JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.211.54.146

103.211.54.146 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 60%: ?

60%

ISP	Nitin Networks
Usage Type	Fixed Line ISP
ASN	AS133982
Domain Name	excitel.com
Country	🇮🇳 India
City	Gurugram, Haryana

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.211.54.146

Whois 103.211.54.146

IP Abuse Reports for 103.211.54.146:

This IP address has been reported a total of 15 times from 12 distinct sources. 103.211.54.146 was first reported on February 6th 2023, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-23 07:05:14 (4 days ago)	(XMLRPC) WP XMLPRC Attack 103.211.54.146 (IN/India/Haryana/Gurugram/-/[AS133982 EXCITEL-AS-IN Excite ... show more (XMLRPC) WP XMLPRC Attack 103.211.54.146 (IN/India/Haryana/Gurugram/-/[AS133982 EXCITEL-AS-IN Excitel Broadband Private Limited]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 103.211.54.146 - - [23/Jun/2026:10:01:33 +0300] "POST /xmlrpc.php HTTP/1.1" 503 18936 "-" "Jetpack by WordPress.com" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-23 06:09:21 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 103.211.54.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.211.54.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 02:09:17.344930 2026] [security2:error] [pid 20728:tid 20728] [client 103.211.54.146:60690] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.211.54.146 (+1 hits since last alert)\|illumoonatedtarot.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "illumoonatedtarot.com"] [uri "/xmlrpc.php"] [unique_id "ajojDRAeWMPx5IDStEj_tgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 abdubhai	2026-06-23 05:21:11 (5 days ago)	103.211.54.146 - - [23/Jun/2026: ...	Brute-Force
🇳🇱 wlt-blocker	2026-06-23 04:03:50 (5 days ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 03:30:08 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 103.211.54.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.211.54.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 23:30:03.691763 2026] [security2:error] [pid 5200:tid 5277] [client 103.211.54.146:52645] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.211.54.146 (+1 hits since last alert)\|tradersofficepark.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tradersofficepark.com"] [uri "/xmlrpc.php"] [unique_id "ajn9u3vCzGuL-0uXDiZD0wAAAhU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-23 03:30:06 (5 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇪🇸 masterguru	2026-06-23 03:03:31 (5 days ago)	(xmlrpc) Failed xmlrpc access from 103.211.54.146 (IN/India/-): 5 in the last 3600 secs (0-122)	Hacking
🇧🇪 cmbplf	2026-06-23 03:02:20 (5 days ago)	8.730 post requests in 1 hour (1w5d1h)	Brute-Force Bad Web Bot
🇫🇷 masterguru	2026-06-23 02:42:45 (5 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇫🇷 sasbau	2026-06-23 02:27:13 (5 days ago)	103.211.54.146 - - [23/Jun/2026:04:26:52 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Jetpack by ... show more 103.211.54.146 - - [23/Jun/2026:04:26:52 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)" 103.211.54.146 - - [23/Jun/2026:04:27:01 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Jetpack by WordPress.com" 103.211.54.146 - - [23/Jun/2026:04:27:12 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Jetpack/13.0; WordPress/6.2; http://site70833364.com" show less	Brute-Force Web App Attack
Anonymous	2026-06-23 02:10:13 (5 days ago)	103.211.54.146 - - [23/Jun/2026:10:10:12 +0800] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by ... show more 103.211.54.146 - - [23/Jun/2026:10:10:12 +0800] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com" ... show less	Bad Web Bot Web App Attack
Anonymous	2026-06-23 02:03:28 (5 days ago)	[redacted] 103.211.54.146 - - [23/Jun/2026:04:02:24 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 103.211.54.146 - - [23/Jun/2026:04:02:24 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 103.211.54.146 - - [23/Jun/2026:04:02:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 103.211.54.146 - - [23/Jun/2026:04:03:09 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 103.211.54.146 - - [23/Jun/2026:04:03:17 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 103.211.54.146 - - [23/Jun/2026:04:03:27 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.4; http://site90268419.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 01:57:49 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 103.211.54.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.211.54.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 21:57:45.474290 2026] [security2:error] [pid 12963:tid 12963] [client 103.211.54.146:64079] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.211.54.146 (+1 hits since last alert)\|richmondrents.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "richmondrents.com"] [uri "/xmlrpc.php"] [unique_id "ajnoGcA4RBLV7Q4sgn7rTAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-23 01:48:18 (5 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇨🇭 backslash	2023-02-06 13:20:01 (3 years ago)	block ruleset SQL-Injections: typical patterns B00691C2B3660FF27FABC58C19A75B50EDEC4A5E	SQL Injection

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇭 147.50.231.135

🇨🇳 125.124.226.217

🇺🇸 66.132.195.30

🇺🇸 66.132.186.229

🇺🇸 2001:470:2cc:1::210

🇮🇳 223.185.61.165

🇹🇼 198.235.24.75

🇺🇸 162.216.150.43

🇺🇸 66.219.10.18

🇨🇳 61.155.106.101

🇰🇷 43.155.172.154

🇮🇩 36.67.119.18

🇧🇪 35.240.20.168

🇧🇪 34.156.65.35

🇧🇷 205.210.31.201

🇺🇸 159.198.35.26

🇺🇸 104.43.131.157

🇺🇸 20.102.98.53

🇨🇳 223.109.252.139

🇹🇷 191.96.124.2