JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.5.48.203

194.5.48.203 was found in our database!

This IP was reported 84 times. Confidence of Abuse is 53%: ?

53%

ISP	VPN Consumer Tokyo, Japan
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.5.48.203

Whois 194.5.48.203

IP Abuse Reports for 194.5.48.203:

This IP address has been reported a total of 84 times from 55 distinct sources. 194.5.48.203 was first reported on November 20th 2024, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-27 21:31:31 (12 hours ago)	(mod_security) mod_security (id:240000) triggered by 194.5.48.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240000) triggered by 194.5.48.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 17:31:26.057179 2026] [security2:error] [pid 12057:tid 12062] [client 194.5.48.203:25289] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|madtruckerbill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "madtruckerbill.com"] [uri "/images/stories/themes.php"] [unique_id "akBBLl88rrEyyt82BM_gIQAAAUM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Octopuce	2026-06-26 19:00:30 (1 day ago)	Aggressive web search of vulnerable pages: /bless.php /O-Simple.php /lock360.php /zwso.php /chosen.p ... show more Aggressive web search of vulnerable pages: /bless.php /O-Simple.php /lock360.php /zwso.php /chosen.php /about.php /admin.php /mah.php /core.php ... show less	Web App Attack
🇺🇸 dtorrer	2026-06-25 23:47:04 (2 days ago)	Brute-force general attack.	Brute-Force
🇬🇧 consul.to	2026-06-25 16:28:08 (2 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 06:15:31 (3 days ago)	(mod_security) mod_security (id:240000) triggered by 194.5.48.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240000) triggered by 194.5.48.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 02:15:27.615195 2026] [security2:error] [pid 14506:tid 14506] [client 194.5.48.203:46437] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|ecodesarrollourbano.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "ecodesarrollourbano.com"] [uri "/images/stories/themes.php"] [unique_id "ajzHf5oo_jN0D8dGoBQDLwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 02:08:43 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 194.5.48.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 194.5.48.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 22:08:36.752262 2026] [security2:error] [pid 21158:tid 21181] [client 194.5.48.203:46129] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 194.5.48.203 (+1 hits since last alert)\|conservativelabor.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "conservativelabor.com"] [uri "/xmlrpc.php"] [unique_id "ajyNpL3cL3ptprVY8RgiJQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ambor	2026-06-24 19:34:56 (3 days ago)	Honeypot triggered: /wp-content/plugins/filester/assets/css/404.php on ifebridge.com. User-Agent: Mo ... show more Honeypot triggered: /wp-content/plugins/filester/assets/css/404.php on ifebridge.com. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0. Method: GET show less	Web App Attack
🇫🇷 masterguru	2026-06-24 18:23:17 (3 days ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-201)	Hacking
🇺🇸 dtorrer	2026-06-24 12:45:46 (3 days ago)	Brute-force general attack.	Brute-Force
🇳🇱 ByeByte API	2026-06-20 12:30:56 (1 week ago)	byebyte.space auth: GET /wp-login.php at 2026-06-20T12:30:56Z. Honeypot path hit; firewall auto-bann ... show more byebyte.space auth: GET /wp-login.php at 2026-06-20T12:30:56Z. Honeypot path hit; firewall auto-banned the IP for 24h. UA: 'Mozilla/5.0'. Accept-Encoding: 'gzip, br'. Country (CF): JP. TLS info: {"scheme":"https"}. show less	Web App Attack Port Scan
Anonymous	2026-05-26 03:54:31 (1 month ago)	194.5.48.203 - - [26/May/2026:05:54:30 +0200] "GET /wp-content/plugins/enhanced-text-widget/analyst/ ... show more 194.5.48.203 - - [26/May/2026:05:54:30 +0200] "GET /wp-content/plugins/enhanced-text-widget/analyst/src/403x.php HTTP/1.1" 404 124 "-" "Go-http-client/1.1" 194.5.48.203 - - [26/May/2026:05:54:30 +0200] "GET /wp-content/plugins/semrush/x.php HTTP/1.1" 404 124 "-" "Go-http-client/1.1" 194.5.48.203 - - [26/May/2026:05:54:30 +0200] "GET /wp-content/plugins/hello-plus/classes/ehp-sarang.php HTTP/1.1" 404 124 "-" "Go-http-client/1.1" 194.5.48.203 - - [26/May/2026:05:54:31 +0200] "GET /wp-content/plugins/so-pinyin-slugs/inc/main_json.php HTTP/1.1" 404 124 "-" "Go-http-client/1.1" 194.5.48.203 - - [26/May/2026:05:54:31 +0200] "GET /wp-content/plugins/WPManager/up.php HTTP/1.1" 404 124 "-" "Go-http-client/1.1" ... show less	Brute-Force Web App Attack
🇩🇪 ghostwarriors	2026-05-26 03:20:07 (1 month ago)	Attempts against non-existent wp-login	Brute-Force Web App Attack
🇨🇭 backslash	2026-05-26 02:27:00 (1 month ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-15 10:39:23 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 194.5.48.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 194.5.48.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 06:39:19.508709 2026] [security2:error] [pid 2957537:tid 2957551] [client 194.5.48.203:52701] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.leaderoftheopposition.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.leaderoftheopposition.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ad9q18RrbWQxX-_eLlgAAAAAAYw"], referer: https://leaderoftheopposition.com/wp-json/wp/v2/users show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nyt	2026-04-15 10:32:46 (2 months ago)	WP Author Enumeration	Web App Attack

Showing 1 to 15 of 84 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 163.7.9.194

🇻🇳 103.60.242.169

🇺🇸 2a02:6ea0:cc02:5482::13

🇷🇺 213.180.203.125

🇧🇷 205.210.31.183

🇳🇱 185.242.226.67

🇺🇸 143.198.188.233

🇵🇰 103.244.172.135

🇮🇶 91.217.133.152

🇺🇸 71.6.242.36

🇺🇸 47.251.179.212

🇳🇱 45.148.10.121

🇺🇸 24.98.32.159

🇯🇵 20.46.119.207

🇲🇲 210.14.97.98

🇺🇸 172.234.218.210

🇩🇪 167.99.143.48

🇺🇸 157.230.142.126

🇰🇷 121.142.56.91

🇺🇸 107.167.34.125