103.105.54.46 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: None

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
103.105.54.76	attackspam	srvr1: (mod_security) mod_security (id:942100) triggered by 103.105.54.76 (ID/-/103-105-54-76.megadata.net.id): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:05:20 [error] 482759#0: 840549 [client 103.105.54.76] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801152043.928417"] [ref ""], client: 103.105.54.76, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%27%29+OR+++%288559%3D0 HTTP/1.1" [redacted]	2020-08-21 23:06:22
103.105.54.137	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-19 02:37:27

Type

Details

Datetime

103.105.54.76

attackspam

srvr1: (mod_security) mod_security (id:942100) triggered by 103.105.54.76 (ID/-/103-105-54-76.megadata.net.id): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:05:20 [error] 482759#0: *840549 [client 103.105.54.76] ModSecurity: Access denied with code 406 (phase 2).  [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801152043.928417"] [ref ""], client: 103.105.54.76, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%27%29+OR+++%288559%3D0 HTTP/1.1" [redacted]

2020-08-21 23:06:22

103.105.54.137

attack

MultiHost/MultiPort Probe, Scan, Hack -

2020-02-19 02:37:27

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 103.105.54.46
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32897
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;103.105.54.46.			IN	A

;; AUTHORITY SECTION:
.			300	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022022600 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Feb 26 23:45:01 CST 2022
;; MSG SIZE  rcvd: 106

Host info

46.54.105.103.in-addr.arpa domain name pointer 103-105-54-46.megadata.net.id.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
46.54.105.103.in-addr.arpa	name = 103-105-54-46.megadata.net.id.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
27.128.162.183	attackbotsspam	(sshd) Failed SSH login from 27.128.162.183 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 7 05:11:10 server sshd[32734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.162.183 user=root Sep 7 05:11:11 server sshd[32734]: Failed password for root from 27.128.162.183 port 39515 ssh2 Sep 7 05:21:02 server sshd[4415]: Invalid user grafana from 27.128.162.183 port 49215 Sep 7 05:21:05 server sshd[4415]: Failed password for invalid user grafana from 27.128.162.183 port 49215 ssh2 Sep 7 05:24:51 server sshd[5429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.128.162.183 user=root	2020-09-07 17:54:19
209.85.217.66	attackbots	Received: from 10.197.32.140 by atlas116.free.mail.bf1.yahoo.com with HTTP; Sat, 5 Sep 2020 18:48:07 +0000 Return-Path: Received: from 209.85.217.66 (EHLO mail-vs1-f66.google.com) by 10.197.32.140 with SMTPs; Sat, 5 Sep 2020 18:48:07 +0000 X-Originating-Ip: [209.85.217.66] Received-SPF: pass (domain of gmail.com designates 209.85.217.66 as permitted sender) Authentication-Results: atlas116.free.mail.bf1.yahoo.com; dkim=pass header.i=@gmail.com header.s=20161025; spf=pass smtp.mailfrom=gmail.com; dmarc=success(p=NONE,sp=QUARANTINE) header.from=gmail.com; X-Apparently-To: ledlib@yahoo.com; Sat, 5 Sep 2020 18:48:07	2020-09-07 17:40:55
106.12.173.236	attackspam	Sep 7 11:37:04 nuernberg-4g-01 sshd[5317]: Failed password for root from 106.12.173.236 port 56025 ssh2 Sep 7 11:39:06 nuernberg-4g-01 sshd[5975]: Failed password for root from 106.12.173.236 port 41434 ssh2	2020-09-07 17:59:21
158.69.199.225	attackbots	Sep 7 07:12:38 powerpi2 sshd[4798]: Failed password for root from 158.69.199.225 port 35167 ssh2 Sep 7 07:15:40 powerpi2 sshd[4923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.199.225 user=root Sep 7 07:15:42 powerpi2 sshd[4923]: Failed password for root from 158.69.199.225 port 48109 ssh2 ...	2020-09-07 17:48:19
106.12.89.154	attackbotsspam	SSH login attempts.	2020-09-07 18:16:52
222.186.175.217	attack	2020-09-07T13:07:36.139625lavrinenko.info sshd[11825]: Failed password for root from 222.186.175.217 port 8700 ssh2 2020-09-07T13:07:39.168901lavrinenko.info sshd[11825]: Failed password for root from 222.186.175.217 port 8700 ssh2 2020-09-07T13:07:43.197437lavrinenko.info sshd[11825]: Failed password for root from 222.186.175.217 port 8700 ssh2 2020-09-07T13:07:47.972712lavrinenko.info sshd[11825]: Failed password for root from 222.186.175.217 port 8700 ssh2 2020-09-07T13:07:48.040408lavrinenko.info sshd[11825]: error: maximum authentication attempts exceeded for root from 222.186.175.217 port 8700 ssh2 [preauth] ...	2020-09-07 18:09:29
208.187.166.27	attack	2020-09-06 11:34:57.086827-0500 localhost smtpd[58132]: NOQUEUE: reject: RCPT from unknown[208.187.166.27]: 554 5.7.1 Service unavailable; Client host [208.187.166.27] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=	2020-09-07 17:51:30
36.66.151.17	attack	Automatic Fail2ban report - Trying login SSH	2020-09-07 18:04:48
101.71.129.48	attackspam	SSH login attempts.	2020-09-07 18:17:15
103.145.13.111	attackspambots	Port scan denied	2020-09-07 18:15:18
202.107.188.11	attackspam	Unauthorised access (Sep 7) SRC=202.107.188.11 LEN=60 TTL=54 ID=36576 DF TCP DPT=1433 WINDOW=14600 SYN Unauthorised access (Sep 7) SRC=202.107.188.11 LEN=60 TTL=54 ID=56959 DF TCP DPT=1433 WINDOW=14600 SYN	2020-09-07 17:52:34
49.235.133.208	attackspam	2020-09-06 UTC: (34x) - Administrator,admin,dick,host,hosting,liquide,nagios,oracle,rock,root(22x),test1,usuario,zope	2020-09-07 17:53:13
182.122.14.95	attackbots	Sep 7 11:35:01 master sshd[14756]: Failed password for root from 182.122.14.95 port 64286 ssh2 Sep 7 11:39:38 master sshd[14838]: Failed password for root from 182.122.14.95 port 59468 ssh2 Sep 7 11:43:29 master sshd[14921]: Failed password for root from 182.122.14.95 port 48404 ssh2 Sep 7 11:47:09 master sshd[14974]: Failed password for root from 182.122.14.95 port 37334 ssh2	2020-09-07 17:50:08
148.101.103.224	attackbots	Sep 7 09:18:20 vmd26974 sshd[19089]: Failed password for root from 148.101.103.224 port 38431 ssh2 ...	2020-09-07 18:15:44
106.75.123.95	attackspambots	Scanning for: Monero.Servers Bladabindi.Botnet Gh0st.Rat.Botnet Ganiw.Botnet	2020-09-07 18:00:32

Recently Reported IPs

103.105.54.42	103.105.55.128	103.105.54.26	103.105.55.54
103.105.55.20	103.105.55.5	103.105.54.73	103.105.54.39
103.105.55.238	103.105.64.146	103.105.64.169	103.105.64.114
103.105.64.150	103.105.64.145	103.105.64.153	103.105.64.61
103.105.64.149	103.105.64.57	103.105.64.201	103.11.107.214