JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 202.165.238.25

202.165.238.25 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 65%: ?

65%

ISP	Optix Pakistan (Pvt.) Limited
Usage Type	Fixed Line ISP
ASN	AS136384
Domain Name	optix.pk
Country	🇵🇰 Pakistan
City	Karachi, Sindh

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 202.165.238.25

Whois 202.165.238.25

IP Abuse Reports for 202.165.238.25:

This IP address has been reported a total of 19 times from 10 distinct sources. 202.165.238.25 was first reported on June 18th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-21 18:03:51 (2 hours ago)	(mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:03:48.406960 2026] [security2:error] [pid 12549:tid 12549] [client 202.165.238.25:14904] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.165.238.25 (+1 hits since last alert)\|wwfstudio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wwfstudio.com"] [uri "/xmlrpc.php"] [unique_id "ajgnhP3PKb5jWuCbfr4hCQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-21 16:30:10 (4 hours ago)	Attac	Brute-Force
Anonymous	2026-06-21 15:20:27 (5 hours ago)	[ssd5.kdns.gr] httpd-xmlrpc-post: sites=bamhairsalon.gr; logs=/var/log/httpd/domains/bamhairsalon.gr ... show more [ssd5.kdns.gr] httpd-xmlrpc-post: sites=bamhairsalon.gr; logs=/var/log/httpd/domains/bamhairsalon.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 13:37:55 (7 hours ago)	(mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 09:37:50.897095 2026] [security2:error] [pid 5119:tid 5225] [client 202.165.238.25:14831] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.165.238.25 (+1 hits since last alert)\|mtiminis.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mtiminis.com"] [uri "/xmlrpc.php"] [unique_id "ajfpLgZdV1k-rop2HWxPAwAAAEw"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-06-21 10:48:18 (9 hours ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS	Web App Attack
Anonymous	2026-06-20 16:31:03 (1 day ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
Anonymous	2026-06-20 14:54:10 (1 day ago)	[redacted] 202.165.238.25 - - [20/Jun/2026:16:53:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" " ... show more [redacted] 202.165.238.25 - - [20/Jun/2026:16:53:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com" [redacted] 202.165.238.25 - - [20/Jun/2026:16:53:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" [redacted] 202.165.238.25 - - [20/Jun/2026:16:53:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com" [redacted] 202.165.238.25 - - [20/Jun/2026:16:53:40 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com" [redacted] 202.165.238.25 - - [20/Jun/2026:16:53:47 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack/12.5; WordPress/6.4; http://site10147613.com" [redacted] 202.165.238.25 - - [20/Jun/2026:16:53:51 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com" [redacted] 202.165.238.25 - - [20/Jun/2026:16:53:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)" hirsch ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 09:56:45 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 05:56:40.020287 2026] [security2:error] [pid 13630:tid 13630] [client 202.165.238.25:15219] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.165.238.25 (+1 hits since last alert)\|schlegelcreative.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "schlegelcreative.com"] [uri "/xmlrpc.php"] [unique_id "ajZj2DYCqvEWROEVoM6pSwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-20 09:56:14 (1 day ago)	Attac	Brute-Force
🇩🇪 grassau.com	2026-06-19 20:03:29 (2 days ago)	(wordpress) Failed wordpress login from 202.165.238.25 (PK/Pakistan/-/-/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-19 15:57:36 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 11:57:32.842743 2026] [security2:error] [pid 519:tid 539] [client 202.165.238.25:15173] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.165.238.25 (+1 hits since last alert)\|41bravo.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "41bravo.com"] [uri "/xmlrpc.php"] [unique_id "ajVm7JQXlKEjVjALBeI-7QAAAI4"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 polycoda	2026-06-19 14:26:08 (2 days ago)	AutoBlock: 🔐 WordPress Login Brute Force (20X or 30X) (Decay-Based)	Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-19 13:39:53 (2 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TPI-Abuse	2026-06-19 04:33:31 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 202.165.238.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 00:33:25.401527 2026] [security2:error] [pid 9496:tid 9496] [client 202.165.238.25:15155] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.165.238.25 (+1 hits since last alert)\|greatwesternfirearms.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "greatwesternfirearms.com"] [uri "/xmlrpc.php"] [unique_id "ajTGlYMIzu_l5vrIkrVqqwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-18 20:29:00 (3 days ago)	(xmlrpc_405) XMLRPC-Bot 405 202.165.238.25 (PK/Pakistan/-)	Hacking

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2604:a880:400:d1:0:4:9e7d:1

🇨🇳 222.85.34.114

🇫🇮 178.20.210.151

🇩🇪 47.245.143.238

🇩🇪 47.245.142.92

🇺🇸 45.43.57.6

🇨🇭 209.99.191.19

🇹🇼 198.235.24.121

🇸🇪 195.178.191.5

🇺🇸 154.83.197.158

🇩🇪 69.5.169.213

🇩🇪 47.245.140.253

🇩🇪 47.245.139.195

🇩🇪 47.245.139.137

🇳🇱 45.148.10.152

🇺🇸 20.245.71.147

🇳🇱 195.178.110.30

🇺🇸 148.153.56.170

🇨🇳 123.149.50.91

🇧🇬 79.124.62.230