JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.55.22.236

103.55.22.236 was found in our database!

This IP was reported 67 times. Confidence of Abuse is 24%: ?

24%

ISP	PT General Media Network
Usage Type	Fixed Line ISP
ASN	AS150490
Domain Name	gemnet.id
Country	🇮🇩 Indonesia
City	Kisaran, North Sumatra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.55.22.236

Whois 103.55.22.236

IP Abuse Reports for 103.55.22.236:

This IP address has been reported a total of 67 times from 40 distinct sources. 103.55.22.236 was first reported on July 1st 2024, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇴 Fn4ticHz	2026-05-30 15:42:58 (5 days ago)	DDoS blocked via ZeroGuard.ID	DDoS Attack Exploited Host
🇫🇷 MatStef132	2026-05-22 14:04:48 (1 week ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇳🇱 ByeByte API	2026-05-18 11:49:32 (2 weeks ago)	byebyte.space auth: Rate-limit escalation at 2026-05-18T11:49:32Z: 5 rejections in 300s. Firewall au ... show more byebyte.space auth: Rate-limit escalation at 2026-05-18T11:49:32Z: 5 rejections in 300s. Firewall auto-banned IP for 900s. UA: 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1.33 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/17.4'. Accept-Language: 'en,es;q=0.9,zh-CN;q=0.8,zh;q=0.7,pt;q=0.6'. Accept-Encoding: 'gzip, br'. Sec-Ch-Ua: '"Google Chrome";v="127", "Chromium";v="127", "Not.A/Brand";v="24"'. Platform: "Linux" (mobile=?0). Country (CF): ID. TLS info: {"scheme":"https"}. show less	Web App Attack DDoS Attack
🇳🇱 ByeByte API	2026-05-16 18:42:15 (2 weeks ago)	byebyte.space auth: Rate-limit escalation at 2026-05-16T18:42:14Z: 8 rejections in 300s. Firewall au ... show more byebyte.space auth: Rate-limit escalation at 2026-05-16T18:42:14Z: 8 rejections in 300s. Firewall auto-banned IP for 900s. UA: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/605.1.33 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/17.0'. Accept-Language: 'en,es;q=0.9,zh-CN;q=0.8,zh;q=0.7,pt;q=0.6'. Accept-Encoding: 'gzip, br'. Sec-Ch-Ua: '"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"'. Platform: "Windows" (mobile=?0). Referer: 'https://google.com/'. Country (CF): ID. TLS info: {"scheme":"https"}. show less	Web App Attack DDoS Attack
🇷🇴 Fn4ticHz	2026-05-09 14:02:39 (3 weeks ago)	Repeated DDoS targeted -- ZeroGuard X ManagedSRV	DDoS Attack Exploited Host
🇮🇩 hermawan	2026-04-27 12:23:00 (1 month ago)	[Mon Apr 27 19:11:45.970421 2026] [security2:error] [pid 4012:tid 140327599986368] [client 103.55.22 ... show more [Mon Apr 27 19:11:45.970421 2026] [security2:error] [pid 4012:tid 140327599986368] [client 103.55.22.236:33764] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "CDN-Loop" at REQUEST_HEADERS_NAMES:Cdn-Loop. [file "/etc/modsecurity/coreruleset-4.25.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "466"] [id "440005"] [msg "BAD REQUEST_HEADERS_NAMES - Detected and Blocked"] [data "Matched Data: CDN-Loop found within REQUEST_HEADERS_NAMES:Cdn-Loop: Cdn-Loop request_line = GET / HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "ae9SgRYkmveNHBYkFnMALgAAlQM"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[4066] [lFyrBDD/UKA] [ae9SgRYkmveNHBYkFnMALgAAlQM] keep_alive=[1] [2026-04-27 19:11:45.970424] [R:ae9SgRYkmveNHBYkFnMALgAAlQM] UA:'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/128.0 Mobile/15E148 Safari/605.1.15' Host:'staklim-jatim.bmkg.go.id' COOKIE:'cf_clear ... show less	Email Spam Hacking
🇩🇪 NoaQT	2026-04-05 22:04:51 (1 month ago)	103.55.22.236 - - [05/Apr/2026:16:31:06 +0200] "GET /web/login HTTP/1.1" 499 0 "https://news.nextsit ... show more 103.55.22.236 - - [05/Apr/2026:16:31:06 +0200] "GET /web/login HTTP/1.1" 499 0 "https://news.nextsite.uk/products" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 103.55.22.236 - - [05/Apr/2026:16:36:52 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.youtube.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 103.55.22.236 - - [05/Apr/2026:16:37:35 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.bing.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 103.55.22.236 - - [05/Apr/2026:16:41:35 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.pinterest.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 103.55.22.236 - - [05/Apr/2026:16:36:52 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.yo ... show less	DDoS Attack
