JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.189.201.196

103.189.201.196 was found in our database!

This IP was reported 46 times. Confidence of Abuse is 67%: ?

67%

ISP	PT Indonesia Comnets Plus
Usage Type	Fixed Line ISP
ASN	AS9341
Domain Name	iconpln.net.id
Country	🇮🇩 Indonesia
City	Surabaya, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.189.201.196

Whois 103.189.201.196

IP Abuse Reports for 103.189.201.196:

This IP address has been reported a total of 46 times from 22 distinct sources. 103.189.201.196 was first reported on February 14th 2024, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-27 09:01:20 (1 hour ago)	(mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 05:01:13.051799 2026] [security2:error] [pid 12025:tid 12042] [client 103.189.201.196:51047] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.189.201.196 (+1 hits since last alert)\|seriousgames-system.info\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "seriousgames-system.info"] [uri "/xmlrpc.php"] [unique_id "aj-RWavK1jn3UT3J0_KQyAAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-27 07:57:44 (2 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇷🇴 INTEQ	2026-06-27 03:20:27 (6 hours ago)	Web attack from 103.189.201.196	Web App Attack
🇫🇷 tecnicorioja	2026-06-26 22:00:02 (12 hours ago)	POST /xmlrpc.php [26/Jun/2026:12:26:01	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 03:50:16 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 23:50:09.962883 2026] [security2:error] [pid 24014:tid 24014] [client 103.189.201.196:10953] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.189.201.196 (+1 hits since last alert)\|redlitephotos.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "redlitephotos.com"] [uri "/xmlrpc.php"] [unique_id "aj328QP5qIefYdqOLGsmFAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇾 Rizzy	2026-06-25 07:49:21 (2 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 03:13:29 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 23:13:24.359500 2026] [security2:error] [pid 18882:tid 18882] [client 103.189.201.196:22366] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.189.201.196 (+1 hits since last alert)\|mariettacaseyclub.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mariettacaseyclub.org"] [uri "/xmlrpc.php"] [unique_id "ajyc1DiKZvj66ZE_i68mTAAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Séfora Srl	2026-06-25 02:02:21 (2 days ago)	Failed attempt detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 06:50:09 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 02:50:01.850021 2026] [security2:error] [pid 8843:tid 8843] [client 103.189.201.196:38939] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.189.201.196 (+1 hits since last alert)\|schlegelcreative.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "schlegelcreative.com"] [uri "/xmlrpc.php"] [unique_id "ajt-GcK9QdJUsSLucwS2cAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 05:07:41 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 01:07:37.662874 2026] [security2:error] [pid 15310:tid 15372] [client 103.189.201.196:21921] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.189.201.196 (+1 hits since last alert)\|tradersofficepark.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tradersofficepark.com"] [uri "/xmlrpc.php"] [unique_id "ajtmGSHJBCtkATXBGY6ROwAAAcU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-24 04:33:37 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇩🇪 abdubhai	2026-06-24 02:31:52 (3 days ago)	103.189.201.196 - - [24/Jun/2026 ...	Brute-Force
🇺🇸 TPI-Abuse	2026-06-22 05:36:28 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.189.201.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 01:36:20.498953 2026] [security2:error] [pid 24659:tid 24659] [client 103.189.201.196:48895] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.189.201.196 (+1 hits since last alert)\|321q.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "321q.com"] [uri "/xmlrpc.php"] [unique_id "ajjJ1N--7Ga0Lk_Akpu09QAAACk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Kenshin869	2026-06-22 02:29:02 (5 days ago)	Wordpress unauthorized access attempt	Brute-Force
🇱🇻 garmtech.com	2026-06-20 05:49:14 (1 week ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS	Web App Attack

Showing 1 to 15 of 46 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 27.79.40.230

🇪🇸 217.154.106.153

🇹🇼 211.21.155.132

🇩🇪 193.124.20.253

🇭🇺 134.255.95.34

🇨🇳 114.98.230.202

🇷🇴 80.94.92.109

🇱🇹 77.90.185.249

🇺🇸 69.49.246.176

🇺🇸 54.81.135.102

🇬🇧 45.82.76.125

🇧🇷 20.197.235.22

🇳🇱 185.93.89.154

🇪🇸 130.195.250.68

🇨🇳 118.31.76.150

🇨🇳 117.34.85.168

🇻🇳 103.153.254.96

🇧🇬 79.124.62.230

🇺🇸 66.132.172.231

🇳🇱 45.148.10.147