JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.94.254.129

197.94.254.129 was found in our database!

This IP was reported 52 times. Confidence of Abuse is 80%: ?

80%

ISP	Dimension Data
Usage Type	Fixed Line ISP
ASN	AS20011
Domain Name	global.ntt
Country	🇿🇦 South Africa
City	Cape Town, Western Cape

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.94.254.129

Whois 197.94.254.129

IP Abuse Reports for 197.94.254.129:

This IP address has been reported a total of 52 times from 25 distinct sources. 197.94.254.129 was first reported on March 8th 2026, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-15 16:55:47 (15 hours ago)	(mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:55:39.332347 2026] [security2:error] [pid 22880:tid 22880] [client 197.94.254.129:1207] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.94.254.129 (+1 hits since last alert)\|breezentry.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "breezentry.com"] [uri "/xmlrpc.php"] [unique_id "ajAui_CjAEL2Zkwswz-VdgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 16:15:13 (16 hours ago)	(wordpress) Failed wordpress login from 197.94.254.129 (-)	Brute-Force
🇩🇪 ger-stg-sifi1	2026-06-15 15:12:19 (17 hours ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 04:42:02 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 00:41:55.760116 2026] [security2:error] [pid 8645:tid 8645] [client 197.94.254.129:10693] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.94.254.129 (+1 hits since last alert)\|vrevgaming.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "vrevgaming.net"] [uri "/xmlrpc.php"] [unique_id "ai-CkwS9dvMAg-vj8ZlNsAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 15:11:07 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 11:11:00.750479 2026] [security2:error] [pid 1839:tid 1839] [client 197.94.254.129:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.94.254.129 (+1 hits since last alert)\|local639.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "local639.com"] [uri "/xmlrpc.php"] [unique_id "ai7EhAm79O4M1x4idetbrAAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 13:35:21 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 09:35:13.281959 2026] [security2:error] [pid 6813:tid 6813] [client 197.94.254.129:6492] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.94.254.129 (+1 hits since last alert)\|webersource.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "webersource.com"] [uri "/xmlrpc.php"] [unique_id "ai6uEWLGiadpapmkaev4GAAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-13 00:53:19 (3 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-12 15:00:17 (3 days ago)	Blocked by ModSec and CSF	Port Scan
🇫🇷 dynamix	2026-06-11 18:16:21 (4 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇩🇪 rh24	2026-06-11 17:15:30 (4 days ago)	(wordpress) Failed wordpress login from 197.94.254.129 (-): (CF_ENABLE)	Brute-Force
🇳🇱 debestelapp	2026-06-11 16:15:06 (4 days ago)		Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 15:04:31 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 197.94.254.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 11:04:27.497351 2026] [security2:error] [pid 25414:tid 25414] [client 197.94.254.129:40742] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.94.254.129 (+1 hits since last alert)\|drwolberg.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drwolberg.com"] [uri "/xmlrpc.php"] [unique_id "airOe_A96ix2AGtvhmkvWQAAACg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WeekendWeb	2026-06-08 10:37:33 (1 week ago)	Wordpress Vunerability attack	Web App Attack
Anonymous	2026-06-05 13:06:23 (1 week ago)	Attac	Brute-Force
🇩🇪 konseptit	2026-06-04 16:14:49 (1 week ago)	(wordpress) Failed wordpress login from 197.94.254.129 (-)	Brute-Force

Showing 1 to 15 of 52 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.250

🇮🇳 154.84.242.115

🇭🇰 114.111.54.189

🇭🇰 103.146.159.173

🇺🇸 66.132.172.199

🇺🇸 65.55.210.68

🇸🇬 47.236.42.148

🇳🇱 5.175.192.17

🇫🇷 207.180.223.44

🇳🇱 195.178.110.30

🇩🇪 193.124.20.245

🇧🇷 179.189.83.202

🇷🇺 178.20.44.140

🇨🇳 112.94.253.5

🇫🇷 91.231.89.104

🇧🇬 91.92.199.36

🇦🇪 86.98.37.95

🇫🇷 82.65.140.218

🇺🇸 66.132.172.229

🇺🇸 64.62.156.32