JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 117.235.16.40

117.235.16.40 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 36%: ?

36%

ISP	NIB (National Internet Backbone)
Usage Type	Mobile ISP
ASN	AS9829
Domain Name	bsnl.co.in
Country	🇮🇳 India
City	Kaithal, Haryana

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 117.235.16.40

Whois 117.235.16.40

IP Abuse Reports for 117.235.16.40:

This IP address has been reported a total of 10 times from 8 distinct sources. 117.235.16.40 was first reported on March 26th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tecnicorioja	2026-06-17 22:00:14 (2 days ago)	POST /xmlrpc.php [17/Jun/2026:14:36:36	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 12:10:58 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 117.235.16.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 117.235.16.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 08:10:45.140326 2026] [security2:error] [pid 1941:tid 1941] [client 117.235.16.40:34625] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 117.235.16.40 (+1 hits since last alert)\|azcrittergetter.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "azcrittergetter.com"] [uri "/xmlrpc.php"] [unique_id "ajKOxelRG7NDfvvYVfvlrwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 11:04:17 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 117.235.16.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 117.235.16.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 07:04:05.025274 2026] [security2:error] [pid 6521:tid 6521] [client 117.235.16.40:37316] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 117.235.16.40 (+1 hits since last alert)\|stellabluesales.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stellabluesales.com"] [uri "/xmlrpc.php"] [unique_id "ajJ_JbEBrW4sOQ1LeJxGdwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-17 10:00:11 (3 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/-	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 09:03:55 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 117.235.16.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 117.235.16.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 05:03:42.764982 2026] [security2:error] [pid 20010:tid 20010] [client 117.235.16.40:12865] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 117.235.16.40 (+1 hits since last alert)\|medusakenya.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "medusakenya.com"] [uri "/xmlrpc.php"] [unique_id "ajJi7nw65-Oh5DO95hqEPgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Dolphi	2026-06-17 08:20:05 (3 days ago)	Excessive POST /xmlrpc.php requests	Brute-Force Web App Attack
Anonymous	2026-06-17 05:04:43 (3 days ago)	[ssd5.kdns.gr] httpd-xmlrpc-post: sites=inoxal.gr; logs=/var/log/httpd/domains/inoxal.gr.log; sample ... show more [ssd5.kdns.gr] httpd-xmlrpc-post: sites=inoxal.gr; logs=/var/log/httpd/domains/inoxal.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇭🇰 webnestify	2025-05-21 17:11:06 (1 year ago)	[Webnestify Honeypot - China] Unauthorized connection attempt on port 23.	Port Scan Hacking Brute-Force
🇨🇳 ThreatBook.io	2025-03-27 01:12:51 (1 year ago)	ThreatBook Intelligence: Dynamic IP more details on http://threatbook.io/ip/117.235.16.40	SSH
🇫🇷 security.rdmc.fr	2025-03-26 03:52:30 (1 year ago)	Port Scan Attack proto:TCP src:60528 dst:23	Port Scan

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 118.193.69.67

🇸🇬 47.236.182.71

🇺🇸 142.93.48.137

🇧🇷 129.121.54.208

🇨🇳 111.228.57.33

🇺🇸 3.238.252.109

🇨🇿 2a02:598:96:8a00::b00:1e1

🇺🇸 198.62.7.118

🇳🇱 94.102.49.193

🇵🇹 87.103.126.54

🇮🇳 27.59.94.91

🇬🇧 194.50.235.146

🇳🇱 172.94.9.55

🇵🇰 103.18.14.197

🇮🇳 92.4.76.12

🇳🇱 91.92.40.11

🇮🇹 79.40.60.117

🇩🇪 69.5.169.16

🇳🇱 45.148.10.240

🇨🇳 36.135.93.37