JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 202.46.68.252

202.46.68.252 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 28%: ?

28%

ISP	PT Indonesia Comnets Plus
Usage Type	Fixed Line ISP
ASN	AS9341
Domain Name	iconpln.net.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 202.46.68.252

Whois 202.46.68.252

IP Abuse Reports for 202.46.68.252:

This IP address has been reported a total of 28 times from 22 distinct sources. 202.46.68.252 was first reported on August 8th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-06-18 15:10:08 (2 days ago)	[Thu Jun 18 22:10:07.776143 2026] [security2:error] [pid 549798:tid 140711222568640] [client 202.46. ... show more [Thu Jun 18 22:10:07.776143 2026] [security2:error] [pid 549798:tid 140711222568640] [client 202.46.68.252:57533] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bing.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bing.go.id found within REQUEST_HEADERS:Referer: https://www.bing.go.id/ request_line = GET /index.php/informasi-iklim/infografis-iklim/infografis-klimat-story/555561495-infografis-waspada-cuaca-ekstrem-di-masa-pancaroba HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/informasi-iklim/infografis-iklim/infografis-klimat-story/555561495-infografis-waspada-cuaca-ekstrem-di-masa-pancaroba"] [unique_id "ajQKT1AYKgEwnfNMN9yqYAABQQA"], referer https://www.bing.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[549799] [WxVUkkhD+/M] [ajQKT1AYKgEwnfNMN9yqYAABQQA] ... show less	Email Spam Hacking
🇮🇩 sockominfo	2026-06-16 09:00:57 (5 days ago)	User login to application from malicious IP 202.46.68.252.. Threat Score: 3.6/10 (LOW). Confidence: ... show more User login to application from malicious IP 202.46.68.252.. Threat Score: 3.6/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Moderate. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-16 08:00:59 (5 days ago)	User login to application from malicious IP 202.46.68.252.. Threat Score: 3.7/10 (LOW). Confidence: ... show more User login to application from malicious IP 202.46.68.252.. Threat Score: 3.7/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-16 07:00:53 (5 days ago)	User login to application from malicious IP 202.46.68.252.. Threat Score: 3.8/10 (LOW). Confidence: ... show more User login to application from malicious IP 202.46.68.252.. Threat Score: 3.8/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-16 06:00:09 (5 days ago)	User login to application from malicious IP 202.46.68.252.. Threat Score: 0/10 (INFORMATIONAL). Repo ... show more User login to application from malicious IP 202.46.68.252.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-09 07:00:52 (1 week ago)	User login to application from malicious IP 202.46.68.252.. Threat Score: 3.8/10 (LOW). Confidence: ... show more User login to application from malicious IP 202.46.68.252.. Threat Score: 3.8/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 37%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-09 06:00:08 (1 week ago)	User login to application from malicious IP 202.46.68.252.. Threat Score: 0/10 (INFORMATIONAL). Repo ... show more User login to application from malicious IP 202.46.68.252.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
Anonymous	2026-05-17 06:49:22 (1 month ago)	[redacted] 202.46.68.252 - - [17/May/2026:08:48:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ... show more [redacted] 202.46.68.252 - - [17/May/2026:08:48:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 202.46.68.252 - - [17/May/2026:08:48:48 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.2; http://site23171946.com" [redacted] 202.46.68.252 - - [17/May/2026:08:48:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 202.46.68.252 - - [17/May/2026:08:49:09 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)" [redacted] 202.46.68.252 - - [17/May/2026:08:49:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.4; http://site87668976.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 06:39:59 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 202.46.68.252 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 202.46.68.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 02:39:52.930219 2026] [security2:error] [pid 27569:tid 27569] [client 202.46.68.252:54316] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 202.46.68.252 (+1 hits since last alert)\|tonydelov.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tonydelov.com"] [uri "/xmlrpc.php"] [unique_id "agliuMuo7quZYANoPbw4hQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-05-17 06:36:34 (1 month ago)	Blocked by CSF 13 firewall - Rule: XMLRPC ID/Indonesia/-	Web App Attack
🇫🇷 Sklurk	2026-05-15 13:26:42 (1 month ago)	Web App Attack	Web App Attack
🇺🇸 matt	2026-03-03 23:44:24 (3 months ago)	DDOS attack with query parameters attempting to overload WordPress site.	DDoS Attack
🇺🇸 technash	2026-02-23 16:27:00 (3 months ago)	Failed credential stuffing attacks against MSFT accounts detected [Azure Sentinel].	Web App Attack Hacking
🇧🇾 lns.bz	2026-01-26 21:01:13 (4 months ago)	Banned for trying to access xmlrpc [BY]	Web App Attack
Anonymous	2026-01-26 10:29:18 (4 months ago)	"POST /xmlrpc.php HTTP/1.1"	Hacking Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 2001:41d0:303:5883::1

🇧🇷 187.120.104.192

🇺🇸 174.35.25.177

🇦🇫 149.54.62.62

🇳🇱 85.11.167.7

🇬🇧 35.203.210.214

🇦🇺 220.235.225.112

🇳🇱 176.65.149.111

🇺🇸 162.216.149.30

🇮🇳 157.35.3.95

🇫🇮 138.124.5.60

🇷🇴 80.94.92.130

🇺🇸 66.132.186.142

🇺🇸 65.49.1.19

🇫🇷 51.75.247.232

🇺🇸 45.92.229.72

🇯🇵 8.216.9.85

🇺🇸 2607:f8b0:400e:c07::123

🇨🇳 180.76.184.79

🇧🇷 137.131.248.20