JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 106.243.125.142

106.243.125.142 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 56%: ?

56%

ISP	LG DACOM Corporation
Usage Type	Commercial
ASN	AS3786
Domain Name	dacom.co.kr
Country	🇰🇷 Korea (the Republic of)
City	Seoul, Seoul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 106.243.125.142

Whois 106.243.125.142

IP Abuse Reports for 106.243.125.142:

This IP address has been reported a total of 12 times from 9 distinct sources. 106.243.125.142 was first reported on June 12th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-14 11:23:00 (1 hour ago)	[redacted] 106.243.125.142 - - [14/Jun/2026:13:22:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" ... show more [redacted] 106.243.125.142 - - [14/Jun/2026:13:22:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/15.0.0.0 Safari/537.36" [redacted] 106.243.125.142 - - [14/Jun/2026:13:22:25 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/72.0.0.0 Safari/537.36" [redacted] 106.243.125.142 - - [14/Jun/2026:13:22:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36" [redacted] 106.243.125.142 - - [14/Jun/2026:13:22:34 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/65.0.0.0 Safari/537.36" [redacted] 106.243.125.142 - - [14/Jun/2026:13:22:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux ... show less	Hacking Web App Attack
🇺🇸 interbiznw.com	2026-06-14 01:24:13 (11 hours ago)	fail2ban-ban	Hacking Brute-Force Exploited Host Web App Attack
🇳🇴 jad@	2026-06-13 23:34:18 (13 hours ago)	ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Obse ... show more ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Observed by 1 sensor(s); 1 hits. show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 23:28:40 (13 hours ago)	(mod_security) mod_security (id:225170) triggered by 106.243.125.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 106.243.125.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 19:28:34.678023 2026] [security2:error] [pid 27625:tid 27625] [client 106.243.125.142:1876] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|dynamic-therapy-mn.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dynamic-therapy-mn.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai3noqzHbmIdmN8D6Iy9tgAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-13 23:07:11 (13 hours ago)	Trying to access config files	Web App Attack
Anonymous	2026-06-13 22:36:03 (14 hours ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 21:00:46 (15 hours ago)	(mod_security) mod_security (id:225170) triggered by 106.243.125.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 106.243.125.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 17:00:38.569275 2026] [security2:error] [pid 20336:tid 20336] [client 106.243.125.142:8338] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|circleinthesquare.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "circleinthesquare.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ai3E9pcfG3sXCivxDSMiwAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Bedios GmbH	2026-06-13 18:51:33 (17 hours ago)	Wordpress hacking attempt	Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 15:59:20 (20 hours ago)	(mod_security) mod_security (id:225170) triggered by 106.243.125.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 106.243.125.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 11:59:14.644932 2026] [security2:error] [pid 1766:tid 1795] [client 106.243.125.142:3097] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|visionforandfromchildren.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "visionforandfromchildren.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ai1-UuV514EO4NLS50iyJAAAANg"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-13 12:42:31 (23 hours ago)	[SatJun1314:42:23.6979292026][security2:error][pid1216319:tid1216627][client106.243.125.142:0]ModSec ... show more [SatJun1314:42:23.6979292026][security2:error][pid1216319:tid1216627][client106.243.125.142:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"shadowdrummer.ch\"][uri\"/xmlrpc.php\"][unique_id\"ai1QL1SG__cQfDmsmfwStgAAAM0\"] show less	Hacking Web App Attack
🇳🇱 wlt-blocker	2026-06-13 09:36:16 (1 day ago)	Unauthorized access to webpage admin	Web App Attack
Anonymous	2026-06-12 22:06:03 (1 day ago)	Trying to access config files	Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 195.206.182.209

🇺🇸 172.208.153.209

🇺🇸 65.49.20.67

🇨🇴 190.60.242.28

🇪🇨 186.68.83.104

🇺🇸 178.156.165.255

🇧🇷 177.66.140.44

🇩🇪 159.89.108.11

🇭🇰 152.32.135.48

🇺🇸 144.126.216.218

🇨🇳 120.55.81.118

🇮🇳 103.89.136.111

🇸🇪 89.233.203.159

🇺🇸 44.211.196.248

🇺🇸 23.101.116.84

🇺🇿 213.230.92.253

🇺🇸 204.62.193.225

🇬🇧 193.32.209.243

🇺🇸 178.128.155.163

🇯🇴 176.29.149.9