JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 112.134.132.175

112.134.132.175 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 41%: ?

41%

ISP	Internet Service Provider in Sri Lanka.
Usage Type	Fixed Line ISP
ASN	AS9329
Hostname(s)	v4.dns.slt.lk
Domain Name	sltnet.lk
Country	🇱🇰 Sri Lanka
City	Negombo, Western Province

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 112.134.132.175

Whois 112.134.132.175

IP Abuse Reports for 112.134.132.175:

This IP address has been reported a total of 15 times from 11 distinct sources. 112.134.132.175 was first reported on November 9th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 10:09:40 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 112.134.132.175 (v4.dns.slt.lk): 1 in the last ... show more (mod_security) mod_security (id:240335) triggered by 112.134.132.175 (v4.dns.slt.lk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 06:09:32.866210 2026] [security2:error] [pid 4466:tid 4466] [client 112.134.132.175:44658] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 112.134.132.175 (+1 hits since last alert)\|plazahacienda.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "plazahacienda.com"] [uri "/xmlrpc.php"] [unique_id "ajUVXBuThhjgukWLgCiN_AAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 09:38:46 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 112.134.132.175 (v4.dns.slt.lk): 1 in the last ... show more (mod_security) mod_security (id:240335) triggered by 112.134.132.175 (v4.dns.slt.lk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 05:38:42.891770 2026] [security2:error] [pid 28145:tid 28145] [client 112.134.132.175:43682] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 112.134.132.175 (+1 hits since last alert)\|igolfallday.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "igolfallday.com"] [uri "/xmlrpc.php"] [unique_id "ajUOInNT8gHuwJT54KPFnQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 07:39:20 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 112.134.132.175 (v4.dns.slt.lk): 1 in the last ... show more (mod_security) mod_security (id:240335) triggered by 112.134.132.175 (v4.dns.slt.lk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 03:39:15.404272 2026] [security2:error] [pid 5313:tid 5313] [client 112.134.132.175:44850] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 112.134.132.175 (+1 hits since last alert)\|monmouthcountydanceclasses.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "monmouthcountydanceclasses.com"] [uri "/xmlrpc.php"] [unique_id "ajTyI8zGe2LvFqo50Df9YQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Jason Howell	2026-06-19 07:34:33 (1 week ago)	112.134.132.175 - - [19/Jun/2026:02:33:52 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2985 "-" "Jetpack b ... show more 112.134.132.175 - - [19/Jun/2026:02:33:52 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2985 "-" "Jetpack by WordPress.com" 112.134.132.175 - - [19/Jun/2026:02:34:01 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2986 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)" 112.134.132.175 - - [19/Jun/2026:02:34:11 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2987 "-" "Jetpack by WordPress.com" 112.134.132.175 - - [19/Jun/2026:02:34:22 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2986 "-" "Jetpack by WordPress.com" 112.134.132.175 - - [19/Jun/2026:02:34:32 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2985 "-" "Jetpack/13.0; WordPress/6.4; http://site47942293.com" ... show less	Web App Attack
🇺🇸 integrantservices.com	2026-06-18 05:58:47 (1 week ago)	(wordpress) Failed wordpress login from 112.134.132.175 (LK/Sri Lanka/v4.dns.slt.lk)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-15 06:03:56 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 112.134.132.175 (v4.dns.slt.lk): 1 in the last ... show more (mod_security) mod_security (id:240335) triggered by 112.134.132.175 (v4.dns.slt.lk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 02:03:49.226995 2026] [security2:error] [pid 6665:tid 6665] [client 112.134.132.175:44046] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 112.134.132.175 (+1 hits since last alert)\|verdeprofundo.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "verdeprofundo.net"] [uri "/xmlrpc.php"] [unique_id "ai-VxZBqNg9lRBcdIEWyYwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 dyln	2026-06-08 15:47:07 (2 weeks ago)	Dyls honeypot brute-force: SMB (4 total hits)	Brute-Force
🇦🇹 urnilxfgbez	2026-06-06 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇬🇧 PeravixGroup	2026-06-01 19:53:10 (3 weeks ago)	Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aar ... show more Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aaran.cloud show less	Hacking Exploited Host
Anonymous	2026-05-30 02:42:59 (3 weeks ago)	Unauthorized access (tcp/445/smb)	Port Scan
🇩🇪 check-the-sum.fr	2026-05-30 02:06:26 (3 weeks ago)	Port Scanning	Port Scan
🇫🇷 sthoyer.de	2026-05-28 14:18:09 (4 weeks ago)	May 28 16:18:08 sthoyer kernel: [IPTables-Block] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f ... show more May 28 16:18:08 sthoyer kernel: [IPTables-Block] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=112.134.132.175 DST=173.212.223.67 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=12342 DF PROTO=TCP SPT=62240 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 ... show less	Port Scan
Anonymous	2024-11-09 05:41:54 (1 year ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇳🇱 Study Bitcoin 🤗	2024-11-09 03:38:25 (1 year ago)	Port probe to tcp/445 (smb) [srv127]	Port Scan Hacking
🇳🇱 Study Bitcoin 🤗	2024-11-09 03:32:19 (1 year ago)	Port probe to tcp/445 (smb) [srv127]	Port Scan Hacking

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 150.107.36.236

🇮🇳 20.219.91.90

🇬🇧 195.96.139.86

🇬🇧 193.163.125.78

🇬🇧 185.247.137.108

🇬🇧 185.247.137.92

🇳🇱 176.65.139.130

🇻🇳 171.244.39.95

🇺🇸 162.216.150.127

🇭🇰 152.32.169.42

🇩🇪 139.19.117.130

🇨🇳 112.0.140.231

🇰🇷 110.14.190.217

🇺🇸 107.155.93.102

🇭🇰 103.155.122.183

🇨🇳 101.126.35.9

🇷🇺 95.24.77.134

🇫🇷 91.231.89.230

🇫🇷 91.196.152.213

🇳🇱 91.92.40.231