JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.0.99.161

192.0.99.161 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 0%: ?

ISP	Automattic, Inc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS2635
Hostname(s)	wordpress.com
Domain Name	automattic.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Important Note: 192.0.99.161 is an IP address from within our benign crawler whitelist. We confidently believe it is not a bad bot. If you disagree, please provide us with compelling evidence.

Report 192.0.99.161

Whois 192.0.99.161

IP Abuse Reports for 192.0.99.161:

This IP address has been reported a total of 25 times from 9 distinct sources. 192.0.99.161 was first reported on December 28th 2020, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-02-04 14:33:56 (4 months ago)	(mod_security) mod_security (id:212760) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:212760) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 04 09:33:50.065860 2026] [security2:error] [pid 4012515:tid 4012515] [client 192.0.99.161:2302] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\x22'\\\\/`]on[a-z]{1,}?\\\\/{0,}=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "159"] [id "212760"] [rev "2"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.\|\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.dixiegeek.com"] [uri "/"] [unique_id "aYNYztDE_dMDj3oFGD4EfwAAABs"], referer: https://www.dixiegeek.com/?rest_route=%2Fjetpack%2Fv4%2Fbackup-helper-script&_for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1770215629&nonce=n0EBZ8W2tL&body-hash=3FFojRfWjvFBOXvFxEkOIV4ugyY%3D&signature=5d1%2FKQkiqswwWDFr32Ea9Ki%2FOnY%3D show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-29 18:13:22 (7 months ago)	Malicious activity	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-31 13:28:55 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 31 09:28:49.746855 2025] [security2:error] [pid 1583744:tid 1583744] [client 192.0.99.161:30230] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.99.161 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "aDsEEeqBc8JdwGVflY_1HAAAAAs"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1748698129&nonce=1PMGgNYy6Y&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=teiLg%2FTBRF8HMXNT%2FZDyJWmgjn4%3D show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-11-19 13:19:32 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 19 08:19:26.058133 2024] [security2:error] [pid 28097:tid 28097] [client 192.0.99.161:32086] [client 192.0.99.161] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.99.161 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "ZzyQXgQMvK0X_D_yWSGulQAAAAc"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1732022366&nonce=sEa51bG21v&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=nuyThWV8Lgi%2BEUDcVL2yImMi1YM%3D show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-28 12:56:30 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 28 08:56:25.966744 2024] [security2:error] [pid 26457] [client 192.0.99.161:63550] [client 192.0.99.161] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.99.161 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "Zn6y-Y_JY33A-QVanoYqGAAAAAU"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1719579385&nonce=6Xsfrc6Npc&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=DXOVA9GzDWcpRz2wiSA%2B5I3ogmE%3D show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-06-02 22:00:05 (2 years ago)	Unauthorized login attempts [ wordpress-xmlrpc]	Brute-Force Web App Attack
Anonymous	2024-04-21 07:02:02 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-17 22:16:39 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-17 02:32:38 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇪🇸 10dencehispahard SL	2024-03-29 10:00:56 (2 years ago)	Unauthorized login attempts [ wordpress-xmlrpc]	Brute-Force Web App Attack
🇪🇸 10dencehispahard SL	2024-02-21 15:02:27 (2 years ago)	Unauthorized login attempts [ wordpress-xmlrpc]	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-02-19 13:07:08 (2 years ago)	(mod_security) mod_security (id:240335) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.99.161 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 19 08:07:00.879166 2024] [security2:error] [pid 18955] [client 192.0.99.161:63078] [client 192.0.99.161] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.99.161 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "ZdNSdG7lbdvvsaOMJEh_eQAAAAA"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1708348020&nonce=QxoGSYN85v&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=Mwl2Z6YTScSB8bxsgOgCik%2BHYgU%3D show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 clamehost.it	2022-07-12 09:20:46 (3 years ago)	Automatic report - Brute Force attack using this IP address	Brute-Force
🇩🇪 OiledAmoeba	2022-07-10 18:24:15 (3 years ago)	192.0.99.161 - - [11/Jul/2022:00:24:14 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php?for=jetpack&token ... show more 192.0.99.161 - - [11/Jul/2022:00:24:14 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php?for=jetpack&token=yI%23s%25wmqLKwF%21%251wV%2Awt2sUbDMmapK%288%3A1%3A1&timestamp=1657491853&nonce=UN3AULdfeG&body-hash=zM6wtlIR3F15tOMR6hYdh1YDU3A%3D&signature=hBZTBn8RVS5IUAPeUr29VJFRB1o%3D HTTP/1.1" 500 0 "https://www.ruhnke.cloud/xmlrpc.php?for=jetpack&token=yI%23s%25wmqLKwF%21%251wV%2Awt2sUbDMmapK%288%3A1%3A1&timestamp=1657491853&nonce=UN3AULdfeG&body-hash=zM6wtlIR3F15tOMR6hYdh1YDU3A%3D&signature=hBZTBn8RVS5IUAPeUr29VJFRB1o%3D" "Jetpack by WordPress.com" "-" 0.406 "-" ... show less	Brute-Force
🇩🇪 OiledAmoeba	2022-07-10 16:22:33 (3 years ago)	192.0.99.161 - - [10/Jul/2022:22:22:32 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php?for=jetpack&token ... show more 192.0.99.161 - - [10/Jul/2022:22:22:32 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php?for=jetpack&token=yI%23s%25wmqLKwF%21%251wV%2Awt2sUbDMmapK%288%3A1%3A1&timestamp=1657484551&nonce=K4nbt7nQTH&body-hash=zM6wtlIR3F15tOMR6hYdh1YDU3A%3D&signature=WYukTaQFpw8rzsttGdO5vXlfU3Q%3D HTTP/1.1" 500 0 "https://www.ruhnke.cloud/xmlrpc.php?for=jetpack&token=yI%23s%25wmqLKwF%21%251wV%2Awt2sUbDMmapK%288%3A1%3A1&timestamp=1657484551&nonce=K4nbt7nQTH&body-hash=zM6wtlIR3F15tOMR6hYdh1YDU3A%3D&signature=WYukTaQFpw8rzsttGdO5vXlfU3Q%3D" "Jetpack by WordPress.com" "-" 0.471 "-" ... show less	Brute-Force

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 206.189.203.250

🇧🇷 177.158.150.106

🇺🇸 162.216.150.232

🇺🇸 157.245.141.140

🇮🇳 124.123.33.200

🇭🇰 103.146.159.173

🇩🇪 69.5.169.96

🇯🇵 43.153.135.208

🇺🇦 195.62.24.241

🇬🇧 188.240.59.39

🇨🇳 182.44.2.93

🇧🇷 170.254.243.193

🇺🇸 162.216.149.76

🇧🇷 131.196.46.111

🇹🇭 110.77.137.236

🇸🇬 101.47.155.9

🇺🇸 13.67.236.135

🇺🇸 2620:171:df:0:9999::107

🇧🇷 168.0.36.233

🇩🇪 162.55.237.46