JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 139.5.1.125

139.5.1.125 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 40%: ?

40%

ISP	RailTel Corporation is an Internet Service Provider.
Usage Type	Fixed Line ISP
ASN	AS24186
Domain Name	railtel.in
Country	🇮🇳 India
City	Delhi, Delhi

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 139.5.1.125

Whois 139.5.1.125

IP Abuse Reports for 139.5.1.125:

This IP address has been reported a total of 47 times from 21 distinct sources. 139.5.1.125 was first reported on December 8th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-06 04:05:49 (1 week ago)	[redacted] 139.5.1.125 - - [06/Jun/2026:06:05:06 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Wor ... show more [redacted] 139.5.1.125 - - [06/Jun/2026:06:05:06 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 139.5.1.125 - - [06/Jun/2026:06:05:16 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" [redacted] 139.5.1.125 - - [06/Jun/2026:06:05:27 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.4; http://site61575545.com" [redacted] 139.5.1.125 - - [06/Jun/2026:06:05:37 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 139.5.1.125 - - [06/Jun/2026:06:05:48 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 03:38:00 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 139.5.1.125 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 139.5.1.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 23:37:51.199894 2026] [security2:error] [pid 13602:tid 13602] [client 139.5.1.125:40055] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.5.1.125 (+1 hits since last alert)\|thingstodonude.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thingstodonude.com"] [uri "/xmlrpc.php"] [unique_id "aiOWDx3F1nrVSdDXp_xnTwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-06 03:06:10 (1 week ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-06 01:55:14 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 139.5.1.125 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 139.5.1.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 21:55:07.242976 2026] [security2:error] [pid 26341:tid 26341] [client 139.5.1.125:39990] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.5.1.125 (+1 hits since last alert)\|thehealthyplaceclayton.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thehealthyplaceclayton.com"] [uri "/xmlrpc.php"] [unique_id "aiN9-1VFevsjmwEwsoRwvgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WeekendWeb	2026-06-06 01:21:04 (1 week ago)	Wordpress Vunerability attack	Web App Attack
Anonymous	2026-06-05 11:40:42 (1 week ago)	[ns3.backorder.gr] httpd-xmlrpc-post: sites=iatrika-analosima.gr; logs=/var/log/httpd/domains/iatrik ... show more [ns3.backorder.gr] httpd-xmlrpc-post: sites=iatrika-analosima.gr; logs=/var/log/httpd/domains/iatrika-analosima.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-05 11:38:57 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/-	Web App Attack
Anonymous	2026-06-05 11:00:37 (1 week ago)	Web App Attack, Hacking	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 10:39:42 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 139.5.1.125 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 139.5.1.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 06:39:36.006514 2026] [security2:error] [pid 26827:tid 26827] [client 139.5.1.125:60365] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.5.1.125 (+1 hits since last alert)\|stlouisdave.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stlouisdave.com"] [uri "/xmlrpc.php"] [unique_id "aiKnaLRt63nOPBnaj-LPbgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-06 15:22:46 (4 months ago)	Unauthorized connection attempt on Port 2323	Port Scan Hacking Exploited Host
Anonymous	2026-01-25 04:45:12 (4 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2026-01-23 23:18:02 (4 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2026-01-15 16:19:10 (5 months ago)	Unauthorized connection attempt on Port 2323	Port Scan Hacking Exploited Host
🇺🇸 Cyber Crusader	2026-01-14 19:12:58 (5 months ago)	Hundreds of Attempts (at least) to Connect to and Access Firewall Ports	Port Scan Hacking Brute-Force
🇺🇸 xmission.com	2025-12-07 21:20:38 (6 months ago)	Blocked by UFW (TCP on 8443) Source port: 59107 TTL: 47 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 8443) Source port: 59107 TTL: 47 Packet length: 60 TOS: 0x00 This report (for 139.5.1.125) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.230

🇺🇸 205.210.31.48

🇺🇸 143.244.179.31

🇭🇰 119.8.58.228

🇺🇸 74.82.47.30

🇱🇹 45.227.254.170

🇹🇼 198.235.24.53

🇷🇴 193.32.162.83

🇷🇴 193.32.162.16

🇻🇳 160.191.87.178

🇳🇱 91.92.40.13

🇮🇹 88.149.145.190

🇨🇳 58.212.237.135

🇩🇪 8.211.37.179

🇺🇸 2600:1f10:4310:fa00:663:feac:60e8:63e1

🇵🇰 202.142.154.99

🇭🇰 199.45.155.101

🇳🇱 195.178.110.30

🇨🇳 175.24.205.175

🇮🇳 152.59.146.29