Report for IP: 203.25.124.224

Threat LevelMEDIUM41/1002 rule types across 2 attack categories
3 incidents on record · 2 rule types · last seen 1d ago
PTR N/A
Org / ASN VPN Consumer Osaka, Japan
Country 🇯🇵 Japan
City Osaka, Osaka
Timezone Asia/Tokyo

Attack Analysis

🇯🇵 Japan · Osaka · 137409 · Vpn Consumer Osaka, Japan
Directory Brute-Force (Active Scan)
This IP triggered 10 or more HTTP 4xx errors within 60 seconds — the signature of a vulnerability scanner cycling through wordlists of common admin paths, config files, and endpoints. Tools like Nikto, Dirbuster, and Gobuster produce exactly this pattern.
WordPress XML-RPC Abuse
This IP targeted xmlrpc.php, a legacy WordPress endpoint that has been abused for brute-force authentication attacks, credential stuffing, and DDoS amplification. Any direct access to xmlrpc.php is an attack or reconnaissance attempt; modern WordPress sites should disable it entirely.

Reports (3)

Date Severity Description
12 Jun 2026 - 23:33 high Web: Active scan — 10+ 4xx errors in 60s
12 Jun 2026 - 23:32 high Web: xmlrpc.php accessed
12 Jun 2026 - 23:32 high Web: Active scan — 10+ 4xx errors in 60s

Related IPs — Same /24 Block (203.25.124.0/24)

203.25.124.81MEDIUM1 report203.25.124.87MEDIUM1 report203.25.124.97MEDIUM1 report203.25.124.76MEDIUM1 report203.25.124.85MEDIUM1 report203.25.124.27MEDIUM2 reports203.25.124.75MEDIUM1 report203.25.124.225MEDIUM1 report
Part of EagleEye Intelligence