JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.125.146.61

103.125.146.61 was found in our database!

This IP was reported 157 times. Confidence of Abuse is 100%: ?

100%

ISP	IPXO-103-125-146-0-24
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	ipxo.com
Country	🇯🇵 Japan
City	Yokohama, Kanagawa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.125.146.61

Whois 103.125.146.61

IP Abuse Reports for 103.125.146.61:

This IP address has been reported a total of 157 times from 69 distinct sources. 103.125.146.61 was first reported on October 26th 2023, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 Apache	2026-06-24 16:54:17 (2 days ago)	(mod_security) mod_security (id:20000010) triggered by 103.125.146.61 (JP/Japan/-): 5 in the last 30 ... show more (mod_security) mod_security (id:20000010) triggered by 103.125.146.61 (JP/Japan/-): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇯🇵 ki3	2026-06-23 13:54:17 (3 days ago)	Fail2Ban: Web App Attacks and Forum Spam 103.125.146.61 1782222856(JST)	Web Spam Bad Web Bot Web App Attack
Anonymous	2026-06-22 11:58:54 (5 days ago)	103.125.146.61 - - [22/Jun/2026:13:57:02 +0200] "POST /wp-login.php HTTP/1.1" 200 7450 "-" "Mozilla/ ... show more 103.125.146.61 - - [22/Jun/2026:13:57:02 +0200] "POST /wp-login.php HTTP/1.1" 200 7450 "-" "Mozilla/5.0" 103.125.146.61 - - [22/Jun/2026:13:57:01 +0200] "POST /wp-login.php HTTP/1.1" 200 7945 "-" "Mozilla/5.0" 103.125.146.61 - - [22/Jun/2026:13:57:56 +0200] "POST /wp-login.php HTTP/1.1" 200 7945 "-" "Mozilla/5.0" 103.125.146.61 - - [22/Jun/2026:13:57:57 +0200] "POST /wp-login.php HTTP/1.1" 200 7450 "-" "Mozilla/5.0" 103.125.146.61 - - [22/Jun/2026:13:58:53 +0200] "POST /wp-login.php HTTP/1.1" 200 7945 "-" "Mozilla/5.0" ... show less	Brute-Force Web App Attack
🇬🇧 consul.to	2026-06-20 04:54:22 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇳🇱 Site.eu	2026-06-18 23:57:44 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇩🇪 LRob.fr	2026-06-18 06:45:13 (1 week ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇬🇧 andypiper	2026-06-18 01:00:20 (1 week ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇩🇪 maxpower	2026-06-18 00:16:44 (1 week ago)	(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 103.125.146.61 (JP/Japan/-): 3 in the last 360 ... show more (wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 103.125.146.61 (JP/Japan/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 103.125.146.61 - - [18/Jun/2026:02:15:43 +0200] "POST /xmlrpc.php HTTP/1.1" 404 157234 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=ramsesconsulting.it 103.125.146.61 - - [18/Jun/2026:02:16:16 +0200] "POST /xmlrpc.php HTTP/1.1" 404 157487 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0" "-" host=ramsesconsulting.it 103.125.146.61 - - [18/Jun/2026:02:16:42 +0200] "POST /xmlrpc.php HTTP/1.1" 404 157368 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=ramsesconsulting.it show less	Port Scan
🇬🇷 setupgr	2026-06-16 01:42:44 (1 week ago)	(mod_security) mod_security (id:1000001) triggered by 103.125.146.61: 1 in the last 86400 secs; Port ... show more (mod_security) mod_security (id:1000001) triggered by 103.125.146.61: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 16 04:42:42.314474 2026] [security2:error] [pid 1965768:tid 1965810] [client 103.125.146.61:29397] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/wp-load.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "92"] [id "1000001"] [msg "Bad file blocked: /wp-includes/wp-load.php"] [severity "CRITICAL"] [tag "security"] [hostname "mail.pankoskal.gr"] [uri "/wp-includes/wp-load.php"] [unique_id "ajCqEphSggell5vQAURtrgAAAU8"] show less	Port Scan
🇩🇪 bazter.pro	2026-06-13 19:05:49 (1 week ago)	Fail2Ban: apache-ratelimit - 20 failures	Port Scan Bad Web Bot Web App Attack
Anonymous	2026-06-13 13:20:16 (1 week ago)	Banned by Fail2Ban on server	Web App Attack
🇳🇱 BlueWire Hosting	2026-06-12 16:26:32 (2 weeks ago)	Probing websites for vulnerabilities	Web App Attack
Anonymous	2026-06-12 15:56:58 (2 weeks ago)	Fail2Ban wordpress-forbidden on Security-Instance. Persistent malicious activity detected. Evidence: ... show more Fail2Ban wordpress-forbidden on Security-Instance. Persistent malicious activity detected. Evidence: 2026/06/12 17:56:46 [error] 647757#647757: 40753 directory index of "/var/www/html/wordpress_main/wp-includes/Requests/src/Exception/Transport/" is forbidden, client: 103.125.146.61, server: dtalens.com, request: "GET /wp-includes/Requests/src/Exception/Transport/ HTTP/2.0", host: "dtalens.com", referrer: "http://dtalens.com/wp-includes/Requests/src/Exception/Transport/" 2026/06/12 17:56:51 [error] 647757#647757: 40753 directory index of "/var/www/html/wordpress_main/wp-includes/rest-api/fields/" is forbidden, client: 103.125.146.61, server: dtalens.com, request: "GET /wp-includes/rest-api/fields/ HTTP/2.0", host: "dtalens.com", referrer: "http://dtalens.com/wp-includes/rest-api/fields/" show less	Hacking Web App Attack
🇳🇱 Site.eu	2026-06-11 16:34:32 (2 weeks ago)	Excessive multi-domain requests	Brute-Force
🇫🇷 masterguru	2026-06-11 06:46:28 (2 weeks ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-195) show less	Bad Web Bot

Showing 1 to 15 of 157 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 8.215.85.137

🇹🇼 198.235.24.22

🇪🇬 197.60.73.50

🇩🇪 167.94.146.55

🇰🇷 114.30.180.58

🇸🇬 103.189.234.244

🇮🇷 94.101.177.68

🇳🇱 93.123.118.227

🇳🇱 91.92.42.61

🇳🇱 81.19.216.88

🇺🇸 47.77.223.142

🇬🇧 23.90.184.149

🇧🇷 138.94.177.250

🇨🇦 66.129.155.20

🇺🇸 52.35.20.1

🇬🇧 35.203.211.94

🇬🇧 35.203.211.30

🇮🇳 20.219.91.90

🇺🇸 3.143.162.210

🇪🇹 196.189.155.89