JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 123.252.137.14

123.252.137.14 was found in our database!

This IP was reported 88 times. Confidence of Abuse is 77%: ?

77%

ISP	Tata Teleservices Maharashtra Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS17762
Hostname(s)	static-14.137.252.123-tataidc.co.in
Domain Name	tataindicom.com
Country	🇮🇳 India
City	Mumbai, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 123.252.137.14

Whois 123.252.137.14

IP Abuse Reports for 123.252.137.14:

This IP address has been reported a total of 88 times from 40 distinct sources. 123.252.137.14 was first reported on December 23rd 2022, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-25 05:11:54 (3 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
Anonymous	2026-06-24 10:22:56 (4 days ago)	[ssd5.kdns.gr] httpd-xmlrpc-post: sites=weihnachtsbasar-athen.gr; logs=/var/log/httpd/domains/weihna ... show more [ssd5.kdns.gr] httpd-xmlrpc-post: sites=weihnachtsbasar-athen.gr; logs=/var/log/httpd/domains/weihnachtsbasar-athen.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 06:38:41 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.c ... show more (mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.co.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 02:38:34.536208 2026] [security2:error] [pid 31380:tid 31380] [client 123.252.137.14:60156] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 123.252.137.14 (+1 hits since last alert)\|evelynkay.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "evelynkay.com"] [uri "/xmlrpc.php"] [unique_id "ajop6iXQuF2n7TCRMlON4AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-06-23 03:48:44 (5 days ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS	Web App Attack
🇪🇸 gnom4ik	2026-06-20 05:39:28 (1 week ago)	ban-reviewer auto report; ip=123.252.137.14; scenario=http:exploit; scenario_context=http:exploit,fi ... show more ban-reviewer auto report; ip=123.252.137.14; scenario=http:exploit; scenario_context=http:exploit,firehol_greensnow; verdict=valid_ban; confidence=0.92; categories=21; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=ip_decision_count_high; scenario_attack_class show less	Web App Attack
🇫🇷 YF	2026-06-19 07:30:44 (1 week ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
🇦🇺 screwlooseit.com.au	2026-06-19 03:25:16 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/static-14.137.252.123-tataidc.co.in	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 09:29:18 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.c ... show more (mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.co.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 05:29:13.737010 2026] [security2:error] [pid 999:tid 999] [client 123.252.137.14:64654] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 123.252.137.14 (+1 hits since last alert)\|d-sinema.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "d-sinema.com"] [uri "/xmlrpc.php"] [unique_id "ajO6aU0R-alj0TbV2AWJAwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 08:27:19 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.c ... show more (mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.co.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 04:27:13.721116 2026] [security2:error] [pid 13149:tid 13149] [client 123.252.137.14:51045] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 123.252.137.14 (+1 hits since last alert)\|ubuciko.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ubuciko.com"] [uri "/xmlrpc.php"] [unique_id "ajOr4eWTGP2qVdEJc3LM7QAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:03:14 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.c ... show more (mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.co.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:03:07.067657 2026] [security2:error] [pid 14231:tid 14304] [client 123.252.137.14:52182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 123.252.137.14 (+1 hits since last alert)\|rawhabitat.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rawhabitat.com"] [uri "/xmlrpc.php"] [unique_id "ajOKGzrcSWLpoA4SrqiwjQAAAhE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-15 08:38:59 (1 week ago)	123.252.137.14 - - [15/Jun/2026:10:38:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by ... show more 123.252.137.14 - - [15/Jun/2026:10:38:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" 123.252.137.14 - - [15/Jun/2026:10:38:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" 123.252.137.14 - - [15/Jun/2026:10:38:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" show less	Hacking Web App Attack
🇫🇷 SpaceHost-Server	2026-06-15 08:23:29 (1 week ago)	123.252.137.14 - - [15/Jun/2026:10:23:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "WordPress.c ... show more 123.252.137.14 - - [15/Jun/2026:10:23:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "WordPress.com; https://wordpress.com" 123.252.137.14 - - [15/Jun/2026:10:23:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" 123.252.137.14 - - [15/Jun/2026:10:23:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/12.1; WordPress/6.4; http://site53206475.com" show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 05:25:22 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.c ... show more (mod_security) mod_security (id:240335) triggered by 123.252.137.14 (static-14.137.252.123-tataidc.co.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 01:25:16.191211 2026] [security2:error] [pid 19556:tid 19556] [client 123.252.137.14:64124] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 123.252.137.14 (+1 hits since last alert)\|thehealthyplaceclayton.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thehealthyplaceclayton.com"] [uri "/xmlrpc.php"] [unique_id "ai-MvJNlPzTywC-IhBLT6gAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-15 04:08:02 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-10 10:44:21 (2 weeks ago)	Attac	Brute-Force

Showing 1 to 15 of 88 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 158.181.52.16

🇪🇬 156.206.101.176

🇦🇫 149.54.33.150

🇺🇸 143.198.104.195

🇹🇷 94.154.43.36

🇪🇬 81.10.44.22

🇺🇸 38.41.141.249

🇬🇧 35.203.211.249

🇻🇳 27.79.40.210

🇺🇸 20.221.72.24

🇬🇧 193.163.125.221

🇧🇷 177.84.2.92

🇳🇱 160.119.71.133

🇱🇻 81.30.98.49

🇬🇧 74.114.29.149

🇺🇸 52.241.30.67

🇳🇱 45.148.10.151

🇬🇧 5.226.140.117

🇩🇪 216.132.188.28

🇫🇷 195.154.55.188