JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.108.229.143

103.108.229.143 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 33%: ?

33%

ISP	Host Universal Pty Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS136557
Domain Name	hostuniversal.com.au
Country	🇦🇺 Australia
City	Melbourne, Victoria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.108.229.143

Whois 103.108.229.143

IP Abuse Reports for 103.108.229.143:

This IP address has been reported a total of 30 times from 25 distinct sources. 103.108.229.143 was first reported on September 15th 2024, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Axel	2026-06-13 11:10:35 (6 days ago)	Blocked by UFW on LAXHH [60680/tcp] \| SPT: 8081 \| TTL: 51 \| LEN: 52 \| TOS: 0x00 • Reported by: githu ... show more Blocked by UFW on LAXHH [60680/tcp] \| SPT: 8081 \| TTL: 51 \| LEN: 52 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-05-28 16:50:55 (3 weeks ago)	[redacted]to 103.108.229.143 - - [28/May/2026:18:50:26 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 " ... show more [redacted]to 103.108.229.143 - - [28/May/2026:18:50:26 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted]to 103.108.229.143 - - [28/May/2026:18:50:30 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted]to 103.108.229.143 - - [28/May/2026:18:50:31 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted]to 103.108.229.143 - - [28/May/2026:18:50:33 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted]to 103.108.229.143 - - [28/May/2026:18:50:41 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows N ... show less	Hacking Web App Attack
🇳🇱 wlt-blocker	2026-05-28 16:50:47 (3 weeks ago)	Unauthorized access to webpage admin	Web App Attack
🇬🇧 Apache	2026-05-28 16:40:50 (3 weeks ago)	(mod_security) mod_security (id:210410) triggered by 103.108.229.143 (AU/Australia/-): 5 in the last ... show more (mod_security) mod_security (id:210410) triggered by 103.108.229.143 (AU/Australia/-): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇺🇸 lavnet.net	2026-05-28 16:33:40 (3 weeks ago)	103.108.229.143 - - [28/May/2026:16:33:31 +0000] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 208 ... show more 103.108.229.143 - - [28/May/2026:16:33:31 +0000] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.108.229.143 - - [28/May/2026:16:33:36 +0000] "GET /feed/ HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.108.229.143 - - [28/May/2026:16:33:36 +0000] "GET /xmlrpc.php?rsd HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.108.229.143 - - [28/May/2026:16:33:36 +0000] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.108.229.143 - - [28/May/2026:16:33:37 +0000] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 2083 "-" "Mozilla/5.0 (Windows NT 10. ... show less	Brute-Force
🇷🇺 DZBOT	2026-05-28 16:30:27 (3 weeks ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
Anonymous	2026-05-19 05:00:51 (1 month ago)	BruteForce IMAP/POP3/SMTP	Brute-Force
🇪🇸 masterguru	2026-03-21 09:48:54 (2 months ago)	BAD BOT - Detected and Blocked.. Matched phrase "mozlila" at REQUEST_HEADERS:User-Agent. (1100000-12 ... show more BAD BOT - Detected and Blocked.. Matched phrase "mozlila" at REQUEST_HEADERS:User-Agent. (1100000-122) show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-06 22:02:01 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 103.108.229.143 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.108.229.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 06 17:01:55.010031 2026] [security2:error] [pid 32468:tid 32468] [client 103.108.229.143:42127] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|wilsontribe.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "wilsontribe.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aYZk00a9PLR4y64tUaSAZQAAABY"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-05 14:40:11 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 103.108.229.143 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.108.229.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 05 09:40:06.559755 2026] [security2:error] [pid 11981:tid 11981] [client 103.108.229.143:20449] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|marinestorage.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "marinestorage.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aVvNRtHd37xQa2y0VELgdQAAABI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 jormaster3k	2025-12-25 23:38:38 (5 months ago)	Attack against Apache (too many 404s)	Web App Attack
🇳🇱 exxos	2025-09-30 23:03:01 (8 months ago)	Attacks with Bad user agents	Hacking
🇩🇪 Packets-Decreaser.NET	2025-09-19 11:48:04 (9 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇧🇪 cmbplf	2025-09-07 15:29:48 (9 months ago)	6.914 requests with url.path /xmlrpc.php 192 requests with url.path /wp-includes/wlwmanifest.xml	Brute-Force Bad Web Bot
🇳🇱 Savvii	2025-09-07 15:29:04 (9 months ago)	10 attempts against mh-misc-ban on lead	Web App Attack

Showing 1 to 15 of 30 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.110.147.58

🇩🇪 213.209.159.238

🇺🇸 172.253.1.25

🇬🇧 167.99.207.114

🇲🇦 105.158.89.94

🇨🇦 85.217.149.1

🇨🇳 61.160.242.176

🇺🇸 198.62.6.56

🇬🇧 193.163.125.238

🇧🇷 177.19.145.25

🇧🇩 103.183.62.2

🇳🇱 91.92.40.204

🇳🇱 45.148.10.183

🇩🇪 44.157.108.87

🇨🇳 42.54.23.65

🇭🇰 8.217.193.233

🇬🇧 209.35.64.68

🇺🇸 205.210.31.82

🇺🇸 193.228.131.200

🇺🇸 163.245.216.232