🇩🇪 NoaQT	2026-04-05 14:41:40 (1 month ago)	103.55.22.236 - - [05/Apr/2026:16:31:06 +0200] "GET /web/login HTTP/1.1" 499 0 "https://news.nextsit ... show more 103.55.22.236 - - [05/Apr/2026:16:31:06 +0200] "GET /web/login HTTP/1.1" 499 0 "https://news.nextsite.uk/products" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 103.55.22.236 - - [05/Apr/2026:16:36:52 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.youtube.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 103.55.22.236 - - [05/Apr/2026:16:36:52 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.youtube.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 103.55.22.236 - - [05/Apr/2026:16:37:35 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.bing.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 103.55.22.236 - - [05/Apr/2026:16:37:35 +0200] "GET /web/login HTTP/1.1" 499 0 "https://ww ... show less	DDoS Attack
🇮🇳 Bharat Datacenter	2026-03-05 16:54:18 (2 months ago)	7: date=2026-03-05 time=22:20:16 eventtime=1772729416942514721 tz="+0530" logid="0720018432" type="u ... show more 7: date=2026-03-05 time=22:20:16 eventtime=1772729416942514721 tz="+0530" logid="0720018432" type="utm" subtype="anomaly" eventtype="anomaly" level="alert" vd="root" severity="critical" srcip=103.55.22.236 srccountry="Indonesia" dstip=157.10.99.34 dstcountry="India" srcintf="x2" srcintfrole="wan" sessionid=0 action="clear_session" proto=6 service="HTTPS" count=135965 attack="tcp_syn_flood" srcport=59906 dstport=443 attackid=100663396 policyid=1 policytype="DoS-policy" ref="http://www.fortinet.com/ids/VID100663396" msg="anomaly: tcp_syn_flood, 5251 > threshold 2000, repeats 135965 times since last log, pps 5303 of prior second" crscore=50 craction=4096 crlevel="critical" show less	Brute-Force
Anonymous	2026-03-02 18:10:03 (3 months ago)	\| [Dangerous/Indonesia] Agressive IP 103.55.22.236 (~30 hits). Type: DoS Defender- Web server 400 er ... show more \| [Dangerous/Indonesia] Agressive IP 103.55.22.236 (~30 hits). Type: DoS Defender- Web server 400 error code show less	Web App Attack Hacking SQL Injection
🇪🇸 cuscusero (FlexBacks, FlexChar, FlexAve, FlexCDNM, FlexTudy, ColdHosting SL)	2026-03-01 12:07:33 (3 months ago)	[CPD ESP-BCN02-FW11-394] Suspicious connection detected on port 21. DDoS detected	FTP Brute-Force Brute-Force DDoS Attack
🇦🇱 cheatmaster.store	2026-02-27 01:51:39 (3 months ago)	Automated report: This IP address has been identified as an active public open proxy. Classification ... show more Automated report: This IP address has been identified as an active public open proxy. Classification: Open Proxy \| Spoofing \| VPN/Anonymizer \| Bad Web Bot. Country: Indonesia Threat level: High. This host is listed across multiple public proxy databases and poses a risk of abuse, credential stuffing, scraping, and spoofed traffic. Reported by automated threat intelligence pipeline. Do not whitelist without manual verification. show less	Web Spam Port Scan Web App Attack
🇺🇸 gui-ying233	2026-02-16 01:54:16 (3 months ago)	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Sa ... show more Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 show less	Bad Web Bot
🇪🇸 cuscusero (FlexBacks, FlexChar, FlexAve, FlexCDNM, FlexTudy, ColdHosting SL)	2026-01-16 01:06:19 (4 months ago)	[CPD ESP-BCN02-FW11-394] Suspicious connection detected on port 22. DDoS detected	DDoS Attack Brute-Force SSH
🇮🇹 VHosting	2025-12-30 13:28:24 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH

Showing 1 to 15 of 67 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 206.85.11.75

🇺🇸 205.210.31.57

🇬🇧 193.32.209.254

🇲🇽 186.96.145.241

🇯🇵 103.27.132.56

🇧🇬 79.124.40.130

🇺🇸 71.229.1.186

🇺🇸 66.132.186.218

🇺🇸 64.62.156.121

🇵🇰 45.194.15.68

🇧🇪 34.22.232.215

🇨🇳 218.21.243.58

🇧🇷 205.210.31.202

🇺🇸 192.185.4.137

🇺🇸 107.115.151.94

🇻🇳 103.200.25.79

🇳🇱 89.21.67.155

🇺🇸 45.8.19.56

🇮🇳 43.228.166.225

🇺🇸 35.252.196.231