JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.149.100.161

103.149.100.161 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 55%: ?

55%

ISP	Asia Pacific Network Information Centre
Usage Type	Fixed Line ISP
ASN	AS140243
Domain Name	apnic.net
Country	🇵🇭 Philippines
City	Diffun, Cagayan Valley

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.149.100.161

Whois 103.149.100.161

IP Abuse Reports for 103.149.100.161:

This IP address has been reported a total of 14 times from 9 distinct sources. 103.149.100.161 was first reported on June 7th 2026, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-15 14:10:36 (7 hours ago)	(mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 10:10:30.416940 2026] [security2:error] [pid 22602:tid 22602] [client 103.149.100.161:22068] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.149.100.161 (+1 hits since last alert)\|apuntesdeinversion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "apuntesdeinversion.com"] [uri "/xmlrpc.php"] [unique_id "ajAH1nY0eaS5zraqeZfTuQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-15 13:36:48 (7 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 11:14:26 (10 hours ago)	(mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 07:14:20.949590 2026] [security2:error] [pid 30374:tid 30374] [client 103.149.100.161:2249] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.149.100.161 (+1 hits since last alert)\|hawaiivacations.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hawaiivacations.com"] [uri "/xmlrpc.php"] [unique_id "ai_ejKOpfgHQILo252rQjAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 09:41:08 (11 hours ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 12:27:05 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 08:27:00.102297 2026] [security2:error] [pid 8311:tid 8311] [client 103.149.100.161:54974] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.149.100.161 (+1 hits since last alert)\|kildarafarms.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kildarafarms.com"] [uri "/xmlrpc.php"] [unique_id "ai6eFHl5fNl_5R_d97NDIgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 10:35:39 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 06:35:33.379497 2026] [security2:error] [pid 25433:tid 25433] [client 103.149.100.161:58043] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.149.100.161 (+1 hits since last alert)\|rdhtrucking.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rdhtrucking.com"] [uri "/xmlrpc.php"] [unique_id "ai6D9eJ1CUV5hilo3ZfoAAAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-14 08:44:13 (1 day ago)	Attac	Brute-Force
Anonymous	2026-06-14 08:30:50 (1 day ago)	Blocked by ModSec and CSF	Port Scan
🇩🇪 grassau.com	2026-06-12 13:03:03 (3 days ago)	(wordpress) Failed wordpress login from 103.149.100.161 (PH/Philippines/-/-/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-12 11:34:33 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:34:29.727085 2026] [security2:error] [pid 8749:tid 8749] [client 103.149.100.161:48068] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.149.100.161 (+1 hits since last alert)\|lambert-heating-and-air.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lambert-heating-and-air.com"] [uri "/xmlrpc.php"] [unique_id "aivuxZaNlMaP-jp8qijklQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 11:32:10 (3 days ago)	(wordpress) Failed wordpress login from 103.149.100.161 (PH/Philippines/-)	Brute-Force
🇲🇾 Rizzy	2026-06-09 12:45:24 (6 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 05:22:29 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.149.100.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:22:23.204896 2026] [security2:error] [pid 7939:tid 7939] [client 103.149.100.161:19882] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.149.100.161 (+1 hits since last alert)\|kdgsf.xyz\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kdgsf.xyz"] [uri "/xmlrpc.php"] [unique_id "aiUAD0wfcOWFTzNsYDw94wAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WeekendWeb	2026-06-07 05:21:13 (1 week ago)	Wordpress Vunerability attack	Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇰 185.193.240.246

🇨🇳 125.39.148.106

🇬🇧 193.163.125.69

🇧🇷 187.9.247.58

🇧🇷 187.8.64.94

🇨🇳 183.209.234.235

🇫🇮 147.185.133.93

🇻🇳 125.253.121.228

🇹🇭 125.27.12.122

🇩🇪 87.106.47.28

🇨🇳 42.100.26.87

🇹🇿 41.93.28.23

🇨🇦 20.220.147.44

🇨🇳 14.103.115.123

🇴🇲 2a06:dac0:101:cda0:cc2e:13cb:895f:b6e0

🇨🇳 220.197.85.234

🇧🇷 187.8.120.90

🇧🇷 187.8.3.230

🇧🇷 186.215.245.175

🇨🇳 182.99.65.160