JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.28.114.158

103.28.114.158 was found in our database!

This IP was reported 48 times. Confidence of Abuse is 0%: ?

ISP	PT. Lintas Data Prima
Usage Type	Fixed Line ISP
ASN	AS45305
Domain Name	ldp.net.id
Country	🇮🇩 Indonesia
City	Mojokerto, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.28.114.158

Whois 103.28.114.158

IP Abuse Reports for 103.28.114.158:

This IP address has been reported a total of 48 times from 23 distinct sources. 103.28.114.158 was first reported on November 3rd 2023, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Packets-Decreaser.NET	2025-05-09 13:16:31 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇩🇪 Packets-Decreaser.NET	2025-04-29 21:28:48 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2025-01-10 09:10:40 (1 year ago)	(CT) IP 103.28.114.158 (ID/Indonesia/host-103-28-114-158.ldp.net.id) found to have 104 connections; ... show more (CT) IP 103.28.114.158 (ID/Indonesia/host-103-28-114-158.ldp.net.id) found to have 104 connections; Ports: 27960; SRV: 2; Action: 0; Trigger: CT_LIMIT show less	DDoS Attack Hacking
🇩🇪 Packets-Decreaser.NET	2025-01-08 21:49:32 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇩🇪 David Ferneding	2025-01-04 15:26:49 (1 year ago)	Part of large-scale ddos-attack, 204887 requests from this ip	DDoS Attack
🇳🇿 billyborsht	2024-07-04 00:21:55 (1 year ago)	wordpress authentication brute force	Hacking Web App Attack
🇺🇸 TPI-Abuse	2024-07-03 23:03:42 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id) ... show more (mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 03 19:03:36.897634 2024] [security2:error] [pid 21346] [client 103.28.114.158:41362] [client 103.28.114.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.28.114.158 (+1 hits since last alert)\|zacharycollard.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "zacharycollard.com"] [uri "/xmlrpc.php"] [unique_id "ZoXYyNeeEPmnnkYImVBh7QAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Renaud Dubois	2024-07-03 22:31:38 (1 year ago)	103.28.114.158 - - [04/Jul/2024:00:31:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4283 "-" "Mozilla/5. ... show more 103.28.114.158 - - [04/Jul/2024:00:31:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4283 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" 103.28.114.158 - - [04/Jul/2024:00:31:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4299 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" 103.28.114.158 - - [04/Jul/2024:00:31:35 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4299 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" 103.28.114.158 - - [04/Jul/2024:00:31:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4299 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" ... show less	Brute-Force SSH
🇫🇮 bittiguru.fi	2024-07-03 20:35:12 (1 year ago)	103.28.114.158 - [03/Jul/2024:23:35:09 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 ( ... show more 103.28.114.158 - [03/Jul/2024:23:35:09 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" "1.86" 103.28.114.158 - [03/Jul/2024:23:35:11 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" "1.86" ... show less	Hacking Brute-Force Web App Attack
🇦🇺 MAGIC	2024-07-03 19:01:27 (1 year ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇳🇱 applemooz	2024-07-03 08:53:40 (1 year ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-07-03 08:34:52 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id) ... show more (mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 03 04:34:46.648194 2024] [security2:error] [pid 23017] [client 103.28.114.158:35492] [client 103.28.114.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 134.19.179.179 (1+1 hits since last alert)\|www.peterjohnsonauthor.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.peterjohnsonauthor.com"] [uri "/xmlrpc.php"] [unique_id "ZoUNJrr1KFWPOJVxTrMwWQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-03 07:10:37 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id) ... show more (mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 03 03:10:33.062809 2024] [security2:error] [pid 2682] [client 103.28.114.158:45364] [client 103.28.114.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.28.114.158 (+1 hits since last alert)\|kildarafarms.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kildarafarms.com"] [uri "/xmlrpc.php"] [unique_id "ZoT5aUjwwnsg2KqONspF_AAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-03 04:18:55 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id) ... show more (mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 03 00:18:49.631057 2024] [security2:error] [pid 5885] [client 103.28.114.158:48958] [client 103.28.114.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.28.114.158 (+1 hits since last alert)\|www.stoneybluff.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.stoneybluff.com"] [uri "/xmlrpc.php"] [unique_id "ZoTRKWcRL4BOpSo6zlSzdAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-02 22:13:21 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id) ... show more (mod_security) mod_security (id:240335) triggered by 103.28.114.158 (host-103-28-114-158.ldp.net.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 02 18:13:16.580533 2024] [security2:error] [pid 30660] [client 103.28.114.158:49482] [client 103.28.114.158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.28.114.158 (+1 hits since last alert)\|www.stat-alliance.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.stat-alliance.com"] [uri "/xmlrpc.php"] [unique_id "ZoR7fKgQXahb72hkMgSeBQAAABg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 48 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.217

🇩🇪 151.243.11.37

🇸🇬 128.199.231.249

🇬🇧 81.19.219.200

🇷🇴 2.57.121.25

🇹🇭 203.150.243.224

🇮🇶 185.244.152.82

🇷🇺 138.124.69.150

🇨🇳 124.193.81.23

🇫🇷 91.231.89.225

🇬🇧 90.214.248.136

🇮🇷 79.132.192.251

🇮🇳 61.246.17.218

🇺🇸 2604:a940:301:225:0:11::

🇺🇸 208.87.243.51

🇹🇼 203.66.168.131

🇵🇱 194.180.49.220

🇹🇭 180.180.123.139

🇩🇪 167.94.146.50

🇮🇩 157.85.206.90