JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.163.220.5

103.163.220.5 was found in our database!

This IP was reported 167 times. Confidence of Abuse is 100%: ?

100%

ISP	XS Usenet
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	xsusenet.com
Country	🇯🇵 Japan
City	Asagaya-minami, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.163.220.5

Whois 103.163.220.5

IP Abuse Reports for 103.163.220.5:

This IP address has been reported a total of 167 times from 81 distinct sources. 103.163.220.5 was first reported on March 18th 2023, and the most recent report was 28 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 maxpower	2026-06-18 00:15:39 (28 minutes ago)	(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 103.163.220.5 (JP/Japan/-): 3 in the last 3600 ... show more (wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 103.163.220.5 (JP/Japan/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 103.163.220.5 - - [18/Jun/2026:02:14:02 +0200] "POST /xmlrpc.php HTTP/1.1" 404 158946 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_6_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0" "-" host=ramsesconsulting.it 103.163.220.5 - - [18/Jun/2026:02:14:09 +0200] "POST /xmlrpc.php HTTP/1.1" 404 157687 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" "-" host=ramsesconsulting.it 103.163.220.5 - - [18/Jun/2026:02:15:37 +0200] "POST /xmlrpc.php HTTP/1.1" 404 158014 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=ramsesconsulting.it show less	Port Scan
🇬🇷 setupgr	2026-06-16 07:52:48 (1 day ago)	(mod_security) mod_security (id:1000001) triggered by 103.163.220.5: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:1000001) triggered by 103.163.220.5: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 16 10:52:46.609427 2026] [security2:error] [pid 2280080:tid 2280111] [client 103.163.220.5:55777] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/66.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "93"] [id "1000001"] [msg "Bad file blocked: /66.php"] [severity "CRITICAL"] [tag "security"] [hostname "mail.sea-sound.com"] [uri "/66.php"] [unique_id "ajEAzssskNLCXd8cDXQ1MwAAAAQ"] show less	Port Scan
🇦🇺 paulshipley.com.au	2026-06-13 13:27:35 (4 days ago)	dlcarterauthor.com:443 103.163.220.5 - - [13/Jun/2026:23:27:33 +1000] "GET /bolt.php HTTP/1.1" 404 6 ... show more dlcarterauthor.com:443 103.163.220.5 - - [13/Jun/2026:23:27:33 +1000] "GET /bolt.php HTTP/1.1" 404 67606 "http://dlcarterauthor.com/bolt.php" "Go-http-client/1.1" ... show less	Web App Attack
Anonymous	2026-06-13 13:10:30 (4 days ago)	Banned by Fail2Ban on server	Web App Attack
🇳🇱 Site.eu	2026-06-13 05:00:20 (4 days ago)	Excessive multi-domain requests	Brute-Force
🇮🇩 soc-yk	2026-06-13 04:30:12 (4 days ago)	Type: suspicious_network_activity Risk: 70 Events: 1143 Evidence: - Persistent suspicious network a ... show more Type: suspicious_network_activity Risk: 70 Events: 1143 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified show less	Port Scan Hacking
🇳🇱 BlueWire Hosting	2026-06-12 16:26:22 (5 days ago)	Probing websites for vulnerabilities	Web App Attack
Anonymous	2026-06-12 16:04:34 (5 days ago)	Fail2Ban wordpress-forbidden on Security-Instance. Persistent malicious activity detected. Evidence: ... show more Fail2Ban wordpress-forbidden on Security-Instance. Persistent malicious activity detected. Evidence: 2026/06/12 18:04:30 [error] 647757#647757: 41474 directory index of "/var/www/html/wordpress_main/wp-includes/block-patterns/" is forbidden, client: 103.163.220.5, server: dtalens.com, request: "GET /wp-includes/block-patterns/ HTTP/2.0", host: "dtalens.com", referrer: "http://dtalens.com/wp-includes/block-patterns/" 2026/06/12 18:04:30 [error] 647757#647757: 41474 directory index of "/var/www/html/wordpress_main/wp-includes/css/dist/edit-site/" is forbidden, client: 103.163.220.5, server: dtalens.com, request: "GET /wp-includes/css/dist/edit-site/ HTTP/2.0", host: "dtalens.com", referrer: "http://dtalens.com/wp-includes/css/dist/edit-site/" 2026/06/12 18:04:31 [error] 647757#647757: *414 show less	Hacking Web App Attack
🇩🇪 FeG Deutschland	2026-06-11 12:25:39 (6 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇫🇷 masterguru	2026-06-11 06:34:59 (6 days ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-195) show less	Bad Web Bot
🇦🇹 Pingger Shikkoken	2026-06-11 02:14:38 (6 days ago)	2026-06-11T02:14:38+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC ... show more 2026-06-11T02:14:38+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=103.163.220.5 DST=10.1.1.11 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=13519 DF PROTO=TCP SPT=32663 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-11T02:14:39+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=103.163.220.5 DST=10.1.1.11 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=13520 DF PROTO=TCP SPT=32663 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-11T02:14:41+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=103.163.220.5 DST=10.1.1.11 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=13521 DF PROTO=TCP SPT=32663 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Hacking Bad Web Bot
🇺🇦 URAN Publishing Service	2026-06-10 18:42:52 (1 week ago)	103.163.220.5 - - [10/Jun/2026:21:42:52 +0300] "GET /wp-includes/ HTTP/1.1" 404 708 "http://www.sems ... show more 103.163.220.5 - - [10/Jun/2026:21:42:52 +0300] "GET /wp-includes/ HTTP/1.1" 404 708 "http://www.semst.onu.edu.ua/wp-includes/" "Go-http-client/1.1" ... show less	Web App Attack
🇧🇪 cmbplf	2026-06-10 15:47:07 (1 week ago)	124 requests with url.path *config.php	Brute-Force Bad Web Bot
🇮🇩 soc-yk	2026-06-09 16:54:15 (1 week ago)	Type: suspicious_network_activity Risk: 75 Events: 399 Evidence: - Persistent suspicious network ac ... show more Type: suspicious_network_activity Risk: 75 Events: 399 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified - Threat escalation behavior observed show less	Port Scan Hacking
🇳🇱 Site.eu	2026-06-08 05:34:07 (1 week ago)	Excessive multi-domain requests	Brute-Force

Showing 1 to 15 of 167 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 173.182.152.45

🇩🇪 136.243.220.212

🇺🇸 118.26.109.7

🇺🇸 100.29.192.11

🇸🇬 47.237.139.24

🇺🇸 35.243.212.244

🇺🇸 2607:ff10:c8:594::7

🇹🇼 220.134.119.14

🇩🇪 207.154.230.149

🇳🇱 176.65.139.222

🇹🇷 176.41.47.190

🇩🇪 167.94.145.21

🇩🇪 165.245.253.20

🇫🇷 145.239.15.221

🇺🇸 107.150.99.126

🇸🇬 103.20.122.54

🇷🇴 94.156.152.234

🇺🇸 65.189.93.141

🇸🇬 47.236.254.208

🇸🇬 47.236.8.168