JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.255.118.194

197.255.118.194 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 42%: ?

42%

ISP	For ICTD
Usage Type	University/College/School
ASN	AS37074
Domain Name	ug.edu.gh
Country	🇬🇭 Ghana
City	Medina Estates, Greater Accra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.255.118.194

Whois 197.255.118.194

IP Abuse Reports for 197.255.118.194:

This IP address has been reported a total of 18 times from 8 distinct sources. 197.255.118.194 was first reported on May 25th 2026, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-19 22:28:48 (21 hours ago)		Brute-Force Web App Attack
Anonymous	2026-06-15 10:32:07 (5 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 09:06:43 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 05:06:38.827911 2026] [security2:error] [pid 9955:tid 9955] [client 197.255.118.194:54248] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|suswastima.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "suswastima.com"] [uri "/xmlrpc.php"] [unique_id "ai_AnpdG_nWyFXTUw67EUgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 19:06:30 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 15:06:25.631562 2026] [security2:error] [pid 14648:tid 14648] [client 197.255.118.194:53623] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|mdsshop.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mdsshop.com"] [uri "/xmlrpc.php"] [unique_id "aihkMXMAI7u1ezEhgEAjJQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 debestelapp	2026-06-04 16:20:07 (2 weeks ago)		Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 09:53:06 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 05:52:59.145119 2026] [security2:error] [pid 12365:tid 12365] [client 197.255.118.194:52672] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|navarrete.ws\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "navarrete.ws"] [uri "/xmlrpc.php"] [unique_id "aiFK-8ah6P5oFZgff8BOBAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-04 09:51:36 (2 weeks ago)	197.255.118.194 - - [04/Jun/2026:11:51:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by ... show more 197.255.118.194 - - [04/Jun/2026:11:51:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)" 197.255.118.194 - - [04/Jun/2026:11:51:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)" 197.255.118.194 - - [04/Jun/2026:11:51:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com" 197.255.118.194 - - [04/Jun/2026:11:51:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com" 197.255.118.194 - - [04/Jun/2026:11:51:35 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-01 13:41:17 (2 weeks ago)	[redacted] 197.255.118.194 - - [01/Jun/2026:15:40:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" ... show more [redacted] 197.255.118.194 - - [01/Jun/2026:15:40:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com" [redacted] 197.255.118.194 - - [01/Jun/2026:15:40:44 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com" [redacted] 197.255.118.194 - - [01/Jun/2026:15:40:55 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com" [redacted] 197.255.118.194 - - [01/Jun/2026:15:41:06 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack/12.0; WordPress/6.2; http://site91832362.com" [redacted] 197.255.118.194 - - [01/Jun/2026:15:41:16 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 12:43:05 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 08:42:57.313090 2026] [security2:error] [pid 9657:tid 9657] [client 197.255.118.194:61865] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|palumbodesigns.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "palumbodesigns.com"] [uri "/xmlrpc.php"] [unique_id "ah1-UUmuXyd6koJ7wRu0fgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 12:10:53 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 08:10:46.127379 2026] [security2:error] [pid 6282:tid 6282] [client 197.255.118.194:64808] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|doctoredwinalvarez.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "doctoredwinalvarez.com"] [uri "/xmlrpc.php"] [unique_id "ah12xgqR_vhAOFCcNrGgSQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 15:54:09 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 11:53:59.935681 2026] [security2:error] [pid 14468:tid 14494] [client 197.255.118.194:54035] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|inal.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "inal.org"] [uri "/xmlrpc.php"] [unique_id "ahXCFyzM1cjuvPS0tspiKgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 11:37:47 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 07:37:43.900375 2026] [security2:error] [pid 32621:tid 32621] [client 197.255.118.194:56614] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|usbea.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "usbea.com"] [uri "/xmlrpc.php"] [unique_id "ahWGB_Zbc1TVa-sfXQG3VwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 16:53:51 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 12:53:46.132350 2026] [security2:error] [pid 21134:tid 21134] [client 197.255.118.194:51967] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|thinkingepic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thinkingepic.com"] [uri "/xmlrpc.php"] [unique_id "ahR-mpjY8PAESxL0Z3bTsQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 15:54:21 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 11:54:14.175360 2026] [security2:error] [pid 24954:tid 24954] [client 197.255.118.194:63300] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|internetnameregistration.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "internetnameregistration.com"] [uri "/xmlrpc.php"] [unique_id "ahRwpj7UscgE2CW5A49fOAAAACg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 14:54:12 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 197.255.118.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 10:54:03.891646 2026] [security2:error] [pid 15082:tid 15082] [client 197.255.118.194:62245] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.255.118.194 (+1 hits since last alert)\|susanoneill.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "susanoneill.us"] [uri "/xmlrpc.php"] [unique_id "ahRiixmDb5Hgbk3m-t8SdQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 48.217.233.215

🇮🇷 31.7.66.163

🇮🇷 2.182.157.244

🇨🇳 116.147.40.93

🇺🇸 108.5.12.200

🇨🇦 85.217.149.60

🇩🇪 49.12.132.25

🇦🇺 40.82.214.8

🇦🇷 190.138.23.113

🇳🇱 185.192.20.168

🇹🇭 159.192.144.204

🇳🇱 91.92.40.10

🇨🇭 35.216.201.9

🇨🇳 14.103.114.63

🇳🇱 195.178.110.30

🇯🇵 172.104.93.159

🇺🇸 162.216.149.241

🇱🇹 158.173.79.45

🇭🇰 156.245.246.50

🇨🇳 121.40.231.19