JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.221.251.239

197.221.251.239 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 65%: ?

65%

ISP	MPLS ADSL Broadband
Usage Type	Fixed Line ISP
ASN	AS37204
Hostname(s)	16.239.telone.co.zw
Domain Name	telone.co.zw
Country	🇿🇼 Zimbabwe
City	Harare, Harare

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.221.251.239

Whois 197.221.251.239

IP Abuse Reports for 197.221.251.239:

This IP address has been reported a total of 22 times from 16 distinct sources. 197.221.251.239 was first reported on July 24th 2025, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-11 03:13:02 (23 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-11 00:06:16 (1 day ago)	Trying to access config files	Web App Attack
🇫🇷 SpaceHost-Server	2026-06-10 22:28:28 (1 day ago)		Brute-Force Web App Attack
🇩🇪 4server	2026-06-10 11:18:17 (1 day ago)	[WedJun1013:18:11.7982602026][security2:error][pid258863:tid258879][client197.221.251.239:0]ModSecur ... show more [WedJun1013:18:11.7982602026][security2:error][pid258863:tid258879][client197.221.251.239:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"galardi.ch\"][uri\"/xmlrpc.php\"][unique_id\"ailH86Yg0N2Eenj3nJ9Z_wAAAAQ\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 10:52:07 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 197.221.251.239 (16.239.telone.co.zw): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 197.221.251.239 (16.239.telone.co.zw): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 06:52:00.514058 2026] [security2:error] [pid 14742:tid 14742] [client 197.221.251.239:18220] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fetchamreadingroom.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fetchamreadingroom.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ailB0Jw2B--djEWfsR8LZQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 10:30:16 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 197.221.251.239 (16.239.telone.co.zw): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 197.221.251.239 (16.239.telone.co.zw): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 06:30:06.040216 2026] [security2:error] [pid 5673:tid 5673] [client 197.221.251.239:64696] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|emsystemsltd.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "emsystemsltd.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aik8runZnZtavL-qD4G9dgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WellSpring	2026-06-10 05:29:17 (1 day ago)	xmlrpc exploit on 830.today/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-10 01:45:08 (2 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-09 22:27:48 (2 days ago)		Brute-Force Web App Attack
🇳🇱 wlt-blocker	2026-06-09 19:13:08 (2 days ago)	Unauthorized access to webpage admin	Web App Attack
🇨🇦 polycoda	2026-06-09 17:15:09 (2 days ago)	🔑 Wordpress login brute force attempt	Hacking Web App Attack
🇩🇪 4server	2026-06-09 12:27:43 (2 days ago)	[TueJun0914:27:39.1961842026][security2:error][pid2909884:tid2909980][client197.221.251.239:0]ModSec ... show more [TueJun0914:27:39.1961842026][security2:error][pid2909884:tid2909980][client197.221.251.239:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"fondazionepetronillapontirone.ch\"][uri\"/xmlrpc.php\"][unique_id\"aigGu2lkiEb-thEp_eX8BgAAAMI\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-05-06 16:39:02 (1 month ago)	Unauthorized connection attempt on Port 2323	Port Scan Hacking Exploited Host
🇪🇸 alferez	2026-04-25 03:59:07 (1 month ago)	Bruteforce mail account access	Brute-Force
Anonymous	2026-04-25 03:40:55 (1 month ago)	SMTP brute force - auth failed	Brute-Force Exploited Host

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇺🇸 162.216.150.252

🇨🇳 117.50.130.240

🇩🇪 216.26.247.170

🇩🇪 216.26.247.141

🇩🇪 209.50.184.129

🇩🇪 209.50.184.8

🇰🇷 203.142.160.143

🇨🇳 183.229.252.215

🇺🇸 162.216.149.128

🇮🇳 117.252.240.185

🇩🇪 94.26.106.31

🇩🇪 65.111.26.195

🇩🇪 65.111.26.89

🇩🇪 65.111.26.48

🇩🇪 45.3.44.41

🇧🇪 34.156.70.73

🇧🇪 34.79.35.220

🇺🇸 2602:80d:1007::2d

🇩🇪 2001:41d0:700:2052::