JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.124.165.204

103.124.165.204 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 60%: ?

60%

ISP	Keminet SHPK
Usage Type	Data Center/Web Hosting/Transit
ASN	AS197706
Domain Name	keminet.net
Country	🇦🇱 Albania
City	Tirana, Tirana

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.124.165.204

Whois 103.124.165.204

IP Abuse Reports for 103.124.165.204:

This IP address has been reported a total of 18 times from 14 distinct sources. 103.124.165.204 was first reported on January 7th 2026, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 maxxsense	2026-06-29 17:36:30 (9 hours ago)	(postfix-unknown) Failed postfix unknown login with username [redacted] from 103.124.165.204 (AL/Alb ... show more (postfix-unknown) Failed postfix unknown login with username [redacted] from 103.124.165.204 (AL/Albania/-) show less	Hacking
🇺🇸 mnsf	2026-06-27 20:05:20 (2 days ago)	Abuse Detected (8)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 20:03:26 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 103.124.165.204 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 103.124.165.204 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 16:03:20.234203 2026] [security2:error] [pid 14629:tid 14653] [client 103.124.165.204:55413] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "maletadelasheras.emehache.net"] [uri "/.env"] [unique_id "akAsiK6ARdeDsjFlm3aVWQAAAU0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 19:45:09 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 103.124.165.204 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 103.124.165.204 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 15:45:03.884129 2026] [security2:error] [pid 18363:tid 18363] [client 103.124.165.204:54364] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "carltonelyse.com"] [uri "/.env"] [unique_id "akAoP_LlI4AcG5pJVeivtAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 MatStef132	2026-06-26 11:43:30 (3 days ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-24 12:27:18 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 103.124.165.204 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.124.165.204 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 08:27:10.815872 2026] [security2:error] [pid 561:tid 561] [client 103.124.165.204:59080] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|chatari.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "chatari.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajvNHs44gLgLH457kEPYZgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2026-06-24 05:57:20 (5 days ago)	8 packets to port 465	Brute-Force
🇺🇸 TPI-Abuse	2026-06-23 21:59:11 (6 days ago)	(mod_security) mod_security (id:225170) triggered by 103.124.165.204 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.124.165.204 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 17:59:07.023850 2026] [security2:error] [pid 21206:tid 21206] [client 103.124.165.204:34880] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|infraredovens.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "infraredovens.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajsBq7zF7K5VLp-FqiKu6gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-06-22 09:27:33 (1 week ago)	postfix-non-smtp-command - IP: 103.124.165.204 - time="2026-06-22T11:27:33+02:00" level=info msg="( ... show more postfix-non-smtp-command - IP: 103.124.165.204 - time="2026-06-22T11:27:33+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/postfix-non-smtp-command by ip 103.124.165.204 (AL/197706) : 4h ban on Ip 103.124.165.204" module=db show less	Email Spam
🇩🇪 AnonDrop	2026-06-22 06:26:32 (1 week ago)	Suspicious SSH honeypot activity - Commands: w, cd /tmp, ls -a	Hacking
🇺🇸 oncord	2026-06-19 17:34:29 (1 week ago)	Form spam	Web Spam
🇫🇷 masterguru	2026-06-17 12:02:52 (1 week ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 103.124.165.204 (AL/Albania/-): 1 in the last ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 103.124.165.204 (AL/Albania/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇮🇹 VHosting	2026-06-16 16:08:08 (1 week ago)	Detected mail brute force attack from 4 different servers	Brute-Force
Anonymous	2026-04-13 16:10:56 (2 months ago)	\| Multiple SQL injection attempts from same source ip.(multiple servers)	Web App Attack Hacking SQL Injection
Anonymous	2026-01-12 14:12:18 (5 months ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.86

🇩🇪 193.124.20.252

🇺🇸 162.216.149.19

🇺🇸 146.190.151.40

🇺🇸 74.125.186.83

🇷🇺 45.91.64.6

🇨🇳 221.11.33.254

🇺🇸 205.210.31.105

🇸🇪 192.121.125.190

🇧🇷 189.114.136.231

🇺🇸 162.216.149.175

🇹🇼 111.247.38.228

🇺🇸 98.92.61.255

🇭🇷 83.131.12.83

🇭🇰 58.152.42.174

🇳🇱 45.148.10.151

🇺🇸 43.162.82.212

🇬🇧 35.203.210.13

🇫🇷 34.155.163.109

🇩🇪 34.141.95.187