JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.132.52.250

103.132.52.250 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 63%: ?

63%

ISP	PT. ADEAKSA INDO JAYATAMA
Usage Type	Fixed Line ISP
ASN	AS138123
Domain Name	dexanet.co.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.132.52.250

Whois 103.132.52.250

IP Abuse Reports for 103.132.52.250:

This IP address has been reported a total of 47 times from 29 distinct sources. 103.132.52.250 was first reported on October 7th 2022, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 sockominfo	2026-06-11 13:00:53 (1 day ago)	SIMASN Account Signin from Blacklisted IP., User login to application from malicious IP 103.132.52.2 ... show more SIMASN Account Signin from Blacklisted IP., User login to application from malicious IP 103.132.52.250.. Threat Score: 7.5/10 (HIGH). Confidence: 50%. CVSS v3.1: 6.3/10 (Medium). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. Bayesian Probability: 93%. MITRE ATT&CK: T1071 (Application Layer Protocol). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-11 12:00:09 (1 day ago)	SIMASN Account Signin from Blacklisted IP.. Threat Score: 5.9/10 (MEDIUM). Reported by TangerangKota ... show more SIMASN Account Signin from Blacklisted IP.. Threat Score: 5.9/10 (MEDIUM). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-11 03:00:59 (1 day ago)	SIMASN Account Signin from Blacklisted IP.. Threat Score: 7.6/10 (HIGH). Confidence: 60%. CVSS v3.1: ... show more SIMASN Account Signin from Blacklisted IP.. Threat Score: 7.6/10 (HIGH). Confidence: 60%. CVSS v3.1: 7.3/10 (High). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. Bayesian Probability: 87%. MITRE ATT&CK: T1071 (Application Layer Protocol). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-11 02:00:59 (1 day ago)	SIMASN Account Signin from Blacklisted IP.. Threat Score: 7.8/10 (HIGH). Confidence: 60%. CVSS v3.1: ... show more SIMASN Account Signin from Blacklisted IP.. Threat Score: 7.8/10 (HIGH). Confidence: 60%. CVSS v3.1: 7.3/10 (High). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. Bayesian Probability: 87%. MITRE ATT&CK: T1071 (Application Layer Protocol). Tactic: TA0001. Freshness: Very Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇺🇸 WeekendWeb	2026-06-09 13:33:43 (3 days ago)	Wordpress Vunerability attack	Web App Attack
🇫🇷 masterguru	2026-06-09 06:32:41 (3 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
Anonymous	2026-06-09 05:31:09 (3 days ago)	[redacted] 103.132.52.250 - - [09/Jun/2026:07:30:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 103.132.52.250 - - [09/Jun/2026:07:30:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.2; http://site51866368.com" [redacted] 103.132.52.250 - - [09/Jun/2026:07:30:37 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 103.132.52.250 - - [09/Jun/2026:07:30:47 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 103.132.52.250 - - [09/Jun/2026:07:30:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 103.132.52.250 - - [09/Jun/2026:07:31:08 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 02:38:29 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 103.132.52.250 (50.sub-52-132-103.dexanet.co.id ... show more (mod_security) mod_security (id:240335) triggered by 103.132.52.250 (50.sub-52-132-103.dexanet.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 22:38:25.572863 2026] [security2:error] [pid 9623:tid 9623] [client 103.132.52.250:61997] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.132.52.250 (+1 hits since last alert)\|lusineweb.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lusineweb.com"] [uri "/xmlrpc.php"] [unique_id "aid8oWcJYSg3EZrUhWxfvAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 reznekcs	2026-06-08 01:10:24 (4 days ago)	F2B wordpress ban. Logs: 103.132.52.250 - - [08/Jun/2026:03:10:13 +0200] "POST /xmlrpc.php HTTP/1.1" ... show more F2B wordpress ban. Logs: 103.132.52.250 - - [08/Jun/2026:03:10:13 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4246 "-" "Jetpack/12.0; WordPress/6.4; http://site34835227.com" 103.132.52.250 - - [08/Jun/2026:03:10:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4246 "-" "Jetpack/13.0; WordPress/6.2; http://site88207074.com" show less	Brute-Force Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-05 08:19:26 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC ID/Indonesia/50.sub-52-132-103.dexanet.co.id	Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 05:46:59 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.132.52.250 (50.sub-52-132-103.dexanet.co.id ... show more (mod_security) mod_security (id:240335) triggered by 103.132.52.250 (50.sub-52-132-103.dexanet.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 01:46:56.544481 2026] [security2:error] [pid 8245:tid 8245] [client 103.132.52.250:60507] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.132.52.250 (+1 hits since last alert)\|serranoscoffee.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "serranoscoffee.com"] [uri "/xmlrpc.php"] [unique_id "aiJi0HB3A9BrnRImOEwXhQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-05 04:29:12 (1 week ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 06:14:46 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.132.52.250 (50.sub-52-132-103.dexanet.co.id ... show more (mod_security) mod_security (id:240335) triggered by 103.132.52.250 (50.sub-52-132-103.dexanet.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 02:14:39.239608 2026] [security2:error] [pid 21403:tid 21403] [client 103.132.52.250:59907] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.132.52.250 (+1 hits since last alert)\|investorsfundingusa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "investorsfundingusa.com"] [uri "/xmlrpc.php"] [unique_id "aiEXzwsVyQ2BPAqN-Sbw0wAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-04 04:08:17 (1 week ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-04 03:40:17 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.132.52.250 (50.sub-52-132-103.dexanet.co.id ... show more (mod_security) mod_security (id:240335) triggered by 103.132.52.250 (50.sub-52-132-103.dexanet.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:40:12.492461 2026] [security2:error] [pid 4603:tid 4607] [client 103.132.52.250:63432] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.132.52.250 (+1 hits since last alert)\|lamcohomecare.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lamcohomecare.com"] [uri "/xmlrpc.php"] [unique_id "aiDznAnAQbaiCcNquI_eFAAAAIE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 2a09:bac5:33e4:248c::3a4:23

🇬🇧 35.203.211.133

🇩🇪 162.158.86.68

🇲🇽 148.224.12.202

🇫🇮 147.185.133.246

🇷🇴 94.156.152.50

🇺🇸 74.7.241.6

🇪🇸 46.6.124.216

🇺🇸 38.60.88.20

🇬🇧 35.203.210.220

🇬🇧 35.203.210.146

🇺🇸 23.82.139.3

🇺🇸 20.29.57.212

🇺🇸 207.90.244.17

🇫🇷 194.163.185.4

🇩🇪 185.242.3.226

🇺🇸 168.100.149.119

🇰🇷 118.33.113.91

🇩🇪 104.23.239.5

🇫🇷 92.103.134.183