JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 203.115.70.20

203.115.70.20 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 33%: ?

33%

ISP	LYTUS BROADBAND PRIVATE LIMITED
Usage Type	Fixed Line ISP
ASN	AS139560
Domain Name	patelinternet.in
Country	🇮🇳 India
City	Mumbai, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 203.115.70.20

Whois 203.115.70.20

IP Abuse Reports for 203.115.70.20:

This IP address has been reported a total of 7 times from 5 distinct sources. 203.115.70.20 was first reported on May 16th 2026, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-26 05:18:10 (14 hours ago)	(mod_security) mod_security (id:240335) triggered by 203.115.70.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 203.115.70.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 01:17:54.241262 2026] [security2:error] [pid 13393:tid 13393] [client 203.115.70.20:60224] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 203.115.70.20 (+1 hits since last alert)\|gasoilliquidsdaily.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gasoilliquidsdaily.com"] [uri "/xmlrpc.php"] [unique_id "aj4LggotwmcwsJt6mMBAawAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-26 05:15:10 (14 hours ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
Anonymous	2026-06-26 04:21:43 (15 hours ago)	203.115.70.20 - - [26/Jun/2026:06:21:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.1 ... show more 203.115.70.20 - - [26/Jun/2026:06:21:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.1; WordPress/6.1; http://site12859859.com" 203.115.70.20 - - [26/Jun/2026:06:21:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/12.1; WordPress/6.1; http://site12859859.com" 203.115.70.20 - - [26/Jun/2026:06:21:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 203.115.70.20 - - [26/Jun/2026:06:21:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com" 203.115.70.20 - - [26/Jun/2026:06:21:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 04:07:20 (15 hours ago)	(mod_security) mod_security (id:240335) triggered by 203.115.70.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 203.115.70.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 00:07:02.504131 2026] [security2:error] [pid 13032:tid 13032] [client 203.115.70.20:33106] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 203.115.70.20 (+1 hits since last alert)\|rwabutazafoundation.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rwabutazafoundation.org"] [uri "/xmlrpc.php"] [unique_id "aj365sKORRSeRSwyb3s2YQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 08:00:26 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 203.115.70.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 203.115.70.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 04:00:13.354471 2026] [security2:error] [pid 27130:tid 27130] [client 203.115.70.20:57646] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 203.115.70.20 (+1 hits since last alert)\|daisydoesoap.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "daisydoesoap.com"] [uri "/xmlrpc.php"] [unique_id "ajzgDf8AnIbQjvhcOsaI7QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-25 07:57:30 (1 day ago)	WordPress Brute Force	Brute-Force
Anonymous	2026-05-16 16:12:21 (1 month ago)	Unauthorized connection attempt on Port 2323	Port Scan Hacking Exploited Host

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 222.185.255.227

🇨🇳 218.92.251.198

🇲🇽 201.151.221.46

🇬🇧 188.240.59.59

🇧🇴 181.188.176.242

🇨🇳 171.106.66.130

🇺🇸 162.216.149.184

🇺🇸 67.207.93.64

🇮🇶 65.20.250.93

🇺🇸 52.180.159.71

🇬🇧 206.189.29.55

🇳🇱 104.28.217.137

🇮🇶 62.201.243.205

🇳🇱 51.158.205.203

🇺🇸 47.254.71.131

🇫🇮 2a01:4f9:c013:9003::1

🇻🇳 171.244.48.137

🇨🇱 143.255.104.21

🇺🇸 104.243.38.174

🇳🇱 104.23.170.20