JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 105.127.13.101

105.127.13.101 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 32%: ?

32%

ISP	Airtel Networks Limited
Usage Type	Fixed Line ISP
ASN	AS36873
Domain Name	airtel.in
Country	🇳🇬 Nigeria
City	Lagos, Lagos

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 105.127.13.101

Whois 105.127.13.101

IP Abuse Reports for 105.127.13.101:

This IP address has been reported a total of 9 times from 7 distinct sources. 105.127.13.101 was first reported on June 3rd 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 big-cloud.nl	2026-06-04 10:28:25 (2 weeks ago)	Try to access /xmlrpc.php	Web App Attack
🇳🇿 Tripwire	2026-06-04 07:32:40 (2 weeks ago)	Probing for Wordpress - /xmlrpc.php	Brute-Force Web App Attack
🇨🇭 4server	2026-06-04 07:08:06 (3 weeks ago)	[ThuJun0409:08:00.8970862026][security2:error][pid3015656:tid3016969][client105.127.13.101:0]ModSecu ... show more [ThuJun0409:08:00.8970862026][security2:error][pid3015656:tid3016969][client105.127.13.101:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"aid-web.ch\"][uri\"/xmlrpc.php\"][unique_id\"aiEkUGmRZD0KL7eE-2QuswAAANg\"] show less	Hacking Web App Attack
🇺🇸 WellSpring	2026-06-04 06:28:17 (3 weeks ago)	xmlrpc exploit on 907.today/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer	Brute-Force Web App Attack
🇬🇧 noise.agency	2026-06-04 05:31:06 (3 weeks ago)	(wordpress) Failed wordpress login from 105.127.13.101 (NG/Nigeria/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-04 02:01:20 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 105.127.13.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 105.127.13.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 22:01:15.493556 2026] [security2:error] [pid 26265:tid 26265] [client 105.127.13.101:17425] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|tttns.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tttns.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiDcaz_zdx9kmQKgqkUyRgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 23:33:46 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 105.127.13.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 105.127.13.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 19:33:40.217131 2026] [security2:error] [pid 19094:tid 19094] [client 105.127.13.101:17463] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|superzilla.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "superzilla.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiC51OKwf0AXIJxlUrM87AAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 20:02:13 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 105.127.13.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 105.127.13.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 16:02:04.955604 2026] [security2:error] [pid 28638:tid 28638] [client 105.127.13.101:36166] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rimaine.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rimaine.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aiCIPD_rrdSEJ3UpbDeyyQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-06-03 08:24:35 (3 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 34.76.151.182

🇺🇸 2001:470:1:332::12b

🇵🇾 203.20.86.133

🇺🇸 184.105.139.89

🇩🇴 179.61.30.12

🇺🇸 91.230.168.183

🇫🇷 85.217.140.1

🇹🇼 61.222.211.114

🇺🇸 57.141.0.22

🇩🇪 43.228.157.17

🇧🇪 34.78.110.174

🇧🇪 34.22.133.178

🇺🇸 20.118.32.171

🇨🇷 201.193.202.98

🇮🇳 168.144.189.94

🇺🇸 162.216.149.14

🇩🇪 142.132.219.111

🇧🇩 103.131.144.53

🇺🇸 44.205.138.108

🇯🇵 43.207.188.22