JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.163.220.17

103.163.220.17 was found in our database!

This IP was reported 168 times. Confidence of Abuse is 93%: ?

93%

ISP	XS Usenet
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	xsusenet.com
Country	🇯🇵 Japan
City	Asagaya-minami, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.163.220.17

Whois 103.163.220.17

IP Abuse Reports for 103.163.220.17:

This IP address has been reported a total of 168 times from 72 distinct sources. 103.163.220.17 was first reported on August 14th 2022, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇦 URAN Publishing Service	2026-06-21 14:37:30 (1 day ago)	103.163.220.17 - - [21/Jun/2026:17:37:29 +0300] "GET /wp-content/plugins/core/core.php HTTP/1.1" 404 ... show more 103.163.220.17 - - [21/Jun/2026:17:37:29 +0300] "GET /wp-content/plugins/core/core.php HTTP/1.1" 404 727 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-21 04:55:25 (2 days ago)	103.163.220.17 - - [21/Jun/2026:07:55:23 +0300] "GET /wp-admin/css/index.php HTTP/1.1" 404 716 "-" " ... show more 103.163.220.17 - - [21/Jun/2026:07:55:23 +0300] "GET /wp-admin/css/index.php HTTP/1.1" 404 716 "-" "Go-http-client/1.1" 103.163.220.17 - - [21/Jun/2026:07:55:24 +0300] "GET /wp-includes/assets/index.php HTTP/1.1" 404 716 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇩🇪 ghostwarriors	2026-06-21 00:20:34 (2 days ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇩🇪 findlab	2026-06-20 23:01:05 (2 days ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 09:07:05 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 103.163.220.17 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 103.163.220.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 05:06:57.468687 2026] [security2:error] [pid 19899:tid 19899] [client 103.163.220.17:20693] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.tonytremblayauthor.com"] [uri "/wp-content/uploads/wp-config.php"] [unique_id "ajZYMZOUE9WdidhOXX-EBAAAAAM"], referer: http://tonytremblayauthor.com/wp-content/uploads/wp-config.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 05:41:25 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 103.163.220.17 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 103.163.220.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 01:41:18.538704 2026] [security2:error] [pid 26080:tid 26080] [client 103.163.220.17:39807] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vsecuritysolutions.com"] [uri "/wp-content/uploads/wp-config.php"] [unique_id "ajYn_oCNUOKNqN4J-lTUngAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-19 20:21:15 (3 days ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-19 19:04:41 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 103.163.220.17 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 103.163.220.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 15:04:34.952101 2026] [security2:error] [pid 32705:tid 32767] [client 103.163.220.17:29019] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tomithai.plumeraproductions.com"] [uri "/wp-includes/images/wp-config.php"] [unique_id "ajWSwigdgKAWY-2w5q6y_gAAAYs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 13:33:05 (4 days ago)	Banned by Fail2Ban on server	Web App Attack
🇩🇪 FeG Deutschland	2026-06-18 13:18:55 (4 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇪🇸 masterguru	2026-06-18 06:38:31 (5 days ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-122) show less	Bad Web Bot
🇳🇱 BlueWire Hosting	2026-06-11 20:12:21 (1 week ago)	Probing websites for vulnerabilities	Web App Attack
🇩🇪 Lino Project	2026-06-11 09:56:12 (1 week ago)	103.163.220.17 - - [11/Jun/2026:11:56:09 +0200] "GET /wp-includes/canonical-loop.php HTTP/2.0" 403 2 ... show more 103.163.220.17 - - [11/Jun/2026:11:56:09 +0200] "GET /wp-includes/canonical-loop.php HTTP/2.0" 403 256 "http://biomakeup.it/wp-includes/canonical-loop.php" "Go-http-client/2.0" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-27 14:47:49 (3 weeks ago)	103.163.220.17 - - [27/May/2026:17:47:49 +0300] "GET /wp-includes/SimplePie/wp-conflg.php HTTP/1.1" ... show more 103.163.220.17 - - [27/May/2026:17:47:49 +0300] "GET /wp-includes/SimplePie/wp-conflg.php HTTP/1.1" 404 707 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇩🇪 iNetWorker	2026-05-27 14:10:21 (3 weeks ago)	trolling for resource vulnerabilities	Web App Attack

Showing 1 to 15 of 168 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 13.71.92.229

🇭🇰 152.32.169.7

🇳🇱 64.225.72.42

🇺🇸 3.129.187.38

🇦🇷 2620:171:4d:f002:9999::177

🇫🇮 194.70.234.74

🇨🇴 161.18.234.168

🇷🇺 151.252.84.225

🇷🇴 80.94.92.184

🇦🇿 62.217.158.232

🇳🇱 45.140.222.127

🇺🇸 43.162.89.43

🇺🇸 13.89.124.213

🇧🇷 192.141.106.47

🇪🇸 141.109.168.26

🇻🇳 113.161.222.150

🇨🇭 107.189.28.30

🇷🇴 80.94.92.130

🇳🇱 45.148.10.147

🇸🇬 43.156.239.194