22 23:16:53 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 19:16:45.587614 2024] [security2:error] [pid 28905:tid 28905] [client 165.165.159.80:56495] [client 165.165.159.80] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.159.80 (+1 hits since last alert)\|www.peterjohnsonauthor.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.peterjohnsonauthor.com"] [uri "/xmlrpc.php"] [unique_id "Zp7oXUnrjew6Fpi7mlWsVQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Hippoline	2024-07-22 22:05:03 (1 year ago)	Jul 23 00:05:02 local wp(XXXX-A)[13184]: Authentication attempt for unknown user admin from 165.165. ... show more Jul 23 00:05:02 local wp(XXXX-A)[13184]: Authentication attempt for unknown user admin from 165.165.159.80 ... show less	Brute-Force Web App Attack
🇲🇹 Malta	2024-07-22 03:11:00 (1 year ago)	165.165.159.80 - - [22/Jul/2024:05:11:00 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 165.165.159.80 - - [22/Jul/2024:05:11:00 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-07-20 23:55:38 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 20 19:55:30.304422 2024] [security2:error] [pid 3171374:tid 3171374] [client 165.165.159.80:53842] [client 165.165.159.80] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.159.80 (+1 hits since last alert)\|www.kawkacevents.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.kawkacevents.com"] [uri "/xmlrpc.php"] [unique_id "ZpxOctLqf-6zTlpWIYZZlAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-20 13:13:22 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 165.165.159.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 20 09:13:16.645490 2024] [security2:error] [pid 4221:tid 4221] [client 165.165.159.80:41340] [client 165.165.159.80] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 165.165.159.80 (+1 hits since last alert)\|newcitypark.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "newcitypark.com"] [uri "/xmlrpc.php"] [unique_id "Zpu37PjkzG1vUrtaB3_O0wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 weblite	2024-07-20 09:06:42 (1 year ago)	WP_XMLRPC_ABUSE	Brute-Force Web App Attack

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.90.232.26

🇩🇪 95.81.118.55

🇦🇪 46.245.238.18

🇰🇷 211.228.218.47

🇻🇳 171.250.167.29

🇻🇳 118.70.182.193

🇨🇳 61.136.246.87

🇨🇳 60.166.83.13

🇫🇷 2a02:4780:27:1145:0:825:16d3:1

🇳🇱 195.178.110.26

🇰🇭 124.248.177.189

🇷🇴 92.118.39.236

🇷🇺 37.23.204.51

🇨🇳 139.170.73.43

🇮🇳 128.185.249.46

🇨🇳 106.117.110.104

🇮🇳 103.176.16.111

🇺🇸 66.132.172.235

🇺🇸 63.135.161.89

🇳🇱 45.148.10.141