JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.252.166.122

103.252.166.122 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 41%: ?

41%

ISP	Alliance Broadband Services Pvt. Ltd.
Usage Type	Fixed Line ISP
ASN	AS23860
Domain Name	alliancekolkata.com
Country	🇮🇳 India
City	Durgapur, West Bengal

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.252.166.122

Whois 103.252.166.122

IP Abuse Reports for 103.252.166.122:

This IP address has been reported a total of 34 times from 25 distinct sources. 103.252.166.122 was first reported on September 20th 2021, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 big-cloud.nl	2026-05-08 10:17:41 (1 month ago)	Try to access /xmlrpc.php	Web App Attack
🇳🇱 wlt-blocker	2026-05-06 05:51:52 (1 month ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 WellSpring	2026-05-05 11:28:09 (1 month ago)	xmlrpc exploit on 312.today/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer	Brute-Force Web App Attack
🇩🇪 stinpriza	2026-05-05 11:13:40 (1 month ago)	Web App Attack	Web App Attack
🇺🇸 mnsf	2026-05-05 09:06:21 (1 month ago)	Xmlrpc Caught (6)	Brute-Force Web App Attack
🇩🇪 big-cloud.nl	2026-05-05 07:53:52 (1 month ago)	Try to access /xmlrpc.php	Web App Attack
🇨🇭 4server	2026-05-03 07:29:15 (1 month ago)	[SunMay0309:28:59.4029022026][security2:error][pid3543639:tid3543999][client103.252.166.122:0]ModSec ... show more [SunMay0309:28:59.4029022026][security2:error][pid3543639:tid3543999][client103.252.166.122:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"minondou-togo.ch\"][uri\"/xmlrpc.php\"][unique_id\"afb5O4pPrX3ZUJuD2_0ZqgAAAEM\"] show less	Hacking Web App Attack
🇦🇺 screwlooseit.com.au	2026-05-03 06:48:21 (1 month ago)	Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/-	Web App Attack
Anonymous	2026-05-02 14:55:26 (1 month ago)	(wordpress) Failed wordpress login from 103.252.166.122 (IN/India/-)	Brute-Force
🇩🇪 LRob.fr	2026-05-02 11:30:03 (1 month ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇫🇷 Eldeberen	2026-05-01 11:16:05 (1 month ago)	Vulnerability scan attempt through HTTP protocol	Web App Attack
🇺🇸 TPI-Abuse	2026-04-30 11:36:13 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 103.252.166.122 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.252.166.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 07:35:58.591168 2026] [security2:error] [pid 13361:tid 13361] [client 103.252.166.122:38662] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|idmadventures.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "idmadventures.com"] [uri "/wp-json/wp/v2/users"] [unique_id "afM-nopAUec-va-YVj2FRwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-30 09:01:55 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 103.252.166.122 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 103.252.166.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 05:01:38.036195 2026] [security2:error] [pid 19043:tid 19043] [client 103.252.166.122:28796] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|drdot.xyz\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "drdot.xyz"] [uri "/wp-json/wp/v2/users"] [unique_id "afMacjY1ZZLwb2kMo-YCmAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-04-30 08:50:33 (1 month ago)	[ThuApr3010:50:19.2880822026][security2:error][pid2445841:tid2445861][client103.252.166.122:0]ModSec ... show more [ThuApr3010:50:19.2880822026][security2:error][pid2445841:tid2445861][client103.252.166.122:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"cmsolution.ch\"][uri\"/xmlrpc.php\"][unique_id\"afMXy8HrLv55FO8HHzgV0AAAAIk\"] show less	Port Scan Brute-Force Web App Attack
🇫🇷 Little Iguana	2026-04-29 13:39:12 (1 month ago)	Attempt to hack Wordpress Login, XMLRPC or other login	Hacking

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 146.103.5.226

🇩🇪 69.5.169.105

🇩🇪 69.5.169.14

🇺🇸 20.55.35.217

🇩🇪 217.154.208.95

🇨🇴 190.165.144.37

🇺🇸 184.105.247.236

🇺🇸 172.104.210.105

🇺🇸 157.230.81.129

🇺🇸 124.198.131.39

🇮🇳 122.187.230.123

🇰🇿 95.82.67.240

🇩🇪 69.5.169.111

🇳🇱 45.148.10.141

🇳🇱 45.148.10.121

🇧🇷 43.157.157.55

🇺🇸 34.28.25.113

🇺🇸 20.163.15.123

🇬🇧 2a06:4880:8000::95

🇵🇰 203.215.174.60