JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.248.152.251

197.248.152.251 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 79%: ?

79%

ISP	Safaricom Limited
Usage Type	Fixed Line ISP
ASN	AS37061
Hostname(s)	197-248-152-251.safaricombusiness.co.ke
Domain Name	safaricom.co.ke
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.248.152.251

Whois 197.248.152.251

IP Abuse Reports for 197.248.152.251:

This IP address has been reported a total of 28 times from 15 distinct sources. 197.248.152.251 was first reported on August 3rd 2025, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-12 10:04:57 (2 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-12 07:51:34 (4 hours ago)	(mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusin ... show more (mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 03:51:26.213743 2026] [security2:error] [pid 21639:tid 21639] [client 197.248.152.251:53472] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.152.251 (+1 hits since last alert)\|proyectando.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "proyectando.com"] [uri "/xmlrpc.php"] [unique_id "aiu6fkenwSt2HNTKMPr1rwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 13:19:44 (23 hours ago)	(mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusin ... show more (mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 09:19:37.011149 2026] [security2:error] [pid 17597:tid 17597] [client 197.248.152.251:65489] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.152.251 (+1 hits since last alert)\|puckerbikini.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "puckerbikini.com"] [uri "/xmlrpc.php"] [unique_id "aiq16ZD0Gz5Rf5j7bZ6rmAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 11:08:01 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusin ... show more (mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 07:07:57.508253 2026] [security2:error] [pid 22579:tid 22579] [client 197.248.152.251:51523] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.152.251 (+1 hits since last alert)\|fishleadership.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fishleadership.org"] [uri "/xmlrpc.php"] [unique_id "aiqXDSJGEEuIcF7WPUHTZQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-06-11 03:10:20 (1 day ago)	(wordpress) Failed wordpress login from 197.248.152.251 (KE/Kenya/197-248-152-251.safaricombusiness. ... show more (wordpress) Failed wordpress login from 197.248.152.251 (KE/Kenya/197-248-152-251.safaricombusiness.co.ke) show less	Brute-Force
🇳🇱 Site.eu	2026-06-11 01:18:02 (1 day ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-11 00:31:04 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusin ... show more (mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 20:30:57.844496 2026] [security2:error] [pid 5289:tid 5289] [client 197.248.152.251:58899] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.152.251 (+1 hits since last alert)\|theamarals.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theamarals.com"] [uri "/xmlrpc.php"] [unique_id "aioBwRL3UVio8Pg_0DI-KAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 20:46:20 (1 day ago)	Attac	Brute-Force
🇫🇷 dynamix	2026-06-10 19:42:56 (1 day ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-10 19:42:50 (1 day ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 12:58:10 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusin ... show more (mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 08:58:06.853258 2026] [security2:error] [pid 16141:tid 16141] [client 197.248.152.251:53730] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.152.251 (+1 hits since last alert)\|thereisaplaceonearth.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thereisaplaceonearth.com"] [uri "/xmlrpc.php"] [unique_id "ailfXuhy7S2xHPJ7fiLIngAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-10 11:28:39 (2 days ago)	(xmlrpc_405) XMLRPC-Bot 405 197.248.152.251 (KE/Kenya/197-248-152-251.safaricombusiness.co.ke)	Hacking
🇺🇸 TPI-Abuse	2026-06-10 09:07:12 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusin ... show more (mod_security) mod_security (id:240335) triggered by 197.248.152.251 (197-248-152-251.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 05:07:04.195344 2026] [security2:error] [pid 14949:tid 14949] [client 197.248.152.251:56483] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.152.251 (+1 hits since last alert)\|fgrotary.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fgrotary.org"] [uri "/xmlrpc.php"] [unique_id "aikpOEhTyArg-y7fb3g1EAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-09 19:27:34 (2 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-08 21:06:05 (3 days ago)	Trying to access config files	Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 203.25.208.110

🇳🇱 193.176.31.212

🇦🇪 2001:8f8:1f13:9e:2859:ad5f:dffe:86a0

🇨🇳 202.46.62.115

🇺🇸 172.217.107.16

🇺🇸 154.197.57.56

🇺🇸 104.234.208.18

🇺🇸 65.51.225.138

🇱🇹 62.60.130.31

🇺🇸 45.56.94.159

🇺🇸 44.0.204.91

🇳🇱 5.255.110.118

🇺🇸 165.154.173.115

🇨🇳 111.113.89.215

🇺🇸 104.234.208.204

🇹🇷 87.232.125.77

🇺🇸 71.6.233.138

🇬🇧 35.203.210.34

🇫🇮 2a00:1450:4010:c1c::120

🇩🇪 213.209.159.231