JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.94.251.136

103.94.251.136 was found in our database!

This IP was reported 40 times. Confidence of Abuse is 69%: ?

69%

ISP	PT Ciptabangun Bumi Mulya
Usage Type	Fixed Line ISP
ASN	AS138884
Domain Name	ciptamulya.com
Country	🇮🇩 Indonesia
City	Pekanbaru, Riau

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.94.251.136

Whois 103.94.251.136

IP Abuse Reports for 103.94.251.136:

This IP address has been reported a total of 40 times from 13 distinct sources. 103.94.251.136 was first reported on December 2nd 2025, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-22 04:23:27 (4 hours ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇪🇸 alferez	2026-06-22 01:56:20 (7 hours ago)	xmlrpc.php attack DOS	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 04:50:05 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 103.94.251.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.94.251.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 00:49:57.636036 2026] [security2:error] [pid 21662:tid 21662] [client 103.94.251.136:58475] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.94.251.136 (+1 hits since last alert)\|hertzan.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hertzan.com"] [uri "/xmlrpc.php"] [unique_id "ajTKdfKJ4sxGYmmMzGuX1QAAADc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 02:34:09 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 103.94.251.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.94.251.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 22:34:03.094542 2026] [security2:error] [pid 11586:tid 11586] [client 103.94.251.136:64633] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.94.251.136 (+1 hits since last alert)\|zabyte.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "zabyte.net"] [uri "/xmlrpc.php"] [unique_id "ajSqmxi6JvjWxsAAIPyV1gAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-19 02:31:12 (3 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2026-06-18 08:43:32 (4 days ago)	[server.tmg.gr] httpd-xmlrpc-post: sites=inradis.com; logs=/var/log/httpd/domains/inradis.com.log; s ... show more [server.tmg.gr] httpd-xmlrpc-post: sites=inradis.com; logs=/var/log/httpd/domains/inradis.com.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-18 08:08:11 (4 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇳🇱 ConsulHosting	2026-06-18 06:23:44 (4 days ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
Anonymous	2026-06-18 06:22:03 (4 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
Anonymous	2026-06-17 03:22:09 (5 days ago)	[redacted] 103.94.251.136 - - [17/Jun/2026:05:21:25 +0200] "POST /xmlrpc.php HTTP/1.1" 403 1511 "-" ... show more [redacted] 103.94.251.136 - - [17/Jun/2026:05:21:25 +0200] "POST /xmlrpc.php HTTP/1.1" 403 1511 "-" "WordPress.com; https://wordpress.com" [redacted] 103.94.251.136 - - [17/Jun/2026:05:21:36 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" [redacted] 103.94.251.136 - - [17/Jun/2026:05:21:47 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack by WordPress.com" [redacted] 103.94.251.136 - - [17/Jun/2026:05:21:57 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" [redacted] 103.94.251.136 - - [17/Jun/2026:05:22:08 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack/13.0; WordPress/6.4; http://site64490479.com" ... show less	Hacking Web App Attack
🇫🇷 dynamix	2026-06-15 05:59:04 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇳🇱 wlt-blocker	2026-06-15 04:49:54 (1 week ago)	Unauthorized access to webpage admin	Web App Attack
🇪🇸 masterguru	2026-06-15 03:49:25 (1 week ago)	(xmlrpc) Failed xmlrpc access from 103.94.251.136 (ID/Indonesia/-): 5 in the last 3600 secs (0-122)	Hacking
Anonymous	2026-06-12 03:20:39 (1 week ago)	(wordpress) Failed wordpress login from 103.94.251.136 (ID/Indonesia/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-11 05:54:26 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.94.251.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.94.251.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 01:54:18.263916 2026] [security2:error] [pid 2919:tid 2919] [client 103.94.251.136:56700] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.94.251.136 (+1 hits since last alert)\|ohanameetup.party\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ohanameetup.party"] [uri "/xmlrpc.php"] [unique_id "aipNioerECW1I2XOtDTHSgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 40 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 188.166.69.53

🇳🇱 185.242.226.93

🇺🇦 176.36.146.80

🇮🇳 152.58.37.6

🇮🇳 152.52.240.162

🇺🇸 72.239.145.229

🇩🇪 69.5.169.34

🇨🇦 31.57.41.68

🇺🇸 23.95.250.38

🇳🇱 176.65.139.181

🇺🇸 165.154.36.105

🇺🇸 129.121.85.48

🇭🇰 103.100.208.168

🇯🇵 96.126.130.244

🇩🇪 69.5.169.180

🇺🇸 64.62.156.214

🇺🇸 57.141.20.5

🇭🇰 223.197.186.7

🇺🇿 213.230.120.23

🇵🇰 182.183.135.62