JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.107.198.252

103.107.198.252 was found in our database!

This IP was reported 50 times. Confidence of Abuse is 12%: ?

12%

ISP	GSL Networks Pty LTD - Singapore
Usage Type	Data Center/Web Hosting/Transit
ASN	AS137409
Domain Name	globalsecurelayer.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.107.198.252

Whois 103.107.198.252

IP Abuse Reports for 103.107.198.252:

This IP address has been reported a total of 50 times from 36 distinct sources. 103.107.198.252 was first reported on October 3rd 2024, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-06-12 10:14:40 (6 hours ago)	Attempted access to sensitive endpoint (/login) detected. Automated scan or unauthorized probing.	Web App Attack
🇺🇸 AfterShock	2026-05-25 14:55:00 (2 weeks ago)	Repeated web app exploit attempts	Brute-Force Web App Attack
🇱🇻 garmtech.com	2026-05-24 13:12:01 (2 weeks ago)	Attempted access to sensitive endpoint (/login) detected. Automated scan or unauthorized probing.	Web App Attack
🇦🇺 oncord	2026-01-25 12:10:32 (4 months ago)	Form spam	Web Spam
🇺🇸 octageeks.com	2025-09-06 04:07:10 (9 months ago)	Wordpress malicious attack:[octa404]	Web App Attack
🇺🇸 TPI-Abuse	2025-09-05 17:28:36 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 103.107.198.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 103.107.198.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 05 13:28:29.157922 2025] [security2:error] [pid 17323:tid 17323] [client 103.107.198.252:65087] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|med-engineering.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "med-engineering.com"] [uri "/configuration.php.bak"] [unique_id "aLsdvaFYeU63YVliBZEGsAAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2025-09-05 16:15:53 (9 months ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇪🇸 masterguru	2025-09-05 16:04:26 (9 months ago)	. Matched phrase "wp-config.php" at REQUEST_URI. (210492-178)	Web App Attack
🇫🇷 ingroscart.it	2025-09-05 16:03:56 (9 months ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 103.107.198.252 (SG/Sing ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 103.107.198.252 (SG/Singapore/-) show less	Port Scan
🇺🇸 TPI-Abuse	2025-09-05 14:49:27 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 103.107.198.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 103.107.198.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 05 10:49:20.611443 2025] [security2:error] [pid 30926:tid 30926] [client 103.107.198.252:41977] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cosplayculture.com"] [uri "/wp-config.php"] [unique_id "aLr4cKkTmV4c-eoZnsszawAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Apache	2025-09-05 14:36:29 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 103.107.198.252 (SG/Singapore/-): 5 in the last ... show more (mod_security) mod_security (id:210492) triggered by 103.107.198.252 (SG/Singapore/-): 5 in the last 300 secs show less	Brute-Force Web App Attack
🇩🇪 Ba-Yu	2025-09-05 14:24:29 (9 months ago)	WordPress hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-09-05 14:02:12 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 103.107.198.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 103.107.198.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 05 10:02:05.042185 2025] [security2:error] [pid 3466:tid 3466] [client 103.107.198.252:18287] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mathewsdental.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mathewsdental.com"] [uri "/configuration.php.bak"] [unique_id "aLrtXZyQHL_8blJDP0rqIwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-05 13:41:08 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 103.107.198.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 103.107.198.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 05 09:41:03.273520 2025] [security2:error] [pid 2687136:tid 2687161] [client 103.107.198.252:24337] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.amphoracollectors.org"] [uri "/wp-config.php"] [unique_id "aLrob25eCKRPuFcHUQTIpAAAAJY"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 blik2108	2025-09-05 13:37:48 (9 months ago)	103.107.198.252 - - [05/Sep/2025:14:37:45 +0100] "GET /configuration.php.bak HTTP/1.1" 404 1460 "-" ... show more 103.107.198.252 - - [05/Sep/2025:14:37:45 +0100] "GET /configuration.php.bak HTTP/1.1" 404 1460 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" 103.107.198.252 - - [05/Sep/2025:14:37:46 +0100] "GET /configuration.php.save HTTP/1.1" 404 1460 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" 103.107.198.252 - - [05/Sep/2025:14:37:46 +0100] "GET /configuration.php.old HTTP/1.1" 404 1460 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" 103.107.198.252 - - [05/Sep/2025:14:37:47 +0100] "GET /configuration.php~ HTTP/1.1" 404 1460 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" 103.107.198.252 - - [05/Sep/2025:14:37:48 +0100] "GET /configuration.php.swp HTTP/1.1" 404 1460 "-" "Mozilla/5.0 (Windows NT 10.0; Win ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 50 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 193.33.236.122

🇺🇸 191.102.187.131

🇺🇸 191.102.187.90

🇺🇸 186.244.214.71

🇧🇷 168.197.10.13

🇺🇸 54.189.12.175

🇸🇬 45.78.198.199

🇳🇱 40.113.96.224

🇻🇳 14.163.170.157

🇺🇸 191.102.179.168

🇺🇸 191.102.179.148

🇺🇸 191.102.179.50

🇳🇱 185.242.226.73

🇻🇳 171.251.236.233

🇮🇳 128.185.219.54

🇺🇸 54.149.186.213

🇺🇸 35.90.139.22

🇺🇸 34.221.251.104

🇷🇺 217.12.40.182

🇮🇩 203.175.125.130