JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.241.206.109

103.241.206.109 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 9%: ?

ISP	Universitas Jember
Usage Type	University/College/School
ASN	AS132678
Domain Name	unej.ac.id
Country	🇮🇩 Indonesia
City	Jember, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.241.206.109

Whois 103.241.206.109

IP Abuse Reports for 103.241.206.109:

This IP address has been reported a total of 22 times from 6 distinct sources. 103.241.206.109 was first reported on January 8th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-06-03 05:33:23 (2 weeks ago)	[Wed Jun 03 12:33:22.692901 2026] [security2:error] [pid 102035:tid 139880249104064] [client 103.241 ... show more [Wed Jun 03 12:33:22.692901 2026] [security2:error] [pid 102035:tid 139880249104064] [client 103.241.206.109:55758] ModSecurity: Access denied with code 403 (phase 1). Match of "pm matomo.staklim-malang.info " against "SERVER_NAME" required. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "188"] [id "440235"] [msg "BAD REQUEST Bro"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: chatgpt found within SERVER_NAME: staklim-jatim.bmkg.go.id request_line = GET /?utm_source=chatgpt.com HTTP/2.0 Request URI RAW = /?utm_source=chatgpt.com Request Basename = "] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "ah-8olqdCZRzvFJZs9CY7gABSA8"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[102051] [4FwYxNLz1Y8] [ah-8olqdCZRzvFJZs9CY7gABSA8] keep_alive=[1] [2026-06-03 12:33:22.692904] [R:ah-8olqdCZRzvFJZs9CY7gABSA8] UA:'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/ ... show less	Email Spam Hacking
🇺🇸 TPI-Abuse	2026-04-20 06:26:32 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 103.241.206.109 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.241.206.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 20 02:26:25.683858 2026] [security2:error] [pid 553642:tid 553642] [client 103.241.206.109:50559] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.241.206.109 (+1 hits since last alert)\|bryanthebusinessmanager.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bryanthebusinessmanager.org"] [uri "/xmlrpc.php"] [unique_id "aeXHEaoMhFf_lOf-wwW9uAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-14 07:06:47 (2 months ago)	(mod_security) mod_security (id:240335) triggered by 103.241.206.109 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.241.206.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 14 03:06:39.375278 2026] [security2:error] [pid 746595:tid 746605] [client 103.241.206.109:60925] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.241.206.109 (+1 hits since last alert)\|thestoryofmyvoice.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thestoryofmyvoice.com"] [uri "/xmlrpc.php"] [unique_id "ad3nf0PSa7WDht8g2qOvAwAAAMM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-13 06:02:08 (2 months ago)	(mod_security) mod_security (id:240335) triggered by 103.241.206.109 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 103.241.206.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 13 02:02:00.164213 2026] [security2:error] [pid 753029:tid 753029] [client 103.241.206.109:54075] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.241.206.109 (+1 hits since last alert)\|fundingangelinvestors.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fundingangelinvestors.com"] [uri "/xmlrpc.php"] [unique_id "adyG2IfMhZjAW7k28oRLQwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-03-10 05:05:05 (3 months ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (15/60 min)'; Requests=15	Port Scan
🇮🇩 hermawan	2025-06-24 03:31:32 (11 months ago)	[Tue Jun 24 10:31:24.761961 2025] [security2:error] [pid 37924:tid 140104652744384] [client 103.241. ... show more [Tue Jun 24 10:31:24.761961 2025] [security2:error] [pid 37924:tid 140104652744384] [client 103.241.206.109:60973] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<(?:a\|abbr\|acronym\|address\|applet\|area\|audioscope\|b\|base\|basefront\|bdo\|bgsound\|big\|blackface\|blink\|blockquote\|body\|bq\|br\|button\|caption\|center\|cite\|code\|col\|colgroup\|comment\|dd\|del\|dfn\|dir\|div\|dl\|dt\|em\|embed\|fieldset\|fn\|font\|form\|frame\|frameset\|h1\|head ..." at REQUEST_FILENAME. [file "/etc/modsecurity/coreruleset-4.15.0/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "1897"] [id "941321"] [msg "Possible XSS Attack Detected - HTML Tag Handler"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: <link found within REQUEST_FILENAME: /index.php/profil/meteorologi/list-of-all-tags/<link rel= request_line = GET /index.php/profil/meteorologi/list-of-all-tags/%3Clink%20rel= HTTP/2.0 Request URI RAW = /index.php/profil/meteorologi/list-of-all-tags/ ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-05-03 02:59:24 (1 year ago)	[Sat May 03 09:23:56.526184 2025] [security2:error] [pid 336542:tid 140331307251392] [client 103.241 ... show more [Sat May 03 09:23:56.526184 2025] [security2:error] [pid 336542:tid 140331307251392] [client 103.241.206.109:50946] ModSecurity: Access denied with code 403 (phase 2). Match of "rx [0-9]\\\\s\\\\'\\\\s[0-9]" against "MATCHED_VAR" required. [file "/etc/modsecurity/coreruleset-4.13.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1747"] [id "932240"] [msg "Remote Command Execution: Unix Command Injection evasion attempt detected"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: s1746239030$o2 found within MATCHED_VAR: GS2.1.s1746239030$o2$g0$t1746239030$j60$l0$h0 request_line = GET /images/vi_webp/nHXniKJ5E84/maxresdefault.webp HTTP/2.0 Request URI RAW = /images/vi_webp/nHXniKJ5E84/maxresdefault.webp Request Basename = maxresdefault.webp"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS ... show less	Hacking Web App Attack
Anonymous	2024-08-28 03:19:16 (1 year ago)	Ports: 143,993; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇧🇷 diego	2024-06-29 03:18:25 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-06-26 04:43:16 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-06-11 10:06:30 (2 years ago)	Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-05-22 09:05:34 (2 years ago)	Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-05-09 12:04:51 (2 years ago)	Events: TCP SYN Discovery or Flooding, Seen 4 times in the last 10800 seconds	DDoS Attack
Anonymous	2024-05-09 06:48:15 (2 years ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇧🇷 diego	2024-05-04 06:55:29 (2 years ago)	[rede-164-29] 05/04/2024-03:55:28.229322, 103.241.206.109, Protocol: 6, ET SCAN Suspicious inbound t ... show more [rede-164-29] 05/04/2024-03:55:28.229322, 103.241.206.109, Protocol: 6, ET SCAN Suspicious inbound to MSSQL port 1433 show less	Hacking

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.241

🇺🇸 162.216.150.155

🇳🇱 81.19.216.99

🇳🇱 81.19.216.70

🇩🇪 64.89.163.134

🇺🇿 37.110.214.131

🇺🇸 193.3.53.11

🇧🇷 177.2.68.250

🇺🇸 174.138.87.36

🇺🇸 161.35.96.239

🇧🇩 103.181.72.132

🇬🇧 83.104.214.247

🇩🇪 69.5.169.133

🇳🇱 45.148.146.52

🇨🇦 38.49.214.30

🇭🇰 20.205.34.2

🇺🇸 20.118.224.96

🇺🇸 20.65.195.126

🇭🇰 20.2.83.149

🇺🇸 2a03:2880:f800:5::