JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 179.87.157.3

179.87.157.3 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 91%: ?

91%

ISP	TELEFÔNICA BRASIL S.A
Usage Type	Fixed Line ISP
ASN	AS26599
Hostname(s)	179-87-157-3.user.vivozap.com.br
Domain Name	telefonica.com.br
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 179.87.157.3

Whois 179.87.157.3

IP Abuse Reports for 179.87.157.3:

This IP address has been reported a total of 21 times from 19 distinct sources. 179.87.157.3 was first reported on June 5th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-14 12:47:42 (1 day ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇩🇪 YF	2026-06-14 12:10:12 (1 day ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
🇩🇪 stinpriza	2026-06-13 13:13:38 (2 days ago)	Web App Attack	Web App Attack
Anonymous	2026-06-13 11:43:38 (3 days ago)	[osotir.org] httpd-xmlrpc-post: sites=prostiniki.gr; logs=/var/log/httpd/domains/prostiniki.gr.log; ... show more [osotir.org] httpd-xmlrpc-post: sites=prostiniki.gr; logs=/var/log/httpd/domains/prostiniki.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
Anonymous	2026-06-12 20:26:08 (3 days ago)	179.87.157.3 - - [12/Jun/2026:22:25:13 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Mozilla/5.0 ( ... show more 179.87.157.3 - - [12/Jun/2026:22:25:13 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/95.0.0.0 Safari/537.36" 179.87.157.3 - - [12/Jun/2026:22:25:15 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/95.0.0.0 Safari/537.36" 179.87.157.3 - - [12/Jun/2026:22:25:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/96.0.0.0 Safari/537.36" 179.87.157.3 - - [12/Jun/2026:22:25:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/96.0.0.0 Safari/537.36" 179.87.157.3 - - [12/Jun/2026:22:26:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/80.0.0.0 Safari/537.36" ... show less	Brute-Force Web App Attack
🇧🇾 lns.bz	2026-06-12 16:20:06 (3 days ago)	Banned for trying to access xmlrpc [BY]	Web App Attack
🇩🇪 big-cloud.nl	2026-06-10 15:18:15 (5 days ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 16:31:22 (6 days ago)	(mod_security) mod_security (id:225170) triggered by 179.87.157.3 (179-87-157-3.user.vivozap.com.br) ... show more (mod_security) mod_security (id:225170) triggered by 179.87.157.3 (179-87-157-3.user.vivozap.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 12:31:15.593973 2026] [security2:error] [pid 18583:tid 18583] [client 179.87.157.3:63732] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lukeschicago.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lukeschicago.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aig_00pCZ3LKkhIYUbNeQQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-09 11:33:23 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇳🇱 debestelapp	2026-06-09 10:56:08 (1 week ago)		Web App Attack
🇩🇪 4server	2026-06-08 09:35:40 (1 week ago)	[MonJun0811:35:37.3812762026][security2:error][pid1016007:tid1016051][client179.87.157.3:0]ModSecuri ... show more [MonJun0811:35:37.3812762026][security2:error][pid1016007:tid1016051][client179.87.157.3:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"cmsolution.ch\"][uri\"/xmlrpc.php\"][unique_id\"aiaM6ZZF4B4Qve5pbH8QXgAAAEM\"] show less	Port Scan Brute-Force Web App Attack
🇵🇾 armandosaucedo.me	2026-06-08 07:15:51 (1 week ago)	Threat Intelligence via ARMTI, Web Attack: POST /xmlrpc.php	Web App Attack
🇫🇷 /dev/null	2026-06-08 07:15:17 (1 week ago)	Acces neautorizat detectat de sistemul de securitate.	Brute-Force
🇺🇸 TPI-Abuse	2026-06-07 22:21:41 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 179.87.157.3 (179-87-157-3.user.vivozap.com.br) ... show more (mod_security) mod_security (id:225170) triggered by 179.87.157.3 (179-87-157-3.user.vivozap.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:21:34.846765 2026] [security2:error] [pid 8273:tid 8273] [client 179.87.157.3:63090] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|stacyfarm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stacyfarm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiXu7h9W-jDZov-p3PGiFAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-06-07 19:57:19 (1 week ago)	Unauthorized access to webpage admin	Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 182.69.179.12

🇦🇷 168.197.250.14

🇰🇼 37.39.161.15

🇮🇳 182.95.175.190

🇺🇸 172.234.192.12

🇧🇬 91.92.199.36

🇺🇸 75.176.139.41

🇩🇪 69.5.169.186

🇰🇼 62.150.237.107

🇨🇳 27.203.242.18

🇺🇸 209.85.222.200

🇩🇪 157.230.21.37

🇿🇲 102.220.158.228

🇩🇪 81.89.160.101

🇺🇸 34.9.251.169

🇯🇵 20.243.208.191

🇺🇸 20.29.21.127

🇨🇴 190.99.154.140

🇨🇱 152.173.217.197

🇭🇰 123.58.215.196