JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.82.161.138

197.82.161.138 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 20%: ?

20%

ISP	Dimension Data
Usage Type	Fixed Line ISP
ASN	AS20011
Domain Name	global.ntt
Country	🇿🇦 South Africa
City	Johannesburg, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.82.161.138

Whois 197.82.161.138

IP Abuse Reports for 197.82.161.138:

This IP address has been reported a total of 10 times from 3 distinct sources. 197.82.161.138 was first reported on May 28th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-04 18:27:32 (1 hour ago)	(mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 14:27:27.953507 2026] [security2:error] [pid 25912:tid 25912] [client 197.82.161.138:60935] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.82.161.138 (+1 hits since last alert)\|mdsshop.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mdsshop.com"] [uri "/xmlrpc.php"] [unique_id "aiHDj4qUcewcS1bdv1SGRgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 17:54:24 (2 hours ago)	(mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 13:54:18.169797 2026] [security2:error] [pid 22154:tid 22154] [client 197.82.161.138:61888] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.82.161.138 (+1 hits since last alert)\|apuntesdeinversion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "apuntesdeinversion.com"] [uri "/xmlrpc.php"] [unique_id "aiG7ysUWMCH6L0mQDmGOWAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 17:25:49 (2 hours ago)	(mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 13:25:44.800511 2026] [security2:error] [pid 16090:tid 16090] [client 197.82.161.138:59112] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.82.161.138 (+1 hits since last alert)\|ssion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ssion.com"] [uri "/xmlrpc.php"] [unique_id "aiG1GLnX0Gy4S0LT-8jNzAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-02 17:10:11 (2 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-05-30 19:24:24 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 15:24:17.940255 2026] [security2:error] [pid 15482:tid 15482] [client 197.82.161.138:52902] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.82.161.138 (+1 hits since last alert)\|nolaanime.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nolaanime.com"] [uri "/xmlrpc.php"] [unique_id "ahs5YbLaK_uXGCm9eR3g8QAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-30 18:52:14 (5 days ago)	Attac	Brute-Force
Anonymous	2026-05-29 05:42:18 (6 days ago)	Attac	Brute-Force
🇺🇸 Victor López	2026-05-29 00:10:31 (6 days ago)	babystudio4d.com 197.82.161.138 - - [28/May/2026:19:10:11 -0500] "POST /xmlrpc.php HTTP/1.1" 200 415 ... show more babystudio4d.com 197.82.161.138 - - [28/May/2026:19:10:11 -0500] "POST /xmlrpc.php HTTP/1.1" 200 415 "-" "Jetpack by WordPress.com" babystudio4d.com 197.82.161.138 - - [28/May/2026:19:10:20 -0500] "POST /xmlrpc.php HTTP/1.1" 200 415 "-" "Jetpack by WordPress.com" babystudio4d.com 197.82.161.138 - - [28/May/2026:19:10:30 -0500] "POST /xmlrpc.php HTTP/1.1" 200 415 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 22:10:04 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 18:09:57.787255 2026] [security2:error] [pid 2451:tid 2451] [client 197.82.161.138:59011] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.82.161.138 (+1 hits since last alert)\|415test.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "415test.com"] [uri "/xmlrpc.php"] [unique_id "ahi9NUC-4_2d1caV8QDfGAAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 20:26:47 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.82.161.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 16:26:39.239714 2026] [security2:error] [pid 1327:tid 1333] [client 197.82.161.138:53206] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.82.161.138 (+1 hits since last alert)\|whitecrosslibrary.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whitecrosslibrary.com"] [uri "/xmlrpc.php"] [unique_id "ahik_wpGYmRzwq2N-n2mZAAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 107.150.105.5

🇨🇦 85.217.149.64

🇷🇴 80.94.92.167

🇵🇪 63.246.37.42

🇺🇸 45.33.84.124

🇺🇸 207.90.244.12

🇳🇨 202.166.183.19

192.168.222.222

🇷🇺 188.234.239.243

🇭🇰 165.154.60.76

🇩🇪 162.158.111.238

🇩🇪 162.158.111.167

🇨🇳 115.190.113.87

🇨🇳 111.127.65.70

🇺🇸 107.150.102.192

🇺🇸 107.148.180.44

🇳🇱 45.148.10.152

🇧🇦 31.176.181.98

🇺🇸 209.90.232.71

🇸🇬 168.144.141.128