JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.221.254.109

197.221.254.109 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 55%: ?

55%

ISP	MPLS ADSL Broadband
Usage Type	Fixed Line ISP
ASN	AS37204
Hostname(s)	16.109.telone.co.zw
Domain Name	telone.co.zw
Country	🇿🇼 Zimbabwe
City	Harare, Harare

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.221.254.109

Whois 197.221.254.109

IP Abuse Reports for 197.221.254.109:

This IP address has been reported a total of 25 times from 14 distinct sources. 197.221.254.109 was first reported on March 21st 2023, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-22 22:29:27 (6 days ago)		Brute-Force Web App Attack
Anonymous	2026-06-22 05:51:04 (1 week ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 04:50:37 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 00:50:31.663059 2026] [security2:error] [pid 28907:tid 28907] [client 197.221.254.109:34277] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.221.254.109 (+1 hits since last alert)\|writebetweenthelines.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "writebetweenthelines.com"] [uri "/xmlrpc.php"] [unique_id "aji_F7Gte57fJRkzQ7C7MQAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 02:27:01 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 22:26:55.238417 2026] [security2:error] [pid 15280:tid 15280] [client 197.221.254.109:42645] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.221.254.109 (+1 hits since last alert)\|bluesbluff.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bluesbluff.com"] [uri "/xmlrpc.php"] [unique_id "ajidb2YLSeUM3FUf5MAGAgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-22 02:24:16 (1 week ago)	197.221.254.109 - - [22/Jun/2026:04:23:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12 ... show more 197.221.254.109 - - [22/Jun/2026:04:23:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.0; WordPress/6.2; http://site49716780.com" 197.221.254.109 - - [22/Jun/2026:04:23:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/12.0; WordPress/6.2; http://site49716780.com" 197.221.254.109 - - [22/Jun/2026:04:24:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com" 197.221.254.109 - - [22/Jun/2026:04:24:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com" 197.221.254.109 - - [22/Jun/2026:04:24:15 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/13.0; WordPress/6.1; http://site10395212.com" ... show less	Brute-Force Web App Attack
🇫🇷 SpaceHost-Server	2026-06-21 22:28:30 (1 week ago)		Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 21:09:29 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 17:09:23.722730 2026] [security2:error] [pid 23759:tid 23759] [client 197.221.254.109:11291] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.221.254.109 (+1 hits since last alert)\|walkercline.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "walkercline.com"] [uri "/xmlrpc.php"] [unique_id "ajhTAxm_VfRPMoHGjmtXMQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 konseptit	2026-06-21 20:05:40 (1 week ago)	(wordpress) Failed wordpress login from 197.221.254.109 (ZW/Zimbabwe/16.109.telone.co.zw)	Brute-Force
🇫🇷 Kenshin869	2026-06-21 19:33:40 (1 week ago)	Wordpress unauthorized access attempt	Brute-Force
Anonymous	2026-06-21 18:41:35 (1 week ago)	[ssd1.kdns.gr] httpd-xmlrpc-post: sites=asteres.gr; logs=/var/log/httpd/domains/asteres.gr.log; samp ... show more [ssd1.kdns.gr] httpd-xmlrpc-post: sites=asteres.gr; logs=/var/log/httpd/domains/asteres.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
Anonymous	2026-06-21 17:52:13 (1 week ago)	Attac	Brute-Force
🇫🇷 SpaceHost-Server	2026-06-21 17:04:31 (1 week ago)	197.221.254.109 - - [21/Jun/2026:19:04:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by ... show more 197.221.254.109 - - [21/Jun/2026:19:04:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com" 197.221.254.109 - - [21/Jun/2026:19:04:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "WordPress.com; https://wordpress.com" 197.221.254.109 - - [21/Jun/2026:19:04:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "WordPress.com; https://wordpress.com" show less	Hacking Web App Attack
🇫🇷 SpaceHost-Server	2026-06-21 16:49:03 (1 week ago)	197.221.254.109 - - [21/Jun/2026:18:48:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/12 ... show more 197.221.254.109 - - [21/Jun/2026:18:48:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/12.0; WordPress/6.4; http://site81235140.com" 197.221.254.109 - - [21/Jun/2026:18:48:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" 197.221.254.109 - - [21/Jun/2026:18:49:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/12.0; WordPress/6.3; http://site74736749.com" show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 13:37:46 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 09:37:43.676450 2026] [security2:error] [pid 17411:tid 17411] [client 197.221.254.109:39848] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.221.254.109 (+1 hits since last alert)\|milliondollarbelt.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "milliondollarbelt.com"] [uri "/xmlrpc.php"] [unique_id "ajfpJ_FtyQ4kPQ34aapJVQAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 10:31:27 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 197.221.254.109 (16.109.telone.co.zw): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 06:31:22.058062 2026] [security2:error] [pid 29761:tid 29761] [client 197.221.254.109:50352] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.221.254.109 (+1 hits since last alert)\|casadelsolmexico.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "casadelsolmexico.net"] [uri "/xmlrpc.php"] [unique_id "aje9emfFtFjeXiVkjFQ39gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 175.195.73.38

🇫🇷 172.246.41.20

🇦🇷 167.250.118.53

🇺🇸 159.89.95.122

🇫🇷 91.196.152.123

🇱🇹 81.30.98.158

🇺🇸 54.90.136.62

🇬🇧 178.79.131.86

🇺🇸 136.34.129.145

🇨🇳 124.133.10.66

🇮🇳 115.98.15.220

🇨🇳 112.6.127.244

🇨🇳 110.188.66.230

🇺🇸 91.230.168.11

🇷🇴 2.57.121.25

🇺🇸 216.73.216.108

🇲🇰 213.135.175.76

🇳🇱 204.76.203.219

🇧🇷 179.218.63.2

🇸🇰 158.173.242.17