JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.16.125.52

102.16.125.52 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 89%: ?

89%

ISP	Telecom Malagasy
Usage Type	Fixed Line ISP
ASN	AS37054
Hostname(s)	tgn.16.125.52.tgn.mg
Domain Name	yas.mg
Country	🇲🇬 Madagascar
City	Antananarivo, Analamanga

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.16.125.52

Whois 102.16.125.52

IP Abuse Reports for 102.16.125.52:

This IP address has been reported a total of 45 times from 19 distinct sources. 102.16.125.52 was first reported on May 28th 2026, and the most recent report was 26 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 konseptit	2026-06-22 07:40:33 (26 minutes ago)	(wordpress) Failed wordpress login from 102.16.125.52 (MG/Madagascar/tgn.16.125.52.tgn.mg)	Brute-Force
Anonymous	2026-06-22 07:10:10 (56 minutes ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-22 06:39:23 (1 hour ago)	(mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 02:39:15.666268 2026] [security2:error] [pid 2441:tid 2441] [client 102.16.125.52:49451] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.16.125.52 (+1 hits since last alert)\|speedysremodeling.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "speedysremodeling.com"] [uri "/xmlrpc.php"] [unique_id "ajjYk3ElZY_3jEny9RSnggAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 alferez	2026-06-22 04:46:20 (3 hours ago)	xmlrpc.php attack DOS	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 07:40:39 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 03:40:31.205544 2026] [security2:error] [pid 26950:tid 26950] [client 102.16.125.52:60427] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.16.125.52 (+1 hits since last alert)\|radicalchange.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "radicalchange.org"] [uri "/xmlrpc.php"] [unique_id "ajZD76GBmIySf2UpneP0mwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-20 05:06:13 (2 days ago)	Attac	Brute-Force
🇳🇱 Site.eu	2026-06-19 09:55:58 (2 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-19 09:27:29 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 05:27:21.423476 2026] [security2:error] [pid 23630:tid 23630] [client 102.16.125.52:56393] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.16.125.52 (+1 hits since last alert)\|josephshv.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "josephshv.com"] [uri "/xmlrpc.php"] [unique_id "ajULeftfN56RrvIUoiMgPQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-06-17 10:08:48 (4 days ago)	(wordpress) Failed wordpress login from 102.16.125.52 (MG/Madagascar/tgn.16.125.52.tgn.mg)	Brute-Force
🇦🇺 screwlooseit.com.au	2026-06-17 09:37:57 (4 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC MG/Madagascar/tgn.16.125.52.tgn.mg	Web App Attack
🇳🇱 Site.eu	2026-06-16 13:11:25 (5 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 WeekendWeb	2026-06-15 08:35:44 (6 days ago)	Wordpress Vunerability attack	Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 07:47:16 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 03:47:06.956212 2026] [security2:error] [pid 5934:tid 5934] [client 102.16.125.52:49856] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.16.125.52 (+1 hits since last alert)\|virtualmediamasters.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "virtualmediamasters.net"] [uri "/xmlrpc.php"] [unique_id "ai0K-sMcr1ZltdcZ6RNYnQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-13 06:06:38 (1 week ago)	2.560 requests from abuseipdb.com blacklisted IP (4mos3w4d)	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-13 05:00:50 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 102.16.125.52 (tgn.16.125.52.tgn.mg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 01:00:43.285441 2026] [security2:error] [pid 30072:tid 30072] [client 102.16.125.52:59743] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.16.125.52 (+1 hits since last alert)\|medusakenya.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "medusakenya.com"] [uri "/xmlrpc.php"] [unique_id "aizj-5q3RuHnY4x2JYEK0wAAACM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 2a00:1450:4010:c1e::123

🇳🇱 195.178.110.30

🇳🇱 176.65.139.233

🇩🇪 158.94.208.56

🇺🇸 148.153.32.7

🇮🇱 141.226.88.165

🇹🇭 125.27.12.122

🇳🇱 91.92.42.133

🇳🇱 91.92.40.5

🇨🇦 85.217.149.28

🇺🇸 34.226.197.42

🇲🇾 27.125.246.202

🇺🇸 3.84.211.231

🇨🇴 190.109.5.68

🇺🇸 172.253.86.93

🇮🇷 130.185.72.228

🇦🇺 121.44.7.105

🇲🇾 47.250.38.192

🇲🇾 27.125.243.158

🇨🇳 221.229.218.50