JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 109.252.138.162

109.252.138.162 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 0%: ?

ISP	Moscow Local Telephone Network (OAO MGTS)
Usage Type	Fixed Line ISP
ASN	AS25513
Hostname(s)	109-252-138-162.dynamic.spd-mgts.ru
Domain Name	spd-mgts.ru
Country	🇷🇺 Russian Federation
City	Moscow, Moscow

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 109.252.138.162

Whois 109.252.138.162

IP Abuse Reports for 109.252.138.162:

This IP address has been reported a total of 18 times from 14 distinct sources. 109.252.138.162 was first reported on October 13th 2025, and the most recent report was 7 months ago.

Old Reports: The most recent abuse report for this IP address is from 7 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Charlesiv	2025-10-25 04:45:19 (7 months ago)	Triggered Cloudflare WAF (firewallCustom) from RU. Action taken: BLOCK ASN: 25513 (ASN-MGTS-USPD) Pr ... show more Triggered Cloudflare WAF (firewallCustom) from RU. Action taken: BLOCK ASN: 25513 (ASN-MGTS-USPD) Protocol: HTTP/1.1 (GET method) Endpoint: /rest Timestamp: 2025-10-25T04:10:25Z Ray ID: 993edd34cf1aec55 UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0 show less	Bad Web Bot
🇺🇸 mnsf	2025-10-24 18:05:11 (7 months ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-10-23 23:21:55 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 109.252.138.162 (109-252-138-162.dynamic.spd-mg ... show more (mod_security) mod_security (id:225170) triggered by 109.252.138.162 (109-252-138-162.dynamic.spd-mgts.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 19:21:49.423207 2025] [security2:error] [pid 2137:tid 2137] [client 109.252.138.162:1721] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fattoria-rendena.it\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fattoria-rendena.it"] [uri "/wp-json/wp/v2/users"] [unique_id "aPq4jS86lbxcCkGrKTwcUgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-23 22:35:13 (7 months ago)	Bot / scanning and/or hacking attempts: GET / HTTP/1.1, GET /phpinfo.php HTTP/1.1, GET /test.php HTT ... show more Bot / scanning and/or hacking attempts: GET / HTTP/1.1, GET /phpinfo.php HTTP/1.1, GET /test.php HTTP/1.1, GET /i.php HTTP/1.1, GET /info.php HTTP/1.1, GET /p.php HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-10-23 22:11:42 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 109.252.138.162 (109-252-138-162.dynamic.spd-mg ... show more (mod_security) mod_security (id:225170) triggered by 109.252.138.162 (109-252-138-162.dynamic.spd-mgts.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 18:11:33.600192 2025] [security2:error] [pid 771340:tid 771340] [client 109.252.138.162:2112] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|sharawi-gum.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sharawi-gum.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aPqoFcU1Gfp01rodIYjKJQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-23 21:05:38 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 109.252.138.162 (109-252-138-162.dynamic.spd-mg ... show more (mod_security) mod_security (id:225170) triggered by 109.252.138.162 (109-252-138-162.dynamic.spd-mgts.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 17:05:31.563110 2025] [security2:error] [pid 17142:tid 17142] [client 109.252.138.162:1738] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|babylontravelone.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "babylontravelone.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aPqYm6Zejp7-XEpqxHjfLgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-23 16:46:18 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 109.252.138.162 (109-252-138-162.dynamic.spd-mg ... show more (mod_security) mod_security (id:225170) triggered by 109.252.138.162 (109-252-138-162.dynamic.spd-mgts.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 12:46:15.107924 2025] [security2:error] [pid 5324:tid 5324] [client 109.252.138.162:2142] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|protection4allsecurity.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "protection4allsecurity.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aPpb173I8dGm3d8ESK5GXQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-23 12:04:47 (7 months ago)	wordpress-trap	Web App Attack
🇺🇸 myagent.site	2025-10-22 05:53:10 (8 months ago)	Blocking for trying to access an exploit file: /test.php	Hacking
🇮🇹 Progetto1	2025-10-21 22:30:02 (8 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
Anonymous	2025-10-20 17:13:41 (8 months ago)	[21/Oct/2025:04:13:40 +1100] "GET /manager/media/script/mootools/mootools.js HTTP/1.1" 301 282 "Mozi ... show more [21/Oct/2025:04:13:40 +1100] "GET /manager/media/script/mootools/mootools.js HTTP/1.1" 301 282 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.5.8 Chrome/120.0.6099.283 Electron/28.2.3 Safari/537.36" show less	Hacking Web App Attack
Anonymous	2025-10-20 16:13:00 (8 months ago)	"Undesired, excess traffic against library/education infrastructure"	Brute-Force
🇧🇪 cmbplf	2025-10-17 03:24:39 (8 months ago)	251 requests with url.path */wp-content/plugins/litespeed-cache/readme.txt	Brute-Force Bad Web Bot
🇮🇳 cybersechere	2025-10-16 14:39:00 (8 months ago)	3 404 requests for the file /test.php. Accordingly, the host has been permanently banned.	Hacking Brute-Force Web App Attack
🇨🇦 polycoda	2025-10-16 11:48:04 (8 months ago)	⌨️ Probes for phpinfo everywhere	Hacking Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 113.182.90.235

🇺🇸 2604:a880:400:d1:0:4:9e8e:4001

🇨🇦 207.60.83.16

🇧🇷 179.146.44.138

🇸🇬 178.128.93.93

🇮🇩 103.146.202.84

🇩🇪 69.5.169.205

🇮🇶 65.20.187.47

🇦🇺 45.134.20.125

🇺🇸 45.79.207.181

🇺🇸 40.124.175.136

🇧🇷 190.9.82.56

🇲🇽 187.141.210.92

🇨🇷 186.15.58.226

🇧🇷 177.92.132.244

🇺🇸 143.20.253.200

🇻🇳 113.190.5.57

🇻🇳 113.186.35.20

🇨🇳 112.228.97.52

🇹🇼 101.13.5.195