JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 125.18.144.2

125.18.144.2 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 44%: ?

44%

ISP	Bharti Televentures Limited A/c ABTS MP
Usage Type	Fixed Line ISP
ASN	AS9498
Domain Name	airtel.in
Country	🇮🇳 India
City	Garhi Harsaru, Haryana

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 125.18.144.2

Whois 125.18.144.2

IP Abuse Reports for 125.18.144.2:

This IP address has been reported a total of 27 times from 13 distinct sources. 125.18.144.2 was first reported on March 17th 2026, and the most recent report was 18 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-23 11:42:21 (18 hours ago)	(mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 07:42:13.680051 2026] [security2:error] [pid 14770:tid 14770] [client 125.18.144.2:52862] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.18.144.2 (+1 hits since last alert)\|dragonflytunes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dragonflytunes.com"] [uri "/xmlrpc.php"] [unique_id "ajpxFe9eykGNO_SrJVmNyAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 09:57:40 (20 hours ago)	(mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 05:57:34.581448 2026] [security2:error] [pid 16956:tid 17025] [client 125.18.144.2:28056] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.18.144.2 (+1 hits since last alert)\|amazinglips.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "amazinglips.com"] [uri "/xmlrpc.php"] [unique_id "ajpYjtHAfXmceiNIE67B5QAAAIk"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-23 09:50:42 (20 hours ago)	Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/-	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 09:00:14 (21 hours ago)	(mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 05:00:09.590234 2026] [security2:error] [pid 13534:tid 13534] [client 125.18.144.2:14885] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.18.144.2 (+1 hits since last alert)\|versallis.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "versallis.com"] [uri "/xmlrpc.php"] [unique_id "ajpLGcyucSOvmM04XYucLAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 07:08:38 (23 hours ago)	(mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 03:08:32.500345 2026] [security2:error] [pid 29907:tid 29907] [client 125.18.144.2:38626] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.18.144.2 (+1 hits since last alert)\|tell-me-first.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tell-me-first.com"] [uri "/xmlrpc.php"] [unique_id "ajow8JysCPaK8rzl4jgCBwAAAFo"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-06-23 06:40:58 (23 hours ago)	(xmlrpc) Failed xmlrpc access from 125.18.144.2 (IN/India/-): 5 in the last 3600 secs (0-122)	Hacking
🇺🇸 TPI-Abuse	2026-06-23 05:24:39 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 01:24:25.137083 2026] [security2:error] [pid 2936:tid 2936] [client 125.18.144.2:33157] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.18.144.2 (+1 hits since last alert)\|mccompu.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mccompu.com"] [uri "/xmlrpc.php"] [unique_id "ajoYiROrLHXXBqkiHXMxKAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 11:54:08 (1 week ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 10:53:35 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 06:53:24.192632 2026] [security2:error] [pid 26609:tid 26609] [client 125.18.144.2:61049] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.18.144.2 (+1 hits since last alert)\|lspfest.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lspfest.com"] [uri "/xmlrpc.php"] [unique_id "ailCJNf4lMNMa8--29-KigAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 applemooz	2026-06-10 10:16:26 (1 week ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 09:25:35 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 05:25:29.806649 2026] [security2:error] [pid 26796:tid 26796] [client 125.18.144.2:30822] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.18.144.2 (+1 hits since last alert)\|cmcnow.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cmcnow.com"] [uri "/xmlrpc.php"] [unique_id "aiktiTDziTk2t6sElxHtJgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 08:48:27 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 04:48:17.865970 2026] [security2:error] [pid 27820:tid 27820] [client 125.18.144.2:46194] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.18.144.2 (+1 hits since last alert)\|stlouisdave.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stlouisdave.com"] [uri "/xmlrpc.php"] [unique_id "aikk0cnGmO3uEonQMjRXRQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 06:06:04 (2 weeks ago)	Trying to access config files	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 05:04:38 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 125.18.144.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 01:04:28.871671 2026] [security2:error] [pid 2211:tid 2211] [client 125.18.144.2:31978] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.18.144.2 (+1 hits since last alert)\|rajabarber.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rajabarber.com"] [uri "/xmlrpc.php"] [unique_id "aijwXNXKXe7yGpdfzRyDRQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 n2nguyenn2nguyen	2026-06-09 13:28:38 (2 weeks ago)	Blocked by YFC Security on https://brixzly.com — type: xmlrpc_attempts	Brute-Force Web App Attack

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2001:470:1:332::63

🇧🇷 205.210.31.250

🇧🇷 205.210.31.166

🇺🇸 195.184.76.177

🇳🇱 185.224.128.16

🇻🇳 180.93.0.54

🇺🇸 162.216.150.157

🇺🇸 152.32.234.184

🇨🇳 123.160.234.37

🇮🇳 103.188.127.74

🇲🇾 103.20.241.199

🇮🇷 46.100.10.56

🇳🇱 45.156.128.88

🇺🇸 3.142.170.60

🇰🇷 218.144.90.41

🇹🇼 198.235.24.98

🇸🇬 185.200.116.42

🇯🇵 160.251.140.254

🇺🇸 152.32.206.51

🇦🇪 152.32.180.86