JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.10.28.137

103.10.28.137 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 40%: ?

40%

ISP	VIA NET COMMUNICATION LTD
Usage Type	Fixed Line ISP
ASN	AS45650
Domain Name	vianet.com.np
Country	🇳🇵 Nepal
City	Kathmandu, Bagmati Province

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.10.28.137

Whois 103.10.28.137

IP Abuse Reports for 103.10.28.137:

This IP address has been reported a total of 41 times from 26 distinct sources. 103.10.28.137 was first reported on March 28th 2021, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Vegascosmetics	2026-06-22 07:20:57 (2 days ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security	DDoS Attack Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-21 15:14:13 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 103.10.28.137 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 103.10.28.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 11:14:00.221310 2026] [security2:error] [pid 12580:tid 12580] [client 103.10.28.137:55793] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.10.28.137 (+1 hits since last alert)\|navarrete.ws\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "navarrete.ws"] [uri "/xmlrpc.php"] [unique_id "ajf_uI2igXngZpeaLIzsZQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 el-brujo	2026-06-21 00:37:55 (3 days ago)	Cloudflare WAF: Request Path: /Smileys/navidad/shocked.gif Request Query: Host: forum.elhacker.net ... show more Cloudflare WAF: Request Path: /Smileys/navidad/shocked.gif Request Query: Host: forum.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Action: managed_challenge Source: firewallCustom ASN Description: VIA NET COMMUNICATION LTD. Country: NP Method: GET Timestamp: 2026-06-21T00:37:55Z ruleId: 770fb332273f47628e1c012f2ac4e3d3. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (4 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 22ada211-5b5c-463a-b46f-60fd11dc639d	DDoS Attack
🇸🇬 mypatricks	2026-05-19 15:07:56 (1 month ago)	103.10.28.137 \| Port: 10636 \| DNS: 103.10.28.137 2026-05-19T23:07:55+08:00 Asia/Kathmandu \| FETCH Sp ... show more 103.10.28.137 \| Port: 10636 \| DNS: 103.10.28.137 2026-05-19T23:07:55+08:00 Asia/Kathmandu \| FETCH Sproofing Activity Detetced. \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 HTTP/1.1 443 GET \| URL: /contents/jquery-code?ecaaceafaceed=febbbafbffecfd \| Ref: - \| Country: NP/Nepal/+05:45 IP City: Kathmandu 9fe4037268dae10a-SIN/Singapore, Singapore 1 hits/0 secs Robots 1 show less	Brute-Force Web App Attack Blog Spam Web Spam Exploited Host
Anonymous	2026-05-17 04:10:29 (1 month ago)	Attack Signature Blocked: /wishlist/index/add/product/11344/form_key/xHO3qLDcZK9M04SX/ (Magento Site ... show more Attack Signature Blocked: /wishlist/index/add/product/11344/form_key/xHO3qLDcZK9M04SX/ (Magento Site) (Botnet activity attributed to: Angara Technologies Group / mikhail-smirnov-79830322) show less	Web App Attack Bad Web Bot
🇦🇺 FireGuard Server	2026-05-12 12:25:09 (1 month ago)	Blocked by OPNsense firewall; 7 hits, proto=tcp, ports=443	Port Scan Hacking
🇫🇷 Sklurk	2026-05-10 01:23:04 (1 month ago)	Web App Attack	Web App Attack
🇨🇭 ALPHANET	2026-05-07 10:20:02 (1 month ago)	Botnet or web spider not respecting robots.txt	DDoS Attack Exploited Host
🇬🇧 Oakley	2026-05-02 19:20:12 (1 month ago)	(confirmed_bot_sig) Confirmed bot	Hacking
Anonymous	2026-04-28 17:23:42 (1 month ago)	Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ... show more Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in thread-post.asp show less	Exploited Host Bad Web Bot
🇮🇩 David Koswari	2026-03-16 06:15:00 (3 months ago)	REQ_BLOCKED_ACL	DDoS Attack FTP Brute-Force Ping of Death Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇹🇷 rtbh.com.tr	2026-03-13 20:12:02 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇺🇸 TPI-Abuse	2026-03-04 04:39:35 (3 months ago)	(mod_security) mod_security (id:218580) triggered by 103.10.28.137 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218580) triggered by 103.10.28.137 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 03 23:39:25.532360 2026] [security2:error] [pid 22571:tid 22576] [client 103.10.28.137:52499] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\/\\\\[!+](?:[\\\\w\\\\s=_\\\\-()]+)?\\\\*\\\\/)" at ARGS:st. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/22_SQL_SQLi.conf"] [line "76"] [id "218580"] [rev "1"] [msg "COMODO WAF: MySQL in-line comment detected.\|\|uoexpanse.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "uoexpanse.com"] [uri "/forums/search.php"] [unique_id "aae3fTraSKaoutbvCPyDdAAAAQM"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 polycoda	2026-01-31 01:05:55 (4 months ago)	🥶 Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27	DDoS Attack

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.98

🇳🇱 185.107.80.93

🇻🇳 103.74.116.239

🇰🇿 92.47.193.38

🇷🇺 77.239.223.243

🇯🇵 13.208.226.29

🇺🇸 2607:f8b0:4023:1006::128

🇨🇳 222.71.234.34

🇩🇪 216.26.254.193

🇰🇬 212.241.24.163

🇵🇰 203.81.238.188

🇺🇿 198.163.194.66

🇺🇿 198.163.193.137

🇲🇽 189.203.182.88

🇳🇱 176.65.139.251

🇫🇷 176.31.40.175

🇨🇳 175.30.48.60

🇺🇸 172.174.72.225

🇺🇸 135.237.127.94

🇨🇳 117.181.167.225