JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.214.61.90

103.214.61.90 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 90%: ?

90%

ISP	Kumar Networks
Usage Type	Fixed Line ISP
ASN	AS133982
Domain Name	krrishkumarnetworks.in
Country	🇮🇳 India
City	Bengaluru, Karnataka

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.214.61.90

Whois 103.214.61.90

IP Abuse Reports for 103.214.61.90:

This IP address has been reported a total of 32 times from 21 distinct sources. 103.214.61.90 was first reported on April 16th 2024, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 noise.agency	2026-06-25 06:02:26 (13 hours ago)	(wordpress) Failed wordpress login from 103.214.61.90 (IN/India/-)	Brute-Force
🇩🇪 Marc	2026-06-25 03:58:11 (16 hours ago)	103.214.61.90 - - [25/Jun/2026:05:57:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "Jetpack by ... show more 103.214.61.90 - - [25/Jun/2026:05:57:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "Jetpack by WordPress.com" 103.214.61.90 - - [25/Jun/2026:05:57:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3298 "-" "Jetpack by WordPress.com" 103.214.61.90 - - [25/Jun/2026:05:58:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3299 "-" "Jetpack/13.0; WordPress/6.4; http://site36462532.com" show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 14:23:12 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 103.214.61.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 103.214.61.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 10:23:06.065351 2026] [security2:error] [pid 21942:tid 21942] [client 103.214.61.90:49833] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.214.61.90 (+1 hits since last alert)\|cmcnow.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cmcnow.com"] [uri "/xmlrpc.php"] [unique_id "ajvoSjz8ofVw4KTuup9ZMgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-24 09:15:11 (1 day ago)	[ssd5.kdns.gr] httpd-xmlrpc-post: sites=sigasigacollective.com; logs=/var/log/httpd/domains/sigasiga ... show more [ssd5.kdns.gr] httpd-xmlrpc-post: sites=sigasigacollective.com; logs=/var/log/httpd/domains/sigasigacollective.com.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇬🇧 Apache	2026-06-24 07:43:07 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 103.214.61.90 (IN/India/-): 5 in the last 300 s ... show more (mod_security) mod_security (id:240335) triggered by 103.214.61.90 (IN/India/-): 5 in the last 300 secs show less	Brute-Force Web App Attack
🇫🇷 sasbau	2026-06-24 06:05:22 (1 day ago)	103.214.61.90 - - [24/Jun/2026:08:04:57 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "WordPress.co ... show more 103.214.61.90 - - [24/Jun/2026:08:04:57 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "WordPress.com; https://wordpress.com" 103.214.61.90 - - [24/Jun/2026:08:05:09 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Jetpack/12.1; WordPress/6.1; http://site45725115.com" 103.214.61.90 - - [24/Jun/2026:08:05:21 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" show less	Brute-Force Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-24 05:35:10 (1 day ago)	Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/-	Web App Attack
Anonymous	2026-06-24 05:03:54 (1 day ago)	[redacted] 103.214.61.90 - - [24/Jun/2026:07:03:11 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ... show more [redacted] 103.214.61.90 - - [24/Jun/2026:07:03:11 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.3; http://site77945901.com" [redacted] 103.214.61.90 - - [24/Jun/2026:07:03:22 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)" [redacted] 103.214.61.90 - - [24/Jun/2026:07:03:32 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)" [redacted] 103.214.61.90 - - [24/Jun/2026:07:03:43 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.1; http://site71861160.com" [redacted] 103.214.61.90 - - [24/Jun/2026:07:03:54 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇧🇪 cmbplf	2026-06-24 04:22:55 (1 day ago)	3.955 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-24 04:05:14 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 103.214.61.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 103.214.61.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 00:05:10.162843 2026] [security2:error] [pid 14086:tid 14086] [client 103.214.61.90:50617] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.214.61.90 (+1 hits since last alert)\|slimlaw.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "slimlaw.com"] [uri "/xmlrpc.php"] [unique_id "ajtXdlXCXGftq5VlydMygQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 02:36:26 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 103.214.61.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 103.214.61.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 22:36:18.735044 2026] [security2:error] [pid 4917:tid 4917] [client 103.214.61.90:62805] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.214.61.90 (+1 hits since last alert)\|kdgsf.xyz\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kdgsf.xyz"] [uri "/xmlrpc.php"] [unique_id "ajtCot_qnVOxO0fT7C-aEwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-23 07:01:47 (2 days ago)		Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 12:54:57 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 103.214.61.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 103.214.61.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 08:54:52.706936 2026] [security2:error] [pid 3168:tid 3168] [client 103.214.61.90:51829] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.214.61.90 (+1 hits since last alert)\|nextstepplus.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nextstepplus.net"] [uri "/xmlrpc.php"] [unique_id "ajkwnKNIQgVk1Mj0qGJYAwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-22 10:46:42 (3 days ago)	(wordpress) Failed wordpress login from 103.214.61.90 (IN/India/-)	Brute-Force
Anonymous	2026-06-22 06:11:03 (3 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.172

🇧🇷 177.54.62.68

🇸🇬 47.128.33.20

🇺🇸 2600:3c01::2000:c0ff:febc:caa

🇺🇸 195.184.76.244

🇭🇰 103.210.21.178

🇧🇬 78.128.114.166

🇺🇸 37.140.223.162

🇯🇵 152.32.146.202

🇫🇮 147.185.133.167

🇮🇳 128.185.56.205

🇮🇪 52.178.175.225

🇬🇧 35.203.210.20

🇺🇸 192.159.99.144

🇧🇷 190.109.105.160

🇧🇷 189.28.184.48

🇺🇸 174.136.148.94

🇮🇳 103.91.246.101

🇿🇦 102.129.52.1

🇬🇧 5.226.140.65