JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 105.127.10.241

105.127.10.241 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 58%: ?

58%

ISP	Airtel Networks Limited
Usage Type	Fixed Line ISP
ASN	AS36873
Domain Name	airtel.in
Country	🇳🇬 Nigeria
City	Lagos, Lagos

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 105.127.10.241

Whois 105.127.10.241

IP Abuse Reports for 105.127.10.241:

This IP address has been reported a total of 12 times from 10 distinct sources. 105.127.10.241 was first reported on April 17th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 cwytech	2026-06-23 17:20:10 (2 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wordpress-xmlrpc-bf-high.	Bad Web Bot Web App Attack
🇺🇸 factor1	2026-06-23 17:00:43 (2 days ago)	Fail2ban at churndash Reports Abuse.	Brute-Force Web App Attack
🇺🇸 bigwavedave	2026-06-23 16:07:59 (2 days ago)	Wordpress Attack	Web App Attack
🇧🇾 lns.bz	2026-06-23 15:23:15 (2 days ago)	Banned for trying to access xmlrpc [BY]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 14:18:51 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 105.127.10.241 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 105.127.10.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 10:18:46.234232 2026] [security2:error] [pid 9454:tid 9454] [client 105.127.10.241:3641] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gellertdealers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gellertdealers.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajqVxgvxoq_iv-_B8aiFaQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-06-23 14:09:42 (2 days ago)	Unauthorized access to webpage admin	Web App Attack
🇩🇪 4server	2026-06-23 13:07:51 (2 days ago)	[TueJun2315:07:46.0482652026][security2:error][pid3016845:tid3016919][client105.127.10.241:0]ModSecu ... show more [TueJun2315:07:46.0482652026][security2:error][pid3016845:tid3016919][client105.127.10.241:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"esengineering.ch\"][uri\"/xmlrpc.php\"][unique_id\"ajqFIjTKYKQfcnabokIFzwAAAEA\"] show less	Port Scan Brute-Force Web App Attack
🇧🇪 taivas.nl	2026-06-23 11:02:11 (2 days ago)	Wordpress_xmlrpc_attack	Bad Web Bot
🇫🇷 dynamix	2026-06-23 10:46:57 (2 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 10:13:21 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 105.127.10.241 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 105.127.10.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 06:13:17.376513 2026] [security2:error] [pid 26696:tid 26696] [client 105.127.10.241:4525] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|artbytracyjane.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "artbytracyjane.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajpcPaPUDXfzCsO2_QuG2wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 09:02:49 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 105.127.10.241 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 105.127.10.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 05:02:44.352768 2026] [security2:error] [pid 29540:tid 29540] [client 105.127.10.241:5215] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|3beeze.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "3beeze.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajpLtKsH34PV8yjagq3_xAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ELYAZ	2026-04-17 20:45:02 (2 months ago)	(wordpress) Failed wordpress login from 105.127.10.241 (NG/Nigeria/-): (CF_ENABLE)	Brute-Force

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 187.109.162.17

🇸🇬 178.128.95.176

🇺🇸 162.216.149.41

🇦🇪 145.241.123.102

🇺🇸 142.93.207.132

🇨🇳 118.81.203.239

🇨🇳 106.12.18.199

🇫🇮 77.105.161.120

🇵🇰 202.47.57.124

🇧🇷 189.126.33.199

🇺🇸 167.160.233.24

🇺🇸 104.37.185.43

🇧🇪 35.195.253.14

🇳🇱 34.178.21.247

🇻🇳 14.244.177.154

🇩🇪 213.209.159.227

🇨🇳 202.105.98.252

🇸🇬 172.188.89.41

🇨🇳 119.125.19.250

🇭🇰 43.161.224.78