JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.214.61.31

103.214.61.31 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 38%: ?

38%

ISP	Kumar Networks
Usage Type	Fixed Line ISP
ASN	AS133982
Domain Name	excitel.com
Country	🇮🇳 India
City	Bengaluru, Karnataka

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.214.61.31

Whois 103.214.61.31

IP Abuse Reports for 103.214.61.31:

This IP address has been reported a total of 20 times from 17 distinct sources. 103.214.61.31 was first reported on January 21st 2022, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-07 15:32:23 (1 week ago)	[redacted] 103.214.61.31 - - [07/Jun/2026:17:31:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ... show more [redacted] 103.214.61.31 - - [07/Jun/2026:17:31:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.1; http://site20807451.com" [redacted] 103.214.61.31 - - [07/Jun/2026:17:31:49 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 103.214.61.31 - - [07/Jun/2026:17:32:00 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)" [redacted] 103.214.61.31 - - [07/Jun/2026:17:32:11 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 103.214.61.31 - - [07/Jun/2026:17:32:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 11:58:15 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.214.61.31 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 103.214.61.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 07:58:10.807059 2026] [security2:error] [pid 26223:tid 26223] [client 103.214.61.31:52612] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.214.61.31 (+1 hits since last alert)\|thinkingepic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thinkingepic.com"] [uri "/xmlrpc.php"] [unique_id "aiVc0ocyZtk0qc0rsj-WsQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 11:55:44 (1 week ago)	103.214.61.31 - - [07/Jun/2026:13:55:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/12.0 ... show more 103.214.61.31 - - [07/Jun/2026:13:55:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/12.0; WordPress/6.4; http://site71531546.com" 103.214.61.31 - - [07/Jun/2026:13:55:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.0; WordPress/6.4; http://site71531546.com" 103.214.61.31 - - [07/Jun/2026:13:55:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" 103.214.61.31 - - [07/Jun/2026:13:55:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" 103.214.61.31 - - [07/Jun/2026:13:55:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 10:27:35 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.214.61.31 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 103.214.61.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 06:27:29.536837 2026] [security2:error] [pid 4795:tid 4795] [client 103.214.61.31:54916] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.214.61.31 (+1 hits since last alert)\|edmestonfd.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "edmestonfd.com"] [uri "/xmlrpc.php"] [unique_id "aiVHkbjaYTc7uvduhKmzLwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 08:19:59 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.214.61.31 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 103.214.61.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 04:19:56.066351 2026] [security2:error] [pid 11304:tid 11329] [client 103.214.61.31:60112] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.214.61.31 (+1 hits since last alert)\|frannykingsmith.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "frannykingsmith.com"] [uri "/xmlrpc.php"] [unique_id "aiUprBC_Vaf5yPSVjgtzDgAAARY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 03:17:19 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.214.61.31 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 103.214.61.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 23:17:11.515677 2026] [security2:error] [pid 15684:tid 15684] [client 103.214.61.31:52660] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.214.61.31 (+1 hits since last alert)\|cycontechnology.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cycontechnology.com"] [uri "/xmlrpc.php"] [unique_id "aiTit5EeaeDJIgKPQt0mZgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 03:14:46 (1 week ago)	Attac	Brute-Force
🇩🇪 4server	2026-06-04 10:18:02 (2 weeks ago)	[ThuJun0412:18:00.2716372026][security2:error][pid3184967:tid3184999][client103.214.61.31:0]ModSecur ... show more [ThuJun0412:18:00.2716372026][security2:error][pid3184967:tid3184999][client103.214.61.31:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"casacarmen.ch\"][uri\"/xmlrpc.php\"][unique_id\"aiFQ2CzDkiE8OnJLKYs3BwAAAAw\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-06-04 08:32:54 (2 weeks ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇺🇸 WellSpring	2026-06-04 06:11:34 (2 weeks ago)	xmlrpc exploit on 623.today/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer	Brute-Force Web App Attack
🇫🇷 geeek	2026-04-28 06:01:23 (1 month ago)	Port scanning: 445 TCP Blocked	Port Scan
🇮🇩 Burayot	2025-09-29 10:00:57 (8 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 103.214.61.31 (IN/India/-): 1 in th ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 103.214.61.31 (IN/India/-): 1 in the last 3600 secs show less	Web App Attack
Anonymous	2025-09-29 03:34:29 (8 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 Josef Matula	2025-08-19 11:52:00 (9 months ago)	ports, 445/24H:1/7D:1	Port Scan
🇳🇱 Mangelot Hosting	2025-03-05 09:44:22 (1 year ago)	(RCPT) RCPT NOT ALLOWED FROM 103.214.61.31 (IN/India/-): 1 in the last 3600 secs; Ports: ; Directi ... show more (RCPT) RCPT NOT ALLOWED FROM 103.214.61.31 (IN/India/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 217.154.95.139

🇺🇸 165.154.162.176

🇺🇸 162.216.149.94

🇳🇱 91.92.40.52

🇩🇪 43.228.157.17

🇬🇧 35.203.211.184

🇺🇸 20.65.216.44

🇺🇸 193.37.254.189

🇹🇭 182.232.184.39

🇺🇸 172.234.192.95

🇻🇳 103.241.43.193

🇵🇰 103.83.23.169

🇺🇸 74.7.227.153

🇳🇱 45.156.87.93

🇧🇷 189.1.153.16

🇺🇸 172.191.74.151

🇷🇺 158.160.209.126

🇨🇳 116.179.32.235

🇱🇦 103.114.147.217

🇺🇸 72.253.251.3