JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.3.81.125

192.3.81.125 was found in our database!

This IP was reported 238 times. Confidence of Abuse is 100%: ?

100%

ISP	RackNerd LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Domain Name	racknerd.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.3.81.125

Whois 192.3.81.125

IP Abuse Reports for 192.3.81.125:

This IP address has been reported a total of 238 times from 103 distinct sources. 192.3.81.125 was first reported on November 25th 2025, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 zXero	2026-06-18 21:10:51 (23 hours ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
🇬🇷 setupgr	2026-06-18 18:47:19 (1 day ago)	(XMLRPC) WP XMLPRC Attack 192.3.81.125 (US/United States/New York/Buffalo/-/[AS36352 AS-COLOCROSSING ... show more (XMLRPC) WP XMLPRC Attack 192.3.81.125 (US/United States/New York/Buffalo/-/[AS36352 AS-COLOCROSSING]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 192.3.81.125 - - [18/Jun/2026:21:39:45 +0300] "GET /xmlrpc.php HTTP/1.1" 503 7306 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" show less	Port Scan
🇩🇪 botreporter	2026-06-18 18:25:48 (1 day ago)	CMS vulnerability/installation scanning	Brute-Force Web App Attack
Anonymous	2026-06-18 17:35:46 (1 day ago)	[PathScanning] Path scanning/probing detected: WordPress system file probe (path: /xmlrpc.php) \| [Xm ... show more [PathScanning] Path scanning/probing detected: WordPress system file probe (path: /xmlrpc.php) \| [XmlRpc] XML-RPC abuse detected: XML-RPC endpoint probe (GET) show less	Port Scan Hacking Web App Attack
🇩🇪 findlab	2026-06-18 13:35:02 (1 day ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-18 10:22:22 (1 day ago)	[ThuJun1812:22:17.6244552026][security2:error][pid609141:tid609159][client192.3.81.125:0]ModSecurity ... show more [ThuJun1812:22:17.6244552026][security2:error][pid609141:tid609159][client192.3.81.125:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"your-team.ch\"][uri\"/xmlrpc.php\"][unique_id\"ajPG2cP0KP4A_-UR21mdHgAAAA8\"] show less	Port Scan Brute-Force Web App Attack
🇯🇵 ki3	2026-06-18 04:14:14 (1 day ago)	Fail2Ban: Web App Attacks and Forum Spam 192.3.81.125 1781756054.0(JST)	Web Spam Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2026-06-18 04:02:07 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoi ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoint: /xmlrpc.php \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇫🇷 SpaceHost-Server	2026-06-17 22:28:24 (1 day ago)		Brute-Force Web App Attack
🇧🇪 voormedia	2026-06-17 22:16:24 (1 day ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇩🇪 on-com	2026-06-17 20:09:44 (2 days ago)	URL scan	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-17 19:15:05 (2 days ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇬🇷 setupgr	2026-06-17 16:22:56 (2 days ago)	(XMLRPC) WP XMLPRC Attack 192.3.81.125 (US/United States/New York/Buffalo/-/[AS36352 AS-COLOCROSSING ... show more (XMLRPC) WP XMLPRC Attack 192.3.81.125 (US/United States/New York/Buffalo/-/[AS36352 AS-COLOCROSSING]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 192.3.81.125 - - [17/Jun/2026:19:15:04 +0300] "GET /xmlrpc.php HTTP/1.1" 301 288 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" show less	Port Scan
Anonymous	2026-06-17 09:07:02 (2 days ago)	Automated web scanner. Requested suspicious paths: /xmlrpc.php. UTC: 2026-06-17 08:55:18.	Web App Attack
🇨🇭 4server	2026-06-17 07:19:51 (2 days ago)	[WedJun1709:19:47.3356052026][security2:error][pid4071041:tid4071285][client192.3.81.125:0]ModSecuri ... show more [WedJun1709:19:47.3356052026][security2:error][pid4071041:tid4071285][client192.3.81.125:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"comarcosa.com\"][uri\"/xmlrpc.php\"][unique_id\"ajJKk-zS8x6ysxbgUCPWrAAAAIg\"] show less	Hacking Web App Attack

Showing 1 to 15 of 238 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 182.95.228.106

🇳🇱 176.65.148.97

🇨🇳 120.9.204.180

🇧🇷 45.205.1.76

🇺🇸 205.210.31.47

🇳🇱 176.65.148.93

🇺🇸 162.216.149.36

🇺🇸 141.11.88.9

🇮🇳 122.176.117.147

🇹🇼 61.222.211.114

🇻🇳 45.119.81.245

🇳🇱 5.61.209.92

🇨🇳 1.193.63.14

🇪🇹 196.189.126.10

🇧🇷 187.108.193.54

🇸🇬 178.128.116.102

🇳🇱 176.65.148.85

🇳🇱 176.65.148.37

🇲🇦 160.174.130.48

🇨🇳 120.230.23.93