This IP address has been reported a total of
36
times from
25 distinct
sources.
111.221.44.115 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
GENERAL: parametres: [url:uploadCustomIcon=] UA:Mozilla/5.0 (X11; Linux x86_64) sppb-rce-poc URL:/in ...
show moreGENERAL: parametres: [url:uploadCustomIcon=] UA:Mozilla/5.0 (X11; Linux x86_64) sppb-rce-poc URL:/index.php?option=com_sppagebuilder&task=asset.uploadCustomIcon
show less
Malicious web activity confirmed โ IP previously flagged as suspicious (automated re-check, score: 5 ...
show moreMalicious web activity confirmed โ IP previously flagged as suspicious (automated re-check, score: 52%)
show less
IM360 WAF: Unauthenticated front-end JCE editor-profile import in Joomla Content Editor before 2.9.9 ...
show moreIM360 WAF: Unauthenticated front-end JCE editor-profile import in Joomla Content Editor before 2.9.99.5 (CVE-2026-48907) MV:/index.php
show less
IM360 WAF: Unauthenticated editor-profile/file upload in Joomla Content Editor JCE before 2.9.99.5 ( ...
show moreIM360 WAF: Unauthenticated editor-profile/file upload in Joomla Content Editor JCE before 2.9.99.5 (CVE-2026-48907) MV:jceew8iaedd.xml.php
show less
IM360 WAF: Unauthenticated editor-profile/file upload in Joomla Content Editor JCE before 2.9.99.5 ( ...
show moreIM360 WAF: Unauthenticated editor-profile/file upload in Joomla Content Editor JCE before 2.9.99.5 (CVE-2026-48907) MV:jcew9jwqcap.xml.php
show less
[Tue Jun 30 16:45:52.821463 2026] [security2:error] [pid 632461:tid 140589660509888] [client 111.221 ...
show more[Tue Jun 30 16:45:52.821463 2026] [security2:error] [pid 632461:tid 140589660509888] [client 111.221.44.115:57145] ModSecurity: Access denied with code 403 (phase 1). Match of "ipMatch 103.166.156.58" against "REMOTE_ADDR" required. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "429"] [id "440006"] [msg "Connection Close Header"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: close found within REMOTE_ADDR: 111.221.44.115 request_line = GET /plugins/editors/jce/jce.xml HTTP/1.1 Request URI RAW = /plugins/editors/jce/jce.xml Request Basename = jce.xml"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/plugins/editors/jce/jce.xml"] [unique_id "akOQUH8B6rYk3Y_Tm1mcowAAAAI"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[632490] [F0LUcDWqFsw] [akOQUH8B6rYk3Y_Tm1mcowAAAAI] keep_alive=[0] [2026-06-30 16:45:52.821469] [R:akOQUH8B6rYk3Y_Tm1mcowAAAAI] UA:'Mozilla/5.0 (Windo
...
show less
Email Spam
Hacking
Anonymous
Web application exploitation attempts blocked at the web server edge; 2026/06/29 19:18:38 IP 111.221 ...
show moreWeb application exploitation attempts blocked at the web server edge; 2026/06/29 19:18:38 IP 111.221.44.115 GET /plugins/system/jce/css/content.css HTTP/1.1; 2026/06/29 19:18:37 IP 111.221.44.115 GET /plugins/system/jcemediabox/js/jcemediabox.js HTTP/1.1; 2026/06/29 19:18:37 IP 111.221.44.115 GET /administrator/components/com_jce/jce.xml HTTP/1.1; 2026/06/29 19:18:36 IP 111.221.44.115 GET /plugins/editors/jce/jce.xml HTTP/1.1
show less
Web App Attack
Showing 1 to
15
of 36 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