JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 105.184.125.85

105.184.125.85 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 76%: ?

76%

ISP	Telkom Internet Broadband 105 184
Usage Type	Fixed Line ISP
ASN	AS37457
Hostname(s)	125-184-105-85.south.dsl.telkomsa.net
Domain Name	telkom.co.za
Country	🇿🇦 South Africa
City	Pretoria, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 105.184.125.85

Whois 105.184.125.85

IP Abuse Reports for 105.184.125.85:

This IP address has been reported a total of 32 times from 18 distinct sources. 105.184.125.85 was first reported on February 22nd 2022, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-13 23:07:20 (1 week ago)	Trying to access config files	Web App Attack
🇧🇪 cmbplf	2026-06-13 08:33:43 (1 week ago)	6.406 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇳🇱 Site.eu	2026-06-13 07:04:16 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇫🇮 YF	2026-06-13 07:00:30 (1 week ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-13 05:25:52 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 105.184.125.85 (125-184-105-85.south.dsl.telkom ... show more (mod_security) mod_security (id:240335) triggered by 105.184.125.85 (125-184-105-85.south.dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 01:25:45.370716 2026] [security2:error] [pid 20415:tid 20415] [client 105.184.125.85:57330] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.184.125.85 (+1 hits since last alert)\|slattery-law.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "slattery-law.com"] [uri "/xmlrpc.php"] [unique_id "aizp2WpWNHgy0U4APtsEVQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-13 04:52:34 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 20:22:16 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 105.184.125.85 (125-184-105-85.south.dsl.telkom ... show more (mod_security) mod_security (id:240335) triggered by 105.184.125.85 (125-184-105-85.south.dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:22:12.159986 2026] [security2:error] [pid 552:tid 552] [client 105.184.125.85:54049] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.184.125.85 (+1 hits since last alert)\|gemco-mfg.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gemco-mfg.com"] [uri "/xmlrpc.php"] [unique_id "aixqdE7u0cdSFgL-qsXAPAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 20:06:04 (1 week ago)	Trying to access config files	Web App Attack
Anonymous	2026-06-12 15:06:05 (1 week ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 14:53:29 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 105.184.125.85 (125-184-105-85.south.dsl.telkom ... show more (mod_security) mod_security (id:240335) triggered by 105.184.125.85 (125-184-105-85.south.dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 10:53:23.538797 2026] [security2:error] [pid 27550:tid 27550] [client 105.184.125.85:61225] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.184.125.85 (+1 hits since last alert)\|arsenalfordemocracy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "arsenalfordemocracy.com"] [uri "/xmlrpc.php"] [unique_id "aiwdYyRj6wg3jArxS6y8WQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 13:51:23 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 105.184.125.85 (125-184-105-85.south.dsl.telkom ... show more (mod_security) mod_security (id:240335) triggered by 105.184.125.85 (125-184-105-85.south.dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 09:51:18.216885 2026] [security2:error] [pid 4680:tid 4680] [client 105.184.125.85:52152] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.184.125.85 (+1 hits since last alert)\|lajoze.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lajoze.com"] [uri "/xmlrpc.php"] [unique_id "aiwO1nljf5wGOjOC9AzZMwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 noise.agency	2026-06-12 13:09:04 (1 week ago)	(wordpress) Failed wordpress login from 105.184.125.85 (125-184-105-85.south.dsl.telkomsa.net)	Brute-Force
🇺🇸 integrantservices.com	2026-06-12 11:40:05 (1 week ago)	(PERMBLOCK) 105.184.125.85 (125-184-105-85.south.dsl.telkomsa.net) has had more than 4 temp blocks	Hacking
Anonymous	2026-06-12 11:05:25 (1 week ago)	105.184.125.85 - - [12/Jun/2026:13:04:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "WordPress.c ... show more 105.184.125.85 - - [12/Jun/2026:13:04:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "WordPress.com; https://wordpress.com" 105.184.125.85 - - [12/Jun/2026:13:04:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 105.184.125.85 - - [12/Jun/2026:13:04:47 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com" 105.184.125.85 - - [12/Jun/2026:13:04:49 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com" 105.184.125.85 - - [12/Jun/2026:13:05:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-12 10:35:33 (1 week ago)	[redacted] 105.184.125.85 - - [12/Jun/2026:12:34:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 105.184.125.85 - - [12/Jun/2026:12:34:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" [redacted] 105.184.125.85 - - [12/Jun/2026:12:34:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" [redacted] 105.184.125.85 - - [12/Jun/2026:12:34:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 105.184.125.85 - - [12/Jun/2026:12:35:23 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" [redacted] 105.184.125.85 - - [12/Jun/2026:12:35:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" ... show less	Hacking Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 172.233.26.186

🇺🇸 40.124.173.90

🇬🇧 5.226.140.52

🇫🇷 92.129.204.168

🇸🇬 84.75.155.88

🇫🇷 62.171.168.140

🇸🇬 43.160.249.98

🇨🇳 43.143.248.79

🇫🇷 15.237.61.33

🇰🇷 112.216.129.27

🇨🇳 106.115.80.203

🇺🇸 104.236.83.40

🇰🇷 58.229.180.107

🇨🇳 58.16.147.246

🇳🇱 45.148.10.147

🇺🇸 38.12.5.206

🇺🇸 216.25.89.69

🇧🇷 205.210.31.153

🇧🇪 198.235.24.225

🇨🇳 180.184.176.74