JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.28.114.20

103.28.114.20 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 65%: ?

65%

ISP	PT. Lintas Data Prima
Usage Type	Fixed Line ISP
ASN	AS45305
Hostname(s)	host-103-28-114-20.ldp.net.id
Domain Name	ldp.net.id
Country	🇮🇩 Indonesia
City	Madiun, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.28.114.20

Whois 103.28.114.20

IP Abuse Reports for 103.28.114.20:

This IP address has been reported a total of 51 times from 24 distinct sources. 103.28.114.20 was first reported on March 31st 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 dbmwebdesign	2026-06-15 07:40:24 (1 day ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-13 10:03:47 (2 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇮🇩 hermawan	2026-06-12 13:39:34 (3 days ago)	Captured JA4H: ge20n_493b66898832 \| Log: 103.28.114.20 - - [12/Jun/2026:20:39:32 +0700] "GET /media/ ... show more Captured JA4H: ge20n_493b66898832 \| Log: 103.28.114.20 - - [12/Jun/2026:20:39:32 +0700] "GET /media/system/js/core.js?ff44d59b15dc1ecbea098a7b624e4a99 HTTP/2.0" 200 18414 "https://staklim-jatim.bmkg.go.id/index.php/profil/meteorologi/list-all-categories/4380-klimatologi/infografis/infografis-klimatologi/infografis-harian/suhu-minimum-harian-di-jawa-timur/suhu-minimum-harian-di-jawa-timur-tahun-2026/555563177-suhu-minimum-harian-di-jawa-timur-tanggal-11-juni-2026-pukul-07-01-wib-12-juni-2026-pukul-07-00-wib" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Mobile Safari/537.36" ge20n_sec-ch-ua-platform,user-agent,sec-ch-ua,sec-ch-ua-mobile,accept,sec-fetch-site,sec-fetch-mode,sec-fetch-dest,referer,accept-encoding,accept-language,host... ... show less	Email Spam Hacking
🇺🇸 TPI-Abuse	2026-06-11 07:51:45 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 103.28.114.20 (host-103-28-114-20.ldp.net.id): ... show more (mod_security) mod_security (id:240335) triggered by 103.28.114.20 (host-103-28-114-20.ldp.net.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 03:51:35.473759 2026] [security2:error] [pid 29565:tid 29565] [client 103.28.114.20:54225] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.28.114.20 (+1 hits since last alert)\|owldreamllc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "owldreamllc.com"] [uri "/xmlrpc.php"] [unique_id "aippB6IOWfhSfDNQ32GH6wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-10 16:17:10 (5 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-08 11:50:05 (1 week ago)	Web App Attack, Hacking	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 11:46:54 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.28.114.20 (host-103-28-114-20.ldp.net.id): ... show more (mod_security) mod_security (id:240335) triggered by 103.28.114.20 (host-103-28-114-20.ldp.net.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 07:46:45.196276 2026] [security2:error] [pid 31457:tid 31457] [client 103.28.114.20:53712] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.28.114.20 (+1 hits since last alert)\|hsoftwaresystems.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hsoftwaresystems.net"] [uri "/xmlrpc.php"] [unique_id "aiarpXefdFV_gQFQ8QBY4QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-07 05:16:26 (1 week ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇮🇩 hermawan	2026-06-07 05:13:46 (1 week ago)	Captured JA4H: ge20n_493b66898832 \| Log: 103.28.114.20 - - [07/Jun/2026:12:13:41 +0700] "GET /media/ ... show more Captured JA4H: ge20n_493b66898832 \| Log: 103.28.114.20 - - [07/Jun/2026:12:13:41 +0700] "GET /media/system/js/core.js?ff44d59b15dc1ecbea098a7b624e4a99 HTTP/2.0" 200 18400 "https://staklim-jatim.bmkg.go.id/index.php/profil/meteorologi/list-all-categories/3922-klimatologi/infografis/555563157-perkembangan-musim-kemarau-di-jawa-timur-update-dasarian-iii-21-31-mei-2026" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Mobile Safari/537.36" ge20n_sec-ch-ua-platform,user-agent,sec-ch-ua,sec-ch-ua-mobile,accept,sec-fetch-site,sec-fetch-mode,sec-fetch-dest,referer,accept-encoding,accept-language,host... ... show less	Email Spam Hacking
Anonymous	2026-06-07 03:17:25 (1 week ago)	[da.kdns.gr] httpd-xmlrpc-post: sites=diadromi.com; logs=/var/log/httpd/domains/diadromi.com.log; sa ... show more [da.kdns.gr] httpd-xmlrpc-post: sites=diadromi.com; logs=/var/log/httpd/domains/diadromi.com.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 10:20:43 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.28.114.20 (host-103-28-114-20.ldp.net.id): ... show more (mod_security) mod_security (id:240335) triggered by 103.28.114.20 (host-103-28-114-20.ldp.net.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 06:20:33.737457 2026] [security2:error] [pid 15310:tid 15310] [client 103.28.114.20:57737] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.28.114.20 (+1 hits since last alert)\|67ronin.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "67ronin.com"] [uri "/xmlrpc.php"] [unique_id "ah6uceuFokRDVHMGbtkJswAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-02 09:11:26 (2 weeks ago)	Blocked by CSF 13 firewall - Rule: XMLRPC ID/Indonesia/host-103-28-114-20.ldp.net.id	Web App Attack
Anonymous	2026-06-01 12:04:43 (2 weeks ago)	Attac	Brute-Force
Anonymous	2026-06-01 11:01:44 (2 weeks ago)	[ns41.kdns.gr] httpd-xmlrpc-post: sites=coris.gr; logs=/var/log/httpd/domains/coris.gr.log; samples= ... show more [ns41.kdns.gr] httpd-xmlrpc-post: sites=coris.gr; logs=/var/log/httpd/domains/coris.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 05:29:28 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 103.28.114.20 (host-103-28-114-20.ldp.net.id): ... show more (mod_security) mod_security (id:240335) triggered by 103.28.114.20 (host-103-28-114-20.ldp.net.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 01:29:23.070538 2026] [security2:error] [pid 11695:tid 11695] [client 103.28.114.20:53077] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.28.114.20 (+1 hits since last alert)\|luxandunion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "luxandunion.com"] [uri "/xmlrpc.php"] [unique_id "ahkkMz2cYDu3bBmgTRyOYwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.136

🇺🇸 134.122.21.135

🇺🇸 66.175.213.4

🇳🇱 2a06:a880:5:f690::1

🇫🇷 161.97.91.67

🇫🇷 95.111.224.232

🇫🇷 85.217.140.7

🇧🇷 2804:29b8:508b:7617::ba4

🇳🇱 91.92.243.207

🇬🇧 35.203.210.196

🇺🇸 208.109.52.213

🇩🇪 207.154.222.236

🇺🇸 172.105.128.12

🇨🇳 101.96.203.52

🇱🇹 81.30.98.62

🇳🇱 62.164.177.224

🇰🇷 58.229.141.26

🇹🇭 58.11.28.140

🇳🇱 45.142.193.169

🇨🇳 39.96.178.211