JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.189.201.57

103.189.201.57 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 18%: ?

18%

ISP	PT Indonesia Comnets Plus
Usage Type	Fixed Line ISP
ASN	AS9341
Domain Name	iconpln.net.id
Country	🇮🇩 Indonesia
City	Surabaya, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.189.201.57

Whois 103.189.201.57

IP Abuse Reports for 103.189.201.57:

This IP address has been reported a total of 8 times from 5 distinct sources. 103.189.201.57 was first reported on June 21st 2023, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-06-26 05:01:25 (3 hours ago)	06/26/2026-12:01:22.344053 [Drop] [] [1:3100000796:0] Suricata match TLS ja3 scan Uniq Zeek no 79 ... show more 06/26/2026-12:01:22.344053 [Drop] [] [1:3100000796:0] Suricata match TLS ja3 scan Uniq Zeek no 796 with hash_03bb97ad5729254707adf5202d05e6fe [**] [Classification: (null)] [Priority: 3] {TCP} 103.189.201.57:55994 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇺🇸 NetGuard	2026-05-31 03:04:00 (3 weeks ago)	#honeypot #netguard247 #cowrie #ssh_telnet_probe Captured by NetGuard 24/7 T-Pot honeypot (netguard2 ... show more #honeypot #netguard247 #cowrie #ssh_telnet_probe Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timestamp: 2026-05-24T03:02:56.878+00:00 Attacker IP: 103.189.201.57 \| Port: 23 \| Country: Indonesia Honeypot: cowrie \| Attack: ssh_telnet_probe Source: NetGuard 24/7 (netguard24-7.com) \| PhantomGrid Defense show less	Brute-Force SSH
🇩🇪 SMARTNET	2026-05-27 06:03:53 (4 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 22ada211-5b5c-463a-b46f-60fd11dc639d	DDoS Attack
🇺🇸 NetGuard	2026-05-24 02:27:04 (1 month ago)	#honeypot #netguard247 #cowrie #sshtelnetprobe Captured by NetGuard 24/7 T-Pot honeypot (netguard24- ... show more #honeypot #netguard247 #cowrie #sshtelnetprobe Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timestamp: 2026-05-24T02:27:04.266+00:00 Attacker IP: 103.189.201.57 \| Port: 23 \| Country: Indonesia Honeypot: cowrie \| Attack: ssh_telnet_probe Source: NetGuard 24/7 (netguard24-7.com) \| PhantomGrid Defense show less	Brute-Force SSH
🇺🇸 xmission.com	2026-01-10 06:18:48 (5 months ago)	Blocked by UFW (TCP on 9101) Source port: 50015 TTL: 113 Packet length: 52 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 9101) Source port: 50015 TTL: 113 Packet length: 52 TOS: 0x08 This report (for 103.189.201.57) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇮🇩 hermawan	2025-10-02 10:52:01 (8 months ago)	[Thu Oct 02 17:51:24.405106 2025] [security2:error] [pid 829981:tid 140256136316608] [client 103.189 ... show more [Thu Oct 02 17:51:24.405106 2025] [security2:error] [pid 829981:tid 140256136316608] [client 103.189.201.57:50625] ModSecurity: Access denied with code 403 (phase 1). Match of "pm matomo.staklim-malang.info " against "SERVER_NAME" required. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "164"] [id "440235"] [msg "BAD REQUEST Bro"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: /index.php?id= found within SERVER_NAME: staklim-malang.info request_line = GET /index.php?id=594 HTTP/2.0 Request URI RAW = /index.php?id=594 Request Basename = index.php"] [hostname "staklim-malang.info"] [uri "/index.php"] [unique_id "aN5ZLEs4rswVia-UuMqbCQAAxhI"] [staklim-malang.info] [staklim-malang.info] top=[830000] [RpYsxCp+gxU] [aN5ZLEs4rswVia-UuMqbCQAAxhI] keep_alive=[1] [2025-10-02 17:51:24.405111] [R:aN5ZLEs4rswVia-UuMqbCQAAxhI] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537 ... show less	Hacking Web App Attack
🇺🇸 MPL	2023-06-21 17:51:32 (3 years ago)	tcp/445 (156 or more attempts)	Port Scan
🇺🇸 MPL	2023-06-21 17:51:32 (3 years ago)	tcp/445 (78 or more attempts)	Port Scan

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.232

🇳🇱 185.242.226.19

🇸🇪 171.25.158.24

🇺🇸 162.216.149.211

🇺🇸 136.117.252.230

🇺🇸 100.49.117.77

🇨🇳 58.56.166.66

🇺🇸 45.86.211.4

🇺🇸 44.202.213.80

🇬🇧 167.71.136.93

🇨🇳 116.172.251.66

🇧🇭 87.237.197.166

🇺🇸 74.125.185.81

🇨🇳 60.25.68.123

🇺🇸 44.41.148.172

🇮🇪 20.238.123.17

🇨🇭 20.203.129.163

🇫🇷 5.196.45.10

🇺🇸 172.203.244.252

🇧🇷 168.90.191.50