JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.139.11.20

103.139.11.20 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 60%: ?

60%

ISP	PT. Cemerlang Multimedia
Usage Type	Fixed Line ISP
ASN	AS55699
Domain Name	starnet.net.id
Country	🇮🇩 Indonesia
City	Bandung, West Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.139.11.20

Whois 103.139.11.20

IP Abuse Reports for 103.139.11.20:

This IP address has been reported a total of 27 times from 25 distinct sources. 103.139.11.20 was first reported on November 4th 2025, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 ph	2026-06-25 19:26:20 (1 hour ago)	Bad web bot attempting to run xmlrpc.php on non-WP site	Hacking Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-25 17:25:50 (3 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇩🇪 macrob	2026-06-25 13:36:50 (7 hours ago)	2026/06/25 13:36:29 [error] 3958355#3958355: 330036489 access forbidden by rule, client: 103.139.11 ... show more 2026/06/25 13:36:29 [error] 3958355#3958355: 330036489 access forbidden by rule, client: 103.139.11.20, server: finami.vn, request: "POST /xmlrpc.php HTTP/2.0", host: "finami-vn.com" 2026/06/25 13:36:47 [error] 3958352#3958352: 330036950 access forbidden by rule, client: 103.139.11.20, server: finami.com.ua, request: "POST /xmlrpc.php HTTP/1.1", host: "finami.com.ua" 2026/06/25 13:36:49 [error] 3958354#3958354: 330036980 access forbidden by rule, client: 103.139.11.20, server: finami.es, request: "POST /xmlrpc.php HTTP/2.0", host: "finami.es" ... show less	Web App Attack
Anonymous	2026-06-25 10:26:59 (10 hours ago)	[redacted] 103.139.11.20 - - [25/Jun/2026:12:25:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "M ... show more [redacted] 103.139.11.20 - - [25/Jun/2026:12:25:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.0.0 Safari/537.36" [redacted] 103.139.11.20 - - [25/Jun/2026:12:25:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Linux; Android 10; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" [redacted] 103.139.11.20 - - [25/Jun/2026:12:26:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (Windows NT 6.2; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/69.0.0.0 Safari/537.36" [redacted] 103.139.11.20 - - [25/Jun/2026:12:26:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.0.0 Safari/537.36" [redacted] 103.139.11.20 - - [25/Jun/2026:12:26:27 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Mozilla/5.0 ... show less	Hacking Web App Attack
🇨🇭 4server	2026-06-25 06:54:55 (14 hours ago)	[ThuJun2508:54:51.5445872026][security2:error][pid2469396:tid2469569][client103.139.11.20:0]ModSecur ... show more [ThuJun2508:54:51.5445872026][security2:error][pid2469396:tid2469569][client103.139.11.20:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"swiss-domain-name.ch\"][uri\"/xmlrpc.php\"][unique_id\"ajzQuyez6FjEe28ni4IgfQAAAQI\"] show less	Hacking Web App Attack
🇺🇸 etu brutus	2026-06-25 05:35:20 (15 hours ago)	103.139.11.20 has been banned for [WebApp Attack] ...	Hacking Bad Web Bot Web App Attack
🇺🇸 TAY	2026-06-25 03:48:26 (17 hours ago)	103.139.11.20 - - [25/Jun/2026:11:42:52 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5874 "-" "Mozilla/5.0 ... show more 103.139.11.20 - - [25/Jun/2026:11:42:52 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5874 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/61.0.0.0 Safari/537.36" 103.139.11.20 - - [25/Jun/2026:11:47:34 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5874 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/80.0.0.0 Safari/537.36" 103.139.11.20 - - [25/Jun/2026:11:48:26 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5874 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/89.0.0.0 Safari/537.36" ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-25 00:41:48 (20 hours ago)	(mod_security) mod_security (id:225170) triggered by 103.139.11.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 103.139.11.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 20:41:42.031961 2026] [security2:error] [pid 29262:tid 29262] [client 103.139.11.20:9312] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|marinestorage.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "marinestorage.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajx5RhE4n4rG6HuvnRRSVgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-24 12:39:09 (1 day ago)	103.139.11.20 - - [24/Jun/2026:14:39:09 +0200] "POST / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows N ... show more 103.139.11.20 - - [24/Jun/2026:14:39:09 +0200] "POST / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/10.0.0.0 Safari/537.36" show less	Web App Attack
🇺🇸 aks4226	2026-05-28 22:47:29 (3 weeks ago)	Unauthorized connections to mail server.	Brute-Force
🇩🇪 check-the-sum.fr	2026-03-20 19:56:45 (3 months ago)	Port Scanning	Port Scan
🇲🇳 Public CSIRT/CC of Mongolia	2026-03-20 10:25:00 (3 months ago)	Honeypot hit: SMB traffic on port 445	IoT Targeted
🇩🇪 IP Analyzer	2026-03-18 14:30:38 (3 months ago)	Unauthorized connection attempt from IP address 103.139.11.20 on Port 445(SMB)	Port Scan
🇫🇷 ericshim.me	2026-03-10 23:33:16 (3 months ago)	Dionaea honeypot SMB access at 2026-03-10T21:15:28.898496	Brute-Force
🇫🇷 sthoyer.de	2026-03-09 03:36:06 (3 months ago)	Mar 9 04:36:04 sthoyer kernel: [IPTables-Block] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f ... show more Mar 9 04:36:04 sthoyer kernel: [IPTables-Block] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=103.139.11.20 DST=173.212.223.67 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=5422 DF PROTO=TCP SPT=18939 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 ... show less	Port Scan

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.121

🇺🇸 192.34.128.202

🇧🇷 191.210.133.134

🇧🇩 182.160.114.72

🇧🇷 179.42.96.76

🇮🇹 93.45.207.72

🇧🇬 79.124.62.134

🇮🇳 65.0.185.233

🇬🇧 18.169.131.126

🇨🇦 15.223.47.128

🇸🇪 213.112.242.16

🇷🇴 193.32.162.76

🇧🇷 177.0.238.190

🇷🇺 176.57.76.206

🇺🇸 172.71.1.180

🇩🇪 139.59.208.49

🇧🇴 132.251.234.110

🇩🇪 128.1.123.119

🇨🇳 110.182.54.166

🇷🇴 81.196.219.25