JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.125.146.30

103.125.146.30 was found in our database!

This IP was reported 167 times. Confidence of Abuse is 100%: ?

100%

ISP	IPXO-103-125-146-0-24
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	ipxo.com
Country	🇯🇵 Japan
City	Yokohama, Kanagawa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.125.146.30

Whois 103.125.146.30

IP Abuse Reports for 103.125.146.30:

This IP address has been reported a total of 167 times from 80 distinct sources. 103.125.146.30 was first reported on March 18th 2023, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 masterguru	2026-06-18 01:45:14 (2 hours ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (5000900-122)	Web App Attack
🇬🇧 andypiper	2026-06-18 01:00:18 (3 hours ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇩🇪 maxpower	2026-06-18 00:16:44 (4 hours ago)	(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 103.125.146.30 (JP/Japan/-): 3 in the last 360 ... show more (wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 103.125.146.30 (JP/Japan/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 103.125.146.30 - - [18/Jun/2026:02:14:00 +0200] "POST /xmlrpc.php HTTP/1.1" 404 157235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" "-" host=ramsesconsulting.it 103.125.146.30 - - [18/Jun/2026:02:15:58 +0200] "POST /xmlrpc.php HTTP/1.1" 404 157530 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0" "-" host=ramsesconsulting.it 103.125.146.30 - - [18/Jun/2026:02:16:38 +0200] "POST /xmlrpc.php HTTP/1.1" 404 159384 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=ramsesconsulting.it show less	Port Scan
🇬🇷 setupgr	2026-06-16 11:22:32 (1 day ago)	(mod_security) mod_security (id:1000001) triggered by 103.125.146.30: 1 in the last 86400 secs; Port ... show more (mod_security) mod_security (id:1000001) triggered by 103.125.146.30: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 16 14:22:30.088312 2026] [security2:error] [pid 2210175:tid 2210258] [client 103.125.146.30:56597] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/about.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "93"] [id "1000001"] [msg "Bad file blocked: /wp-content/themes/about.php"] [severity "CRITICAL"] [tag "security"] [hostname "mail.setworldup.com"] [uri "/wp-content/themes/about.php"] [unique_id "ajEx9n9oGssBgNwsPFuNgAAAAFY"] show less	Port Scan
🇬🇷 setupgr	2026-06-16 07:57:58 (1 day ago)	(mod_security) mod_security (id:1000001) triggered by 103.125.146.30: 1 in the last 86400 secs; Port ... show more (mod_security) mod_security (id:1000001) triggered by 103.125.146.30: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 16 10:57:58.161931 2026] [security2:error] [pid 2210293:tid 2210354] [client 103.125.146.30:33339] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/wp-xme.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "93"] [id "1000001"] [msg "Bad file blocked: /wp-content/themes/twentytwentyfive/patterns/wp-xme.php"] [severity "CRITICAL"] [tag "security"] [hostname "mail.sea-sound.com"] [uri "/wp-content/themes/twentytwentyfive/patterns/wp-xme.php"] [unique_id "ajECBtMtn8QwdXQy9m4bHQAAAUA"] show less	Port Scan
🇳🇱 middelkoopcc	2026-06-15 07:30:05 (2 days ago)	2026-06-15 09:23:55 [remote 103.125.146.30:60747] AH01276: Cannot serve directory /<redacted>/wp-adm ... show more 2026-06-15 09:23:55 [remote 103.125.146.30:60747] AH01276: Cannot serve directory /<redacted>/wp-admin/css/: No matching DirectoryIndex (index.php) found, and server-generated directory index forbidden by Options directive, referer: <redacted> && 2026-06-15 09:24:01 [remote 103.125.146.30:60747] AH01276: Cannot serve directory /<redacted>/wp-content/uploads/: No matching DirectoryIndex (index.php) found, and server-generated directory index forbidden by Options directive, referer: <redacted> && 2026-06-15 09:24:13 [remote 103.125.146.30:60747] AH01276: Cannot serve directory /<redacted>/wp-admin/js/: No matching DirectoryIndex (index.php) found, and server-generated directory index forbidden by Options directive, referer: <redacted> && 83 more within 20 minutes show less	Web App Attack
🇩🇪 LRob.fr	2026-06-13 20:00:10 (4 days ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇦🇺 paulshipley.com.au	2026-06-13 13:28:35 (4 days ago)	dlcarterauthor.com:443 103.125.146.30 - - [13/Jun/2026:23:28:33 +1000] "GET /admin/function.php HTTP ... show more dlcarterauthor.com:443 103.125.146.30 - - [13/Jun/2026:23:28:33 +1000] "GET /admin/function.php HTTP/1.1" 404 67628 "http://dlcarterauthor.com/admin/function.php" "Go-http-client/1.1" ... show less	Web App Attack
Anonymous	2026-06-13 13:08:08 (4 days ago)	Banned by Fail2Ban on server	Web App Attack
🇳🇱 GabrielJST	2026-06-13 11:11:59 (4 days ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 103.125.146.30 (JP/Japan ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 103.125.146.30 (JP/Japan/-) show less	Port Scan
🇳🇱 Site.eu	2026-06-13 08:20:27 (4 days ago)	Excessive multi-domain requests	Brute-Force
🇮🇩 soc-yk	2026-06-13 04:54:11 (4 days ago)	Type: suspicious_network_activity Risk: 70 Events: 2001 Evidence: - Persistent suspicious network a ... show more Type: suspicious_network_activity Risk: 70 Events: 2001 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified show less	Port Scan Hacking
🇩🇪 Ba-Yu	2026-06-13 02:56:41 (5 days ago)	WordPress hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇳🇱 BlueWire Hosting	2026-06-12 16:34:53 (5 days ago)	Probing websites for vulnerabilities	Web App Attack
🇳🇱 Site.eu	2026-06-11 16:17:58 (6 days ago)	Excessive multi-domain requests	Brute-Force

Showing 1 to 15 of 167 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 116.118.44.131

🇺🇸 104.207.45.252

🇺🇸 165.154.254.11

🇨🇳 109.244.96.121

🇮🇳 103.91.72.195

🇫🇷 62.171.140.12

🇸🇬 43.160.249.52

🇺🇸 35.231.113.210

🇮🇹 31.59.89.180

🇯🇵 220.210.132.184

🇩🇪 195.230.103.246

🇺🇸 185.149.26.71

🇺🇸 174.35.25.177

🇸🇬 129.226.95.93

🇮🇩 118.99.107.181

🇹🇼 111.70.32.2

🇩🇪 109.91.4.177

🇮🇪 108.131.162.231

🇺🇸 45.130.83.65

🇬🇧 35.203.211.148