103.105.54.69 - IPInfo

Basic Info

City: Sendangagung

Region: Yogyakarta

Country: Indonesia

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
103.105.54.76	attackspam	srvr1: (mod_security) mod_security (id:942100) triggered by 103.105.54.76 (ID/-/103-105-54-76.megadata.net.id): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:05:20 [error] 482759#0: 840549 [client 103.105.54.76] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801152043.928417"] [ref ""], client: 103.105.54.76, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%27%29+OR+++%288559%3D0 HTTP/1.1" [redacted]	2020-08-21 23:06:22
103.105.54.137	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-19 02:37:27

Type

Details

Datetime

103.105.54.76

attackspam

srvr1: (mod_security) mod_security (id:942100) triggered by 103.105.54.76 (ID/-/103-105-54-76.megadata.net.id): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:05:20 [error] 482759#0: *840549 [client 103.105.54.76] ModSecurity: Access denied with code 406 (phase 2).  [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801152043.928417"] [ref ""], client: 103.105.54.76, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%27%29+OR+++%288559%3D0 HTTP/1.1" [redacted]

2020-08-21 23:06:22

103.105.54.137

attack

MultiHost/MultiPort Probe, Scan, Hack -

2020-02-19 02:37:27

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 103.105.54.69
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53714
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;103.105.54.69.			IN	A

;; AUTHORITY SECTION:
.			594	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022031100 1800 900 604800 86400

;; Query time: 56 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 11 16:16:09 CST 2022
;; MSG SIZE  rcvd: 106

Host info

69.54.105.103.in-addr.arpa domain name pointer 103-105-54-69.megadata.net.id.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
69.54.105.103.in-addr.arpa	name = 103-105-54-69.megadata.net.id.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.222.13.37	attackspam	Unauthorised connection attempt detected at AUO MAIN. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-07-09 15:08:45
182.232.217.202	attack	Honeypot attack, port: 445, PTR: PTR record not found	2020-07-09 14:39:03
69.162.229.149	attackspambots	Brute forcing email accounts	2020-07-09 15:03:01
103.194.105.146	attack	103.194.105.218 - - [08/Jul/2020:22:35:21 -0700] "GJZI / HTTP/1.1" 501 216 "-" " Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"	2020-07-09 14:39:18
210.113.7.61	attackbotsspam	Jul 9 08:15:33 eventyay sshd[19117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.113.7.61 Jul 9 08:15:35 eventyay sshd[19117]: Failed password for invalid user heloise from 210.113.7.61 port 35132 ssh2 Jul 9 08:17:26 eventyay sshd[19190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.113.7.61 ...	2020-07-09 14:31:08
178.128.150.158	attack	ssh brute force	2020-07-09 15:11:27
46.38.150.72	attackspambots	Jul 9 05:54:28 srv01 postfix/smtpd\[17193\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 9 05:54:49 srv01 postfix/smtpd\[27541\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 9 05:55:11 srv01 postfix/smtpd\[20708\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 9 05:55:33 srv01 postfix/smtpd\[21861\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 9 05:55:53 srv01 postfix/smtpd\[23779\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-07-09 14:35:00
222.186.175.182	attackbots	Jul 9 06:26:07 scw-6657dc sshd[27537]: Failed password for root from 222.186.175.182 port 10656 ssh2 Jul 9 06:26:07 scw-6657dc sshd[27537]: Failed password for root from 222.186.175.182 port 10656 ssh2 Jul 9 06:26:10 scw-6657dc sshd[27537]: Failed password for root from 222.186.175.182 port 10656 ssh2 ...	2020-07-09 14:53:04
118.163.58.117	attack	118.163.58.117 - - [09/Jul/2020:04:55:50 +0100] "POST /wp-login.php HTTP/1.1" 200 12112 "http://slsmotors.co.uk/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" 118.163.58.117 - - [09/Jul/2020:04:55:52 +0100] "POST /wp-login.php HTTP/1.1" 200 12112 "http://slsmotors.co.uk/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" 118.163.58.117 - - [09/Jul/2020:04:55:53 +0100] "POST /wp-login.php HTTP/1.1" 200 12112 "http://slsmotors.co.uk/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" ...	2020-07-09 14:34:30
103.1.31.113	attackbotsspam	Honeypot attack, port: 445, PTR: dynamic-adsl.unitel.com.la.	2020-07-09 14:45:31
179.43.167.230	attack	Automatic report - Banned IP Access	2020-07-09 15:02:26
36.46.142.80	attackbotsspam	Jul 9 05:55:42 sshgateway sshd\[13003\]: Invalid user yc from 36.46.142.80 Jul 9 05:55:42 sshgateway sshd\[13003\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.46.142.80 Jul 9 05:55:44 sshgateway sshd\[13003\]: Failed password for invalid user yc from 36.46.142.80 port 33375 ssh2	2020-07-09 14:42:13
192.99.2.41	attackspambots	2020-07-09T05:38:37.039252shield sshd\[13618\]: Invalid user kirstin from 192.99.2.41 port 47428 2020-07-09T05:38:37.042878shield sshd\[13618\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns507177.ip-192-99-2.net 2020-07-09T05:38:38.750434shield sshd\[13618\]: Failed password for invalid user kirstin from 192.99.2.41 port 47428 ssh2 2020-07-09T05:41:39.166934shield sshd\[13873\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns507177.ip-192-99-2.net user=lp 2020-07-09T05:41:41.194875shield sshd\[13873\]: Failed password for lp from 192.99.2.41 port 44814 ssh2	2020-07-09 14:38:29
168.197.4.137	attackbots	failed_logins	2020-07-09 14:34:07
116.255.139.236	attackspambots	2020-07-08T20:55:32.582475-07:00 suse-nuc sshd[7400]: Invalid user lisen from 116.255.139.236 port 51674 ...	2020-07-09 14:53:52

Recently Reported IPs

103.105.54.10	103.105.97.85	103.106.168.19	103.106.168.26
103.106.192.28	103.106.194.142	103.106.22.189	103.106.235.145
148.240.125.171	103.106.236.223	103.106.242.159	103.106.7.217
103.107.132.185	103.107.175.150	103.107.181.33	103.107.182.41
103.107.182.48	103.107.237.91	103.107.244.224	103.107.247.250