JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 139.5.1.56

139.5.1.56 was found in our database!

This IP was reported 48 times. Confidence of Abuse is 32%: ?

32%

ISP	RailTel Corporation is an Internet Service Provider.
Usage Type	Fixed Line ISP
ASN	AS24186
Domain Name	railtel.in
Country	🇮🇳 India
City	Delhi, Delhi

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 139.5.1.56

Whois 139.5.1.56

IP Abuse Reports for 139.5.1.56:

This IP address has been reported a total of 48 times from 26 distinct sources. 139.5.1.56 was first reported on December 6th 2024, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 07:23:08 (16 hours ago)	(mod_security) mod_security (id:240335) triggered by 139.5.1.56 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 139.5.1.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 03:23:03.652527 2026] [security2:error] [pid 16275:tid 16275] [client 139.5.1.56:25157] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.5.1.56 (+1 hits since last alert)\|fadcometal.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fadcometal.com"] [uri "/xmlrpc.php"] [unique_id "ajTuV31TcTk-Uo920Mlt8wAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 06:48:10 (16 hours ago)	139.5.1.56 - - [19/Jun/2026:08:47:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack/13.0; W ... show more 139.5.1.56 - - [19/Jun/2026:08:47:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack/13.0; WordPress/6.3; http://site24219293.com" 139.5.1.56 - - [19/Jun/2026:08:47:51 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/13.0; WordPress/6.3; http://site24219293.com" 139.5.1.56 - - [19/Jun/2026:08:47:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com" 139.5.1.56 - - [19/Jun/2026:08:47:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com" 139.5.1.56 - - [19/Jun/2026:08:48:09 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com" ... show less	Brute-Force Web App Attack
🇩🇪 abdubhai	2026-06-19 06:28:28 (17 hours ago)	139.5.1.56 - - [19/Jun/2026:11:2 ...	Brute-Force
🇩🇪 abdubhai	2026-06-19 06:06:57 (17 hours ago)	139.5.1.56 - - [19/Jun/2026:11:0 ...	Brute-Force
Anonymous	2026-06-19 05:45:56 (17 hours ago)	Blocked by ModSec and CSF	Port Scan
🇩🇪 SMARTNET	2026-05-27 06:03:53 (3 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 1175168a-7e6d-467e-bb9a-dd1cdfa3fb9e	DDoS Attack
🇺🇸 TPI-Abuse	2026-04-27 07:22:14 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 139.5.1.56 (ws56-1.5.139.rcil.gov.in): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 139.5.1.56 (ws56-1.5.139.rcil.gov.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 03:22:08.993643 2026] [security2:error] [pid 5506:tid 5506] [client 139.5.1.56:18298] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.5.1.56 (+1 hits since last alert)\|cubbylure.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cubbylure.com"] [uri "/xmlrpc.php"] [unique_id "ae8OoPh1S8pyoKHeyCibVwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 06:52:16 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 139.5.1.56 (ws56-1.5.139.rcil.gov.in): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 139.5.1.56 (ws56-1.5.139.rcil.gov.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 02:52:11.430575 2026] [security2:error] [pid 23331:tid 23331] [client 139.5.1.56:16703] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.5.1.56 (+1 hits since last alert)\|nightknightalarms.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nightknightalarms.com"] [uri "/xmlrpc.php"] [unique_id "ae8Hm2k9FYqb6SyN0eWPqAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 05:51:02 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 139.5.1.56 (ws56-1.5.139.rcil.gov.in): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 139.5.1.56 (ws56-1.5.139.rcil.gov.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 01:50:55.531674 2026] [security2:error] [pid 24748:tid 24748] [client 139.5.1.56:24991] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.5.1.56 (+1 hits since last alert)\|d365geek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "d365geek.com"] [uri "/xmlrpc.php"] [unique_id "ae75P8w4SZOVHDrT27DB6wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-10 07:37:15 (4 months ago)	Unauthorized connection attempt on Port 2323	Port Scan Hacking Exploited Host
Anonymous	2026-02-08 22:45:16 (4 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2026-01-28 18:52:06 (4 months ago)	Unauthorized connection attempt on Port 2323	Port Scan Hacking Exploited Host
🇺🇸 xmission.com	2026-01-05 23:34:00 (5 months ago)	Blocked by UFW (TCP on 52869) Source port: 15170 TTL: 48 Packet length: 60 TOS: 0x00 This report (f ... show more Blocked by UFW (TCP on 52869) Source port: 15170 TTL: 48 Packet length: 60 TOS: 0x00 This report (for 139.5.1.56) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 Admins@FBN	2026-01-03 21:08:01 (5 months ago)	FW-PortScan: Traffic Blocked srcport=15344 dstport=80	Port Scan
🇺🇸 gu-alvareza	2025-09-19 07:05:09 (9 months ago)	Multiple.Routers.GPON.formLogin.Remote.Command.Injection	SQL Injection Web App Attack

Showing 1 to 15 of 48 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.134

🇨🇳 120.48.124.176

🇳🇱 91.92.40.12

🇵🇱 57.128.247.50

🇺🇸 43.153.13.30

🇺🇸 159.203.116.195

🇫🇷 91.231.89.145

🇺🇸 70.32.86.195

🇳🇱 45.148.10.157

🇺🇸 165.245.167.227

🇫🇮 147.185.133.178

🇺🇸 136.144.35.96

🇨🇳 111.37.64.209

🇨🇳 203.2.164.205

🇵🇾 190.104.178.82

🇨🇳 115.191.9.205

🇨🇳 110.52.5.162

🇸🇬 103.187.147.214

🇺🇸 45.156.129.81

🇬🇧 35.203.211.80