JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.125.146.60

103.125.146.60 was found in our database!

This IP was reported 183 times. Confidence of Abuse is 100%: ?

100%

ISP	IPXO-103-125-146-0-24
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	ipxo.com
Country	🇯🇵 Japan
City	Yokohama, Kanagawa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.125.146.60

Whois 103.125.146.60

IP Abuse Reports for 103.125.146.60:

This IP address has been reported a total of 183 times from 86 distinct sources. 103.125.146.60 was first reported on March 30th 2023, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-18 07:00:27 (4 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 maxpower	2026-06-18 00:17:56 (11 hours ago)	(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 103.125.146.60 (JP/Japan/-): 3 in the last 360 ... show more (wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 103.125.146.60 (JP/Japan/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 103.125.146.60 - - [18/Jun/2026:02:15:27 +0200] "POST /xmlrpc.php HTTP/1.1" 404 158253 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=ramsesconsulting.it 103.125.146.60 - - [18/Jun/2026:02:16:18 +0200] "POST /xmlrpc.php HTTP/1.1" 404 159029 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=ramsesconsulting.it 103.125.146.60 - - [18/Jun/2026:02:17:47 +0200] "POST /xmlrpc.php HTTP/1.1" 404 158600 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=ramsesconsulting.it show less	Port Scan
🇬🇷 setupgr	2026-06-16 11:28:22 (2 days ago)	(mod_security) mod_security (id:1000001) triggered by 103.125.146.60: 1 in the last 86400 secs; Port ... show more (mod_security) mod_security (id:1000001) triggered by 103.125.146.60: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 16 14:28:18.294706 2026] [security2:error] [pid 2210176:tid 2210274] [client 103.125.146.60:57471] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/wp-load.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "93"] [id "1000001"] [msg "Bad file blocked: /wp-content/plugins/plugins/wp-load.php"] [severity "CRITICAL"] [tag "security"] [hostname "mail.setworldup.com"] [uri "/wp-content/plugins/plugins/wp-load.php"] [unique_id "ajEzUo0pb6dkgQfaMdByDwAAARM"] show less	Port Scan
🇬🇷 setupgr	2026-06-16 07:52:18 (2 days ago)	(mod_security) mod_security (id:1000001) triggered by 103.125.146.60: 1 in the last 86400 secs; Port ... show more (mod_security) mod_security (id:1000001) triggered by 103.125.146.60: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 16 10:52:16.173261 2026] [security2:error] [pid 2210294:tid 2210438] [client 103.125.146.60:23793] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/wp-load.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "93"] [id "1000001"] [msg "Bad file blocked: /wp-content/uploads/wp-load.php"] [severity "CRITICAL"] [tag "security"] [hostname "mail.sea-sound.com"] [uri "/wp-content/uploads/wp-load.php"] [unique_id "ajEAsLhY-m9nTIYxKGR39QAAAZg"] show less	Port Scan
🇩🇪 LRob.fr	2026-06-14 17:45:05 (3 days ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇩🇪 SCHAPPY	2026-06-14 14:45:24 (3 days ago)	Mutliple attempts to access forbidden web resources, HTTP code 403.	Web App Attack
Anonymous	2026-06-13 13:09:29 (4 days ago)	Banned by Fail2Ban on server	Web App Attack
🇮🇩 soc-yk	2026-06-13 07:19:11 (5 days ago)	Type: web_scanning Risk: 70 Events: 361 Evidence: - Automated hostile web probing detected - Repeat ... show more Type: web_scanning Risk: 70 Events: 361 Evidence: - Automated hostile web probing detected - Repeated web scanning activity observed - Multi-event operational persistence identified - Threat escalation behavior observed show less	Web App Attack
🇳🇱 Site.eu	2026-06-13 04:53:34 (5 days ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 yvoictra	2026-06-12 21:38:00 (5 days ago)	103.125.146.60 - - [12/Jun/2026:23:36:53 +0200] "GET /3PJcpMFsD8B.php HTTP/2.0" 404 6273 "http://dua ... show more 103.125.146.60 - - [12/Jun/2026:23:36:53 +0200] "GET /3PJcpMFsD8B.php HTTP/2.0" 404 6273 "http://duarteviews.com/3PJcpMFsD8B.php" "Go-http-client/2.0" 103.125.146.60 - - [12/Jun/2026:23:36:54 +0200] "GET /admin.php HTTP/2.0" 404 6273 "http://duarteviews.com/admin.php" "Go-http-client/2.0" 103.125.146.60 - - [12/Jun/2026:23:36:55 +0200] "GET /edit-tags.php HTTP/2.0" 404 6273 "http://duarteviews.com/edit-tags.php" "Go-http-client/2.0" 103.125.146.60 - - [12/Jun/2026:23:36:56 +0200] "GET /goods.php HTTP/2.0" 404 6273 "http://duarteviews.com/goods.php" "Go-http-client/2.0" 103.125.146.60 - - [12/Jun/2026:23:36:58 +0200] "GET /filemanager.php HTTP/2.0" 404 6273 "http://duarteviews.com/filemanager.php" "Go-http-client/2.0" 103.125.146.60 - - [12/Jun/2026:23:36:58 +0200] "GET /wp-content/plugins/enhanced-text-widget/analyst/src/403.php HTTP/2.0" 404 6273 "http://duarteviews.com/wp-content/plugins/enhanced-text-widget/analyst/src/403.php" "Go-http-client/2.0" 103.125.146.60 - - [12/Jun/2026:23 ... show less	Brute-Force Web App Attack
🇮🇩 soc-yk	2026-06-12 17:54:11 (5 days ago)	Type: suspicious_network_activity Risk: 100 Events: 226 Evidence: - Persistent suspicious network a ... show more Type: suspicious_network_activity Risk: 100 Events: 226 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified - Threat escalation behavior observed show less	Port Scan Hacking
🇳🇱 BlueWire Hosting	2026-06-12 16:19:18 (5 days ago)	Probing websites for vulnerabilities	Web App Attack
🇩🇪 Petros Stefanakis	2026-06-11 13:37:35 (6 days ago)	(mod_security) mod_security triggered on hostname [redacted] 103.125.146.60 (JP/Japan/-)	SQL Injection
🇫🇷 masterguru	2026-06-11 06:36:15 (1 week ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-195) show less	Bad Web Bot
🇺🇦 URAN Publishing Service	2026-06-10 18:45:14 (1 week ago)	103.125.146.60 - - [10/Jun/2026:21:45:13 +0300] "GET /wp-includes/css/dist/block-library/ HTTP/1.1" ... show more 103.125.146.60 - - [10/Jun/2026:21:45:13 +0300] "GET /wp-includes/css/dist/block-library/ HTTP/1.1" 404 708 "http://www.semst.onu.edu.ua/wp-includes/css/dist/block-library/" "Go-http-client/1.1" ... show less	Web App Attack

Showing 1 to 15 of 183 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.249.74.198

🇮🇳 122.166.49.42

🇨🇭 209.99.184.143

🇺🇸 150.107.36.219

🇨🇦 138.197.130.251

🇳🇱 45.140.222.112

🇳🇱 172.94.9.166

🇺🇸 163.245.222.252

🇮🇳 152.58.188.100

🇺🇸 144.48.83.12

🇯🇵 122.131.35.0

🇸🇬 103.187.146.33

🇦🇪 94.204.250.189

🇳🇱 91.92.40.4

🇪🇸 46.6.124.216

🇹🇷 46.1.136.142

🇯🇵 20.243.208.191

🇫🇷 185.252.234.32

🇳🇱 176.65.132.24

🇸🇬 158.178.231.183