JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 112.196.79.138

112.196.79.138 was found in our database!

This IP was reported 73 times. Confidence of Abuse is 62%: ?

62%

ISP	Chandigarh
Usage Type	Fixed Line ISP
ASN	AS17917
Domain Name	infotelconnect.com
Country	🇮🇳 India
City	Ludhiana, Punjab

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 112.196.79.138

Whois 112.196.79.138

IP Abuse Reports for 112.196.79.138:

This IP address has been reported a total of 73 times from 34 distinct sources. 112.196.79.138 was first reported on November 11th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-11 09:30:13 (1 day ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 Viveronese	2026-06-11 09:06:56 (1 day ago)	HTTP vulnerability scanning	Web App Attack
Anonymous	2026-06-10 07:06:59 (2 days ago)	[redacted] 112.196.79.138 - - [10/Jun/2026:09:06:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" " ... show more [redacted] 112.196.79.138 - - [10/Jun/2026:09:06:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/73.0.0.0 Safari/537.36" [redacted] 112.196.79.138 - - [10/Jun/2026:09:06:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" [redacted] 112.196.79.138 - - [10/Jun/2026:09:06:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/97.0.0.0 Safari/537.36" [redacted] 112.196.79.138 - - [10/Jun/2026:09:06:31 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/75.0.0.0 Safari/537.36" [redacted] 112.196.79.138 - - [10/Jun/2026:09:06:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KH ... show less	Hacking Web App Attack
🇨🇭 4server	2026-06-09 11:19:06 (3 days ago)	[TueJun0913:19:00.3873262026][security2:error][pid784186:tid784714][client112.196.79.138:0]ModSecuri ... show more [TueJun0913:19:00.3873262026][security2:error][pid784186:tid784714][client112.196.79.138:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"distributori-automatici-ticino.ch\"][uri\"/xmlrpc.php\"][unique_id\"aif2pBUZt7Cwc0UWULbNDQAAAIE\"] show less	Hacking Web App Attack
🇩🇪 stinpriza	2026-06-08 11:23:49 (4 days ago)	Web App Attack	Web App Attack
🇩🇪 big-cloud.nl	2026-06-02 05:04:23 (1 week ago)	Try to access /xmlrpc.php	Web App Attack
🇩🇪 big-cloud.nl	2026-05-29 10:38:02 (2 weeks ago)	Try to access /de-ideale-stookmix//xmlrpc.php	Web App Attack
🇳🇱 BlueWire Hosting	2026-05-26 07:18:37 (2 weeks ago)	Wordpress brute force attempt	Brute-Force Web App Attack
🇬🇧 consul.to	2026-05-25 07:14:05 (2 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 WeekendWeb	2026-05-15 09:36:39 (4 weeks ago)	Wordpress Vunerability attack	Web App Attack
🇺🇸 WellSpring	2026-05-14 04:45:56 (4 weeks ago)	xmlrpc exploit on 720.today/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 04:39:14 (4 weeks ago)	(mod_security) mod_security (id:225170) triggered by 112.196.79.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 112.196.79.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 00:39:10.933050 2026] [security2:error] [pid 7327:tid 7327] [client 112.196.79.138:63594] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|36sovereignchambers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "36sovereignchambers.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agQAbnvu8kazaOfEhyNW-AAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-05-12 06:15:16 (1 month ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-05-12 06:04:49 (1 month ago)	Unauthorized access to webpage admin	Web App Attack
🇳🇿 Tripwire	2026-05-11 08:53:04 (1 month ago)	Probing for Wordpress - /xmlrpc.php	Brute-Force Web App Attack

Showing 1 to 15 of 73 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.253.9.49

🇺🇸 208.84.100.38

🇺🇸 204.88.187.11

🇺🇸 172.233.178.66

🇺🇸 128.14.75.55

🇨🇳 111.174.130.223

🇺🇸 103.203.57.2

🇨🇿 93.99.104.194

🇧🇬 91.92.40.124

🇱🇹 81.30.98.44

🇵🇦 190.32.246.14

🇳🇱 185.136.15.11

🇩🇪 157.230.126.27

🇺🇸 143.198.134.9

🇨🇳 123.13.41.128

🇸🇬 119.8.182.233

🇮🇳 103.58.152.144

🇧🇬 91.92.40.200

🇧🇬 91.92.40.176

🇺🇸 72.10.32.138