JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 112.133.246.91

112.133.246.91 was found in our database!

This IP was reported 223 times. Confidence of Abuse is 64%: ?

64%

ISP	Railwire Delhi
Usage Type	Fixed Line ISP
ASN	AS24186
Domain Name	railtelindia.com
Country	🇮🇳 India
City	Delhi, Delhi

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 112.133.246.91

Whois 112.133.246.91

IP Abuse Reports for 112.133.246.91:

This IP address has been reported a total of 223 times from 76 distinct sources. 112.133.246.91 was first reported on November 22nd 2020, and the most recent report was 20 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 factor1	2026-06-09 11:53:54 (20 minutes ago)	Fail2ban at saturn Reports Abuse.	Brute-Force Web App Attack
🇺🇸 integrantservices.com	2026-06-09 05:41:13 (6 hours ago)	(wordpress) Failed wordpress login from 112.133.246.91 (IN/India/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-08 11:49:09 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 112.133.246.91 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 112.133.246.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 07:49:00.772805 2026] [security2:error] [pid 6114:tid 6114] [client 112.133.246.91:24904] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 112.133.246.91 (+1 hits since last alert)\|karenbernsteinlaw.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "karenbernsteinlaw.com"] [uri "/xmlrpc.php"] [unique_id "aiasLM9jrlM5A4p_KM4p9AAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 11:40:25 (1 day ago)	[ns67.kdns.gr] httpd-xmlrpc-post: sites=kapaweb.gr; logs=/var/www/vhosts/kapaweb.gr/logs/access_ssl_ ... show more [ns67.kdns.gr] httpd-xmlrpc-post: sites=kapaweb.gr; logs=/var/www/vhosts/kapaweb.gr/logs/access_ssl_log,/var/www/vhosts/system/kapaweb.gr/logs/access_ssl_log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-05 07:37:15 (4 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-05-27 10:06:14 (1 week ago)	Attac	Brute-Force
Anonymous	2026-05-25 11:36:48 (2 weeks ago)	112.133.246.91 - - [25/May/2026:13:36:28 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Jetpack/13. ... show more 112.133.246.91 - - [25/May/2026:13:36:28 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Jetpack/13.0; WordPress/6.4; http://site95458616.com" 112.133.246.91 - - [25/May/2026:13:36:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/13.0; WordPress/6.4; http://site95458616.com" 112.133.246.91 - - [25/May/2026:13:36:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 112.133.246.91 - - [25/May/2026:13:36:37 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "WordPress.com; https://wordpress.com" 112.133.246.91 - - [25/May/2026:13:36:47 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "WordPress.com; https://wordpress.com" ... show less	Brute-Force Web App Attack
🇫🇷 MatStef132	2026-05-23 15:48:52 (2 weeks ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇳🇱 Site.eu	2026-05-22 03:36:12 (2 weeks ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇩🇪 rh24	2026-05-22 03:35:53 (2 weeks ago)	(wordpress) Failed wordpress login from 112.133.246.91 (IN/India/-): (CF_ENABLE)	Brute-Force
Anonymous	2026-05-20 06:15:19 (2 weeks ago)		Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-18 12:04:19 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 112.133.246.91 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 112.133.246.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 18 08:04:09.285302 2026] [security2:error] [pid 14462:tid 14477] [client 112.133.246.91:50924] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 112.133.246.91 (+1 hits since last alert)\|greencitymethods.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "greencitymethods.com"] [uri "/xmlrpc.php"] [unique_id "agsAOa9v0SJKZrc4u8dkNwAAAUw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-18 11:32:27 (3 weeks ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-05-18 11:03:53 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 112.133.246.91 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 112.133.246.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 18 07:03:44.337158 2026] [security2:error] [pid 3107:tid 3107] [client 112.133.246.91:58051] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 112.133.246.91 (+1 hits since last alert)\|pluralmatrix.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pluralmatrix.net"] [uri "/xmlrpc.php"] [unique_id "agryEKYCIQeCUXFjCeNC6gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-05-01 22:27:43 (1 month ago)		Brute-Force Web App Attack

Showing 1 to 15 of 223 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 152.32.239.122

🇩🇪 34.107.5.109

🇫🇷 185.177.72.53

🇮🇩 129.227.46.150

🇵🇰 119.156.28.157

🇺🇸 104.196.141.201

🇧🇬 78.128.114.22

🇭🇰 47.76.63.164

🇺🇸 216.55.146.49

🇷🇴 193.32.162.80

🇺🇾 190.133.225.156

🇨🇳 183.149.66.107

🇧🇷 177.174.109.143

🇺🇸 135.119.94.8

🇸🇬 129.226.84.224

🇸🇬 47.84.66.216

🇬🇧 5.226.140.8

🇬🇹 181.119.109.250

🇫🇮 80.223.198.246

🇺🇸 68.192.26.41