JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.59.160.220

103.59.160.220 was found in our database!

This IP was reported 165 times. Confidence of Abuse is 100%: ?

100%

ISP	PT Gunung Sedayu Sentosa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS150493
Hostname(s)	zheng.indonesia.go.id
Domain Name	gss.biz.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.59.160.220

Whois 103.59.160.220

IP Abuse Reports for 103.59.160.220:

This IP address has been reported a total of 165 times from 87 distinct sources. 103.59.160.220 was first reported on September 5th 2025, and the most recent report was 19 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇦 URAN Publishing Service	2026-06-04 09:40:14 (19 hours ago)	103.59.160.220 - - [04/Jun/2026:12:40:13 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 ... show more 103.59.160.220 - - [04/Jun/2026:12:40:13 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ... show less	Web App Attack
🇮🇩 soc-yk	2026-06-04 07:54:13 (21 hours ago)	Type: credential_attack Risk: 70 Events: 23388 Evidence: - Repeated authentication attack activity ... show more Type: credential_attack Risk: 70 Events: 23388 Evidence: - Repeated authentication attack activity detected - Credential abuse behavior observed - Multi-event operational persistence identified show less	Brute-Force SSH
🇺🇸 jormaster3k	2026-06-04 02:44:31 (1 day ago)	Attack against Apache (too many 404s)	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-04 02:33:41 (1 day ago)	103.59.160.220 - - [04/Jun/2026:05:33:40 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 ... show more 103.59.160.220 - - [04/Jun/2026:05:33:40 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ... show less	Web App Attack
🇬🇧 andypiper	2026-06-04 01:00:32 (1 day ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
Anonymous	2026-06-04 00:40:40 (1 day ago)	103.59.160.220 - - [04/Jun/2026:02:40:35 +0200] "POST //xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5. ... show more 103.59.160.220 - - [04/Jun/2026:02:40:35 +0200] "POST //xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.59.160.220 - - [04/Jun/2026:02:40:32 +0200] "POST //xmlrpc.php HTTP/1.1" 200 591 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.59.160.220 - - [04/Jun/2026:02:40:35 +0200] "POST //xmlrpc.php HTTP/1.1" 200 591 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.59.160.220 - - [04/Jun/2026:02:40:37 +0200] "POST //xmlrpc.php HTTP/1.1" 200 401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.59.160.220 - - [04/Jun/2026:02:40:37 +0200] "POST //xmlrpc.php HTTP/1.1" 200 591 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrom ... show less	Brute-Force Web App Attack
🇲🇾 Rizzy	2026-06-04 00:16:10 (1 day ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇮🇩 origrata	2026-06-03 23:42:57 (1 day ago)	[OGWAF] bad_reputation attack blocked \| severity: high \| GET /feed/ \| UA: Mozilla/5.0 (Windows NT 10 ... show more [OGWAF] bad_reputation attack blocked \| severity: high \| GET /feed/ \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 show less	Web App Attack
🇮🇩 hermawan	2026-06-03 22:59:21 (1 day ago)	[Thu Jun 04 05:59:18.391710 2026] [security2:error] [pid 274572:tid 140148166506176] [client 103.59. ... show more [Thu Jun 04 05:59:18.391710 2026] [security2:error] [pid 274572:tid 140148166506176] [client 103.59.160.220:60811] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "300" at REQUEST_HEADERS:Keep-Alive. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "348"] [id "440004"] [msg "Keep Alive Header"] [data "Matched Data: 300 found within REQUEST_HEADERS:Keep-Alive: 300 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "aiCxxt1WmFjFl6Ht9XVL-gAAAME"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[274628] [mHGhYGEdzOo] [aiCxxt1WmFjFl6Ht9XVL-gAAAME] keep_alive=[0] [2026-06-04 05:59:18.391716] [R:aiCxxt1WmFjFl6Ht9XVL-gAAAME] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' Accept-Language ... show less	Email Spam Hacking
Anonymous	2026-06-03 21:14:10 (1 day ago)	$f2bV_matches	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-03 19:52:35 (1 day ago)	103.59.160.220 - - [03/Jun/2026:22:52:23 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 196 ... show more 103.59.160.220 - - [03/Jun/2026:22:52:23 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.59.160.220 - - [03/Jun/2026:22:52:31 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-03 19:31:35 (1 day ago)	103.59.160.220 - - [03/Jun/2026:22:31:34 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 ... show more 103.59.160.220 - - [03/Jun/2026:22:31:34 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ... show less	Web App Attack
🇮🇩 soc-yk	2026-06-03 18:06:10 (1 day ago)	Type: suspicious_network_activity Risk: 70 Events: 21542 Evidence: - Persistent suspicious network ... show more Type: suspicious_network_activity Risk: 70 Events: 21542 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified show less	Port Scan Hacking
🇺🇦 URAN Publishing Service	2026-06-03 17:58:08 (1 day ago)	103.59.160.220 - - [03/Jun/2026:20:58:07 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 ... show more 103.59.160.220 - - [03/Jun/2026:20:58:07 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 103.59.160.220 - - [03/Jun/2026:20:58:07 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ... show less	Web App Attack
🇮🇩 aaKenshin	2026-06-02 20:26:58 (2 days ago)	Suspicious activity detected from IP 103.59.160.220 based on web server logs. Sample logs: [geopark ... show more Suspicious activity detected from IP 103.59.160.220 based on web server logs. Sample logs: [geopark-] 103.59.160.220 - - [03/Jun/2026:02:31:49 +0800] "GET / HTTP/2.0" 200 16945 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" [geopark-] 103.59.160.220 - - [03/Jun/2026:02:37:17 +0800] "GET /xmlrpc.php HTTP/2.0" 200 7347 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" [geopark-] 103.59.160.220 - - [03/Jun/2026:02:43:21 +0800] "GET /wp-login.php HTTP/2.0" 200 7347 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" Reported automatically by fail2ban service. show less	Web App Attack

Showing 1 to 15 of 165 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 217.146.80.108

🇲🇽 189.169.111.222

🇬🇧 188.240.59.20

🇷🇴 176.108.227.14

🇫🇷 173.249.52.138

🇫🇮 172.253.83.217

🇹🇭 147.50.103.212

🇧🇷 129.159.56.14

🇺🇸 91.230.168.165

🇪🇸 79.116.23.158

🇳🇱 77.83.39.74

🇩🇪 69.5.169.127

🇱🇹 62.60.130.251

🇭🇰 45.142.154.47

🇲🇩 45.15.225.120

🇬🇧 31.14.254.33

🇬🇧 31.14.254.23

🇺🇸 18.118.107.228

🇺🇸 3.151.241.153

🇰🇷 1.222.42.237