JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.152.112.120

103.152.112.120 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	Black Mesa Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46997
Domain Name	apernet.io
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.152.112.120

Whois 103.152.112.120

IP Abuse Reports for 103.152.112.120:

This IP address has been reported a total of 12 times from 7 distinct sources. 103.152.112.120 was first reported on August 25th 2023, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2025-02-25 01:52:14 (1 year ago)	Excessive connections to http/https ports	DDoS Attack
Anonymous	2025-02-17 17:59:24 (1 year ago)		Web App Attack
Anonymous	2025-02-06 10:22:26 (1 year ago)		Web App Attack
Anonymous	2025-01-27 18:31:04 (1 year ago)		Web App Attack
Anonymous	2025-01-22 02:23:29 (1 year ago)	(CT) IP 103.152.112.120 (US/United States/-) found to have 960 connections; Ports: 27960; SRV: 1; Ac ... show more (CT) IP 103.152.112.120 (US/United States/-) found to have 960 connections; Ports: 27960; SRV: 1; Action: 1; Trigger: CT_LIMIT show less	DDoS Attack Hacking
🇺🇸 TPI-Abuse	2025-01-06 14:21:51 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 103.152.112.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 103.152.112.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 06 09:21:36.316339 2025] [security2:error] [pid 985335:tid 985335] [client 103.152.112.120:49788] [client 103.152.112.120] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thevillageartcenter.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thevillageartcenter.com"] [uri "/mailto:[email protected]"] [unique_id "Z3vm8LvM1e6wBOO3TUd4VwAAAGU"], referer: http://thevillageartcenter.com/contact.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-01-02 05:11:18 (1 year ago)	(mod_security) mod_security (id:240950) triggered by 103.152.112.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240950) triggered by 103.152.112.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 02 00:11:05.460088 2025] [security2:error] [pid 1135:tid 1135] [client 103.152.112.120:34790] [client 103.152.112.120] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|beckersystems.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "beckersystems.com"] [uri "/apps/buswiki/index.php"] [unique_id "Z3Yf6aihA3Nbjsu32-kS0AAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-12-22 22:43:02 (1 year ago)	(mod_security) mod_security (id:212750) triggered by 103.152.112.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:212750) triggered by 103.152.112.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 22 17:42:46.002571 2024] [security2:error] [pid 26656:tid 26656] [client 103.152.112.120:40452] [client 103.152.112.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|www.powerkiteforum.com\|F\|2"] [data "Matched Data: onerror= found within REQUEST_URI: /viewthread.php?tid=<img src=x onerror=alert(\\x22xss\\x22)>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.powerkiteforum.com"] [uri "/viewthread.php"] [unique_id "Z2iV5e8bbaWO0YeBqK7bxAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 nyuuzyou	2024-12-14 17:11:37 (1 year ago)	Intensive scraping: /web?s=%D1%80%D0%B5%D1%81%D1%82%D0%BE%D1%80%D0%B0%D0%BD%20Dudinka&country=tg-tg& ... show more Intensive scraping: /web?s=%D1%80%D0%B5%D1%81%D1%82%D0%BE%D1%80%D0%B0%D0%BD%20Dudinka&country=tg-tg&scraper=brave. User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68. show less	Bad Web Bot
🇺🇸 PulseServers	2024-12-06 23:57:41 (1 year ago)	Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com ... show more Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com - ISUS1 ... show less	DDoS Attack Exploited Host
🇺🇸 TPI-Abuse	2024-12-06 05:43:03 (1 year ago)	(mod_security) mod_security (id:210831) triggered by 103.152.112.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 103.152.112.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 06 00:42:47.413436 2024] [security2:error] [pid 267451:tid 267451] [client 103.152.112.120:41208] [client 103.152.112.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|backstore.com\|F\|4"] [data "a href="] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "backstore.com"] [uri "/webalizer/usage_202412.html"] [unique_id "Z1KO1wAXb1x9Q2gCsyLIsgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 jhuisi	2023-08-25 03:02:25 (2 years ago)		Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 167.94.145.22

🇨🇳 117.191.83.250

🇭🇰 103.226.124.223

🇫🇮 77.105.161.120

🇦🇪 2001:8f8:1a67:1a15:ccac:ac24:18ef:8981

🇺🇸 140.186.219.179

🇨🇳 119.123.172.170

🇮🇹 78.134.49.171

🇺🇸 70.37.89.177

🇮🇳 27.4.50.109

🇭🇰 203.198.173.137

🇬🇧 195.206.182.199

🇫🇷 194.113.235.89

🇨🇳 150.139.201.247

🇺🇸 136.109.228.64

🇨🇳 119.98.21.180

🇹🇼 110.25.107.172

🇵🇰 103.74.21.48

🇩🇪 69.5.169.120

🇺🇸 52.53.13.228