JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.56.51.94

120.56.51.94 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 30%: ?

30%

ISP	Mahanagar Telephone Nigam Limited
Usage Type	Fixed Line ISP
ASN	AS9829
Domain Name	mtnl.net.in
Country	🇮🇳 India
City	Tiruchirappalli, Tamil Nadu

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.56.51.94

Whois 120.56.51.94

IP Abuse Reports for 120.56.51.94:

This IP address has been reported a total of 7 times from 4 distinct sources. 120.56.51.94 was first reported on June 18th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 12:32:44 (1 hour ago)	(mod_security) mod_security (id:240335) triggered by 120.56.51.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 120.56.51.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 08:32:40.368503 2026] [security2:error] [pid 26852:tid 26852] [client 120.56.51.94:58698] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 120.56.51.94 (+1 hits since last alert)\|boaredraven.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "boaredraven.com"] [uri "/xmlrpc.php"] [unique_id "ajPlaMNehrDGTQ_In1WzVwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 11:00:34 (2 hours ago)	(mod_security) mod_security (id:240335) triggered by 120.56.51.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 120.56.51.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 07:00:30.730568 2026] [security2:error] [pid 14710:tid 14710] [client 120.56.51.94:63159] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 120.56.51.94 (+1 hits since last alert)\|caralis.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caralis.com"] [uri "/xmlrpc.php"] [unique_id "ajPPzhhM0AZaNGvu_IdUawAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-18 10:58:28 (2 hours ago)	Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/-	Web App Attack
🇺🇸 integrantservices.com	2026-06-18 09:56:39 (4 hours ago)	(wordpress) Failed wordpress login from 120.56.51.94 (IN/India/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-18 08:25:10 (5 hours ago)	(mod_security) mod_security (id:240335) triggered by 120.56.51.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 120.56.51.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 04:25:02.063521 2026] [security2:error] [pid 24699:tid 24699] [client 120.56.51.94:51875] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 120.56.51.94 (+1 hits since last alert)\|sizefinder.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sizefinder.com"] [uri "/xmlrpc.php"] [unique_id "ajOrXu2Hm2r3xXka4Mi5HQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:55:24 (7 hours ago)	(mod_security) mod_security (id:240335) triggered by 120.56.51.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 120.56.51.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:55:19.598474 2026] [security2:error] [pid 12101:tid 12101] [client 120.56.51.94:64539] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 120.56.51.94 (+1 hits since last alert)\|georgesmarina.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "georgesmarina.com"] [uri "/xmlrpc.php"] [unique_id "ajOWV0j9UqWCwVr9E6NT5QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 05:55:32 (8 hours ago)	[server.tmg.gr] httpd-xmlrpc-post: sites=crisis-management2021.eu; logs=/var/log/httpd/domains/crisi ... show more [server.tmg.gr] httpd-xmlrpc-post: sites=crisis-management2021.eu; logs=/var/log/httpd/domains/crisis-management2021.eu.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.227

🇷🇺 213.180.203.5

🇨🇳 125.124.149.14

🇪🇹 196.189.182.233

🇳🇿 121.73.163.8

🇺🇸 103.203.57.2

🇫🇷 91.231.89.235

🇩🇪 69.5.169.193

🇺🇸 65.49.1.123

🇺🇸 64.95.9.87

🇳🇱 45.148.10.157

🇨🇳 42.54.239.113

🇺🇸 20.38.5.218

🇭🇰 223.197.145.126

🇨🇳 218.78.132.164

🇨🇴 181.51.32.133

🇹🇷 88.230.121.45

🇨🇭 83.78.17.114

🇱🇹 81.30.98.62

🇰🇷 59.14.191.120