JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 202.165.238.54

202.165.238.54 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 93%: ?

93%

ISP	Optix Pakistan (Pvt.) Limited
Usage Type	Fixed Line ISP
ASN	AS136384
Domain Name	optix.pk
Country	🇵🇰 Pakistan
City	Karachi, Sindh

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 202.165.238.54

Whois 202.165.238.54

IP Abuse Reports for 202.165.238.54:

This IP address has been reported a total of 24 times from 18 distinct sources. 202.165.238.54 was first reported on June 13th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 09:58:08 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 202.165.238.54 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 202.165.238.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 05:58:00.385477 2026] [security2:error] [pid 28344:tid 28344] [client 202.165.238.54:46017] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.165.238.54 (+1 hits since last alert)\|frogdesignmexico.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "frogdesignmexico.com"] [uri "/xmlrpc.php"] [unique_id "ajJvqL7ACXL3GCccq-2itAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-17 05:10:35 (3 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 integrantservices.com	2026-06-16 18:51:10 (4 days ago)	(wordpress) Failed wordpress login from 202.165.238.54 (PK/Pakistan/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-16 16:36:18 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 202.165.238.54 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 202.165.238.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 12:36:10.487382 2026] [security2:error] [pid 13241:tid 13241] [client 202.165.238.54:45239] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.165.238.54 (+1 hits since last alert)\|nomanszone.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nomanszone.com"] [uri "/xmlrpc.php"] [unique_id "ajF7etXB7R2XUaU9hP4_HgAAADA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 YF	2026-06-16 16:01:02 (4 days ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
🇦🇺 clapper	2026-06-16 11:20:23 (4 days ago)	(mod_security) mod_security (id:350202) triggered by 202.165.238.54 (PK/Pakistan/-): 5 in the last 6 ... show more (mod_security) mod_security (id:350202) triggered by 202.165.238.54 (PK/Pakistan/-): 5 in the last 600 secs; ID: rub show less	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-16 09:56:13 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 202.165.238.54 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 202.165.238.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 05:56:06.372091 2026] [security2:error] [pid 31228:tid 31228] [client 202.165.238.54:46022] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.165.238.54 (+1 hits since last alert)\|rodandreelpiercam.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rodandreelpiercam.com"] [uri "/xmlrpc.php"] [unique_id "ajEdtgBAYGmr7ccMrtF0SwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-16 08:18:17 (4 days ago)	[redacted] 202.165.238.54 - - [16/Jun/2026:10:17:37 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 202.165.238.54 - - [16/Jun/2026:10:17:37 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" [redacted] 202.165.238.54 - - [16/Jun/2026:10:17:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site37814254.com" [redacted] 202.165.238.54 - - [16/Jun/2026:10:17:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 202.165.238.54 - - [16/Jun/2026:10:18:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 202.165.238.54 - - [16/Jun/2026:10:18:16 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇩🇪 yvoictra	2026-06-16 08:18:12 (4 days ago)	202.165.238.54 - - [16/Jun/2026:10:17:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "WordPress.c ... show more 202.165.238.54 - - [16/Jun/2026:10:17:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "WordPress.com; https://wordpress.com" 202.165.238.54 - - [16/Jun/2026:10:17:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Jetpack/12.5; WordPress/6.2; http://site23701590.com" 202.165.238.54 - - [16/Jun/2026:10:17:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "WordPress.com; https://wordpress.com" 202.165.238.54 - - [16/Jun/2026:10:17:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" 202.165.238.54 - - [16/Jun/2026:10:18:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Jetpack/12.0; WordPress/6.3; http://site91443745.com" 202.165.238.54 - - [16/Jun/2026:10:18:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Jetpack by WordPress.com" ... show less	Brute-Force Web App Attack
🇺🇸 n2nguyenn2nguyen	2026-06-16 05:00:35 (4 days ago)	Blocked by YFC Security on https://brixzly.com — type: xmlrpc_attempts	Brute-Force Web App Attack
Anonymous	2026-06-16 00:14:13 (5 days ago)	Attac	Brute-Force
Anonymous	2026-06-15 19:32:14 (5 days ago)	[da.kdns.gr] httpd-xmlrpc-post: sites=oro24.gr; logs=/var/log/httpd/domains/oro24.gr.log; samples=/x ... show more [da.kdns.gr] httpd-xmlrpc-post: sites=oro24.gr; logs=/var/log/httpd/domains/oro24.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 oralunal	2026-06-15 19:29:58 (5 days ago)	IP banned by Fail2Ban in jail oral-suss access.log mvfnds ...	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 18:29:29 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 202.165.238.54 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 202.165.238.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:29:24.883493 2026] [security2:error] [pid 8972:tid 8972] [client 202.165.238.54:45866] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.165.238.54 (+1 hits since last alert)\|t9teamsportinggoods.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "t9teamsportinggoods.com"] [uri "/xmlrpc.php"] [unique_id "ajBEhOGCUXvUO7a3p9liTAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 lenz	2026-06-15 17:56:07 (5 days ago)	Jun 15 19:54:57 hosting wordpress(grupa-ddd.pl)[1201]: XML-RPC authentication failure for admin from ... show more Jun 15 19:54:57 hosting wordpress(grupa-ddd.pl)[1201]: XML-RPC authentication failure for admin from 202.165.238.54 Jun 15 19:55:04 hosting wordpress(grupa-ddd.pl)[1203]: XML-RPC authentication failure for admin from 202.165.238.54 Jun 15 19:55:38 hosting wordpress(grupa-ddd.pl)[1200]: XML-RPC authentication failure for admin from 202.165.238.54 Jun 15 19:55:57 hosting wordpress(grupa-ddd.pl)[1201]: XML-RPC authentication failure for admin from 202.165.238.54 Jun 15 19:56:07 hosting wordpress(grupa-ddd.pl)[2270]: XML-RPC authentication failure for admin from 202.165.238.54 ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇿 197.219.228.242

🇩🇪 193.124.20.246

🇬🇧 188.240.59.5

🇨🇦 143.110.215.32

🇨🇦 85.217.149.18

🇬🇧 78.153.140.40

🇳🇱 45.198.224.5

🇨🇦 38.253.55.156

🇶🇦 2600:1900:4260:40e::ea

🇰🇷 222.110.147.58

🇬🇧 195.140.214.19

🇬🇧 188.240.59.19

🇺🇸 170.106.105.73

🇵🇰 153.117.13.235

🇫🇮 147.185.133.45

🇮🇳 103.113.39.133

🇫🇷 94.183.188.94

🇫🇷 78.241.65.252

🇩🇪 69.5.169.202

🇺🇸 35.149.61.107