JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 113.199.242.172

113.199.242.172 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 44%: ?

44%

ISP	Nepal Telecommunications Corporation
Usage Type	Fixed Line ISP
ASN	AS23752
Domain Name	ntc.net.np
Country	🇳🇵 Nepal
City	Bharatpur, Bagmati Province

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 113.199.242.172

Whois 113.199.242.172

IP Abuse Reports for 113.199.242.172:

This IP address has been reported a total of 17 times from 9 distinct sources. 113.199.242.172 was first reported on August 23rd 2021, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 YF	2026-06-24 09:00:32 (1 day ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
🇩🇪 4server	2026-06-24 07:26:38 (1 day ago)	[WedJun2409:26:33.5600532026][security2:error][pid3880602:tid3880657][client113.199.242.172:0]ModSec ... show more [WedJun2409:26:33.5600532026][security2:error][pid3880602:tid3880657][client113.199.242.172:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"ecosuber.com\"][uri\"/xmlrpc.php\"][unique_id\"ajuGqasHzta1eT7iu07EPQAAAMI\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 06:49:05 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 113.199.242.172 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 113.199.242.172 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 02:48:59.450462 2026] [security2:error] [pid 22099:tid 22099] [client 113.199.242.172:58118] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 113.199.242.172 (+1 hits since last alert)\|incrp.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "incrp.org"] [uri "/xmlrpc.php"] [unique_id "ajt92zGiL696dir7fq3C7wAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 04:48:48 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 113.199.242.172 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 113.199.242.172 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 00:48:40.684879 2026] [security2:error] [pid 13510:tid 13510] [client 113.199.242.172:55569] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 113.199.242.172 (+1 hits since last alert)\|caymancline.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caymancline.com"] [uri "/xmlrpc.php"] [unique_id "ajthqEExnVbNWjtT1ddDZAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-06-24 04:13:34 (1 day ago)	(wordpress) Failed wordpress login from 113.199.242.172 (NP/Nepal/-)	Brute-Force
🇺🇸 cwytech	2026-06-24 04:12:12 (1 day ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wp-us-login-only-high.	Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-23 23:07:59 (1 day ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇩🇪 Holger	2026-05-05 21:35:57 (1 month ago)	WordPress WebAttack	Brute-Force Web App Attack
🇩🇪 Holger	2026-05-03 05:36:45 (1 month ago)	WordPress WebAttack	Brute-Force Web App Attack
🇩🇪 Holger	2026-04-30 10:34:02 (1 month ago)	WordPress WebAttack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-09-03 21:14:21 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 113.199.242.172 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 113.199.242.172 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 03 17:14:09.162663 2025] [security2:error] [pid 7106:tid 7106] [client 113.199.242.172:47714] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|accordionstars.com\|F\|2"] [data ".accordionfactory.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "accordionstars.com"] [uri "/www.accordionfactory.com"] [unique_id "aLivoWeW_ytC8BZ3uFfTpgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 exxos	2025-08-01 02:45:40 (10 months ago)	HTTP1.x attacks	DDoS Attack
🇳🇱 exxos	2025-07-31 01:55:25 (10 months ago)	HTTP1.x attacks	DDoS Attack
🇳🇱 exxos	2025-07-30 03:05:41 (10 months ago)	HTTP1.x attacks	DDoS Attack
🇳🇱 exxos	2025-07-27 21:26:16 (10 months ago)	HTTP1.x attacks	DDoS Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 183.150.183.50

🇯🇵 216.246.48.200

🇳🇱 176.65.139.43

🇺🇸 172.236.123.208

🇺🇸 144.225.187.181

🇷🇴 80.94.92.234

🇸🇬 43.173.180.127

🇷🇴 2.57.121.112

🇫🇷 213.136.73.97

🇰🇷 175.196.101.162

🇨🇳 171.119.242.151

🇵🇰 153.117.13.44

🇵🇱 151.115.48.199

🇮🇳 117.236.124.166

🇺🇸 107.161.120.4

🇯🇵 103.163.220.138

🇨🇳 101.68.5.180

🇱🇻 81.30.98.49

🇳🇱 195.178.110.227

🇮🇳 61.2.51.4