JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.251.254.66

103.251.254.66 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 14%: ?

14%

ISP	New Pakistan Cable Network
Usage Type	Fixed Line ISP
ASN	AS140594
Domain Name	npcn.net.pk
Country	🇵🇰 Pakistan
City	Faisalabad, Punjab

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.251.254.66

Whois 103.251.254.66

IP Abuse Reports for 103.251.254.66:

This IP address has been reported a total of 23 times from 17 distinct sources. 103.251.254.66 was first reported on February 27th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 el-brujo	2026-06-22 00:39:39 (2 days ago)	Cloudflare WAF: Request Path: /Themes/default/images/post/xx.png Request Query: Host: forum.elhacke ... show more Cloudflare WAF: Request Path: /Themes/default/images/post/xx.png Request Query: Host: forum.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Action: managed_challenge Source: firewallCustom ASN Description: New Pakistan Cable Network (Firm) Country: PK Method: GET Timestamp: 2026-06-22T00:39:39Z ruleId: 770fb332273f47628e1c012f2ac4e3d3. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇬🇧 PeravixGroup	2026-06-10 12:59:25 (1 week ago)	Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aar ... show more Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-04-27 12:34:35 (1 month ago)	Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aar ... show more Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aaran.cloud show less	Hacking Exploited Host
🇺🇸 johnkarlhill	2026-03-27 14:34:27 (2 months ago)	WebKnight blocked malicious web request on johnkarlhill.com	Brute-Force SSH
🇫🇷 Sklurk	2026-03-22 07:59:23 (3 months ago)	Web App Attack	Web App Attack
🇫🇷 Sklurk	2026-03-21 04:05:23 (3 months ago)	Web App Attack	Web App Attack
🇺🇸 gui-ying233	2026-03-16 04:12:29 (3 months ago)	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Sa ... show more Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 show less	Bad Web Bot
🇩🇪 FeG Deutschland	2026-03-06 13:22:28 (3 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1248	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-03-02 19:19:59 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 103.251.254.66 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 103.251.254.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 02 14:19:45.563748 2026] [security2:error] [pid 3931:tid 3931] [client 103.251.254.66:46284] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.baliaccommodationpadangpadang.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.baliaccommodationpadangpadang.com"] [uri "/rates/[email protected]"] [unique_id "aaXi0eHcnrFTrJqHC6zStgAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2026-02-27 13:18:02 (3 months ago)	block ruleset SQL-Injections with typical fingerprints FD77349DE692F8D05B4EE282DE6A5198C42AB90F	SQL Injection
🇺🇸 kosada.com	2026-02-09 17:20:45 (4 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇩🇪 triple-web.net	2026-02-01 12:01:03 (4 months ago)	$f2bV_matches	Brute-Force
🇨🇿 lp	2026-01-27 17:53:52 (4 months ago)	Email account brute force: 6 attempts were recorded from 103.251.254.66 2026-01-27T12:13:42+01:00 wa ... show more Email account brute force: 6 attempts were recorded from 103.251.254.66 2026-01-27T12:13:42+01:00 warning: unknown[103.251.254.66]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-01-27T12:13:42+01:00 warning: unknown[103.251.254.66]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-01-27T12:13:42+01:00 warning: unknown[103.251.254.66]: SASL LOGIN authentication failed: authentication failure, [email protected] 2026-01-27T12:13:42+01:00 warning: unknown[103.251.254.66]: SASL LOGIN authentication failed: authentication failure, [email protected] 2026-01-27T18:16:02+01:00 warning: unknown[103.251.254.66]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-01-27T18:16:02+01:00 warning: unknown[103.251.254.66]: SASL LOGIN authentication failed: au show less	Brute-Force
🇯🇵 mkaraki	2025-12-31 07:25:22 (5 months ago)	1767165908 # Service_probe # SIGNATURE_SEND # source_ip:103.251.254.66 # dst_port:445 ...	Port Scan
🇩🇪 SMARTNET	2025-11-26 07:00:13 (6 months ago)	Aisuru(Mirai variant) DDoS	DDoS Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.11.51.23

🇰🇷 211.40.167.121

🇺🇸 205.210.31.37

🇨🇳 183.222.14.242

🇨🇷 181.193.106.86

🇮🇳 152.58.97.93

🇮🇪 108.131.50.253

🇨🇳 106.117.108.56

🇺🇸 104.37.174.77

🇩🇪 69.5.169.24

🇺🇸 67.20.116.98

🇧🇷 45.228.97.229

🇳🇱 45.142.193.105

🇨🇭 35.216.144.195

🇮🇳 27.59.60.92

🇺🇸 3.130.168.2

🇮🇹 2a03:2880:f26d:c9:face:b00c:0:7260

🇮🇹 2a03:2880:f008:1:face:b00c:0:1

🇧🇷 2804:520:db:200:5d28:7056:cd33:b0ad

🇳🇱 204.76.203.36