JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.189.110.48

103.189.110.48 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 28%: ?

28%

ISP	Morizt
Usage Type	Fixed Line ISP
ASN	AS149749
Hostname(s)	host-48.110.morizt.id
Domain Name	morizt.id
Country	🇮🇩 Indonesia
City	Banjar, West Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.189.110.48

Whois 103.189.110.48

IP Abuse Reports for 103.189.110.48:

This IP address has been reported a total of 9 times from 6 distinct sources. 103.189.110.48 was first reported on July 19th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-07 14:19:18 (1 week ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
Anonymous	2026-06-07 06:57:30 (1 week ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇩🇪 Vegascosmetics	2026-05-31 23:08:56 (2 weeks ago)	Kingcopy(AI-IDS) Report: IP 103.189.110.48 wurde nach 3 Angriffsversuchen automatisch geblockt. Patt ... show more Kingcopy(AI-IDS) Report: IP 103.189.110.48 wurde nach 3 Angriffsversuchen automatisch geblockt. Pattern: High Priority: ChangeCountry - Vegas Cosmetics Security System show less	DDoS Attack Hacking Bad Web Bot
Anonymous	2026-05-29 06:48:01 (2 weeks ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇩🇪 SMARTNET	2026-05-27 06:03:53 (3 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: f9eee327-63b9-4c70-8845-0c5f5dde9bdb	DDoS Attack
🇨🇳 ThreatBook.io	2026-05-13 00:03:38 (1 month ago)	ThreatBook Intelligence: vpn_proxy more details on http://threatbook.io/ip/103.189.110.48	SSH
🇮🇩 hermawan	2025-10-16 19:43:59 (8 months ago)	[Fri Oct 17 02:39:29.371868 2025] [security2:error] [pid 1173869:tid 140598376900288] [client 103.18 ... show more [Fri Oct 17 02:39:29.371868 2025] [security2:error] [pid 1173869:tid 140598376900288] [client 103.189.110.48:59696] ModSecurity: Access denied with code 403 (phase 1). Match of "pm matomo.staklim-malang.info " against "SERVER_NAME" required. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "164"] [id "440235"] [msg "BAD REQUEST Bro"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: %3a found within SERVER_NAME: staklim-malang.info request_line = GET /index.php/profil/arsip-artikel?catid=477&id=578%3Aprakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-16-22-juni-2015&start=140 HTTP/2.0 Request URI RAW = /index.php/profil/arsip-artikel?catid=477&id=578%3Aprakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-16-22-juni-2015&start=140 Request..."] [hostname "staklim-malang.info"] [uri "/index.php/profil/arsip-artikel"] [unique_id "aPFJ8Vj7Ypc ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-08-21 17:48:30 (9 months ago)	[Fri Aug 22 00:47:42.366646 2025] [security2:error] [pid 258614:tid 139764138145472] [client 103.189 ... show more [Fri Aug 22 00:47:42.366646 2025] [security2:error] [pid 258614:tid 139764138145472] [client 103.189.110.48:41616] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].?[\\"'`]\|(?:\\\\r?\\\\n)?\\\\z\|[^\\"'`]+)\|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]?from\|(?:alter\|(?:(?:cre\|trunc\|upd)at\|renam)e\|d(?:e(?:lete\|sc)\|rop)\|(?:inser\|selec)t\|load)[\\\\s\\\\x0b]?\\\\([\\\\s\\\\x0b]?space[\\\\s\\\\x0b]?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "2129"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: , like Gecko) Version/4.0 Chrome/139.0.7258.94 Mobile Safari/537.36 OcIdWebView ({\\x22os\\x22:\\x22Android\\x22, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 11; V2043 B ... show less	Hacking Web App Attack
Anonymous	2025-07-19 16:09:46 (10 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 170.79.222.202

🇺🇸 2607:ff10:c8:594::a

🇺🇸 2001:470:2cc:1::1a9

🇰🇷 211.226.58.162

🇵🇱 194.180.49.220

🇨🇴 179.32.33.161

🇺🇸 162.216.150.156

🇫🇮 147.185.133.19

🇮🇳 115.248.8.65

🇧🇩 103.190.84.114

🇧🇩 103.86.198.162

🇭🇰 94.74.98.63

🇵🇰 38.100.223.37

🇧🇪 34.79.25.22

🇬🇧 193.163.125.82

🇩🇪 178.105.200.202

🇧🇷 45.205.1.192

🇬🇧 35.203.211.69

🇬🇧 35.203.210.68

🇪🇸 196.196.150.5