JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.144.18.77

103.144.18.77 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 10%: ?

10%

ISP	PT Gasatek Bintang Nusantara
Usage Type	Fixed Line ISP
ASN	AS139418
Domain Name	gasatek.co.id
Country	🇮🇩 Indonesia
City	Jember, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.144.18.77

Whois 103.144.18.77

IP Abuse Reports for 103.144.18.77:

This IP address has been reported a total of 10 times from 5 distinct sources. 103.144.18.77 was first reported on June 5th 2021, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-21 04:31:43 (3 weeks ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇺🇸 RAP	2026-05-11 12:09:39 (1 month ago)	2026-05-11 12:09:39 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
🇮🇩 hermawan	2026-03-26 00:15:54 (2 months ago)	03/26/2026-07:15:52.481528 [Drop] [] [1:921617:0] Suricata match TLS JA4 scan Uniq Zeek no 28 wit ... show more 03/26/2026-07:15:52.481528 [Drop] [] [1:921617:0] Suricata match TLS JA4 scan Uniq Zeek no 28 with hash_t13d1516h2_8daaf6152771_02713d6af862 [**] [Classification: (null)] [Priority: 3] {TCP} 103.144.18.77:50344 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇮🇩 hermawan	2025-10-09 10:48:21 (8 months ago)	[Thu Oct 09 15:16:41.123045 2025] [security2:error] [pid 583610:tid 140638573029056] [client 103.144 ... show more [Thu Oct 09 15:16:41.123045 2025] [security2:error] [pid 583610:tid 140638573029056] [client 103.144.18.77:47870] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].?[\\"'`]\|(?:\\\\r?\\\\n)?\\\\z\|[^\\"'`]+)\|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]?from\|(?:alter\|(?:(?:cre\|trunc\|upd)at\|renam)e\|d(?:e(?:lete\|sc)\|rop)\|(?:inser\|selec)t\|load)[\\\\s\\\\x0b]?\\\\([\\\\s\\\\x0b]?space[\\\\s\\\\x0b]?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "2129"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: , like Gecko) Version/4.0 Chrome/140.0.7339.207 Mobile Safari/537.36 OcIdWebView ({\\x22os\\x22:\\x22Android\\x22, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 13; CPH2375 ... show less	Hacking Web App Attack
🇫🇷 ᴀʀᴛ	2025-07-30 01:54:22 (10 months ago)	Triggered Cloudflare WAF (l7ddos) from ID. ASN: 139418 (GASATEKNET-AS-ID PT Gasatek Bintang Nusantar ... show more Triggered Cloudflare WAF (l7ddos) from ID. ASN: 139418 (GASATEKNET-AS-ID PT Gasatek Bintang Nusantara) Protocol: HTTP/2 (GET method) UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	DDoS Attack Bad Web Bot
🇮🇩 hermawan	2025-06-20 15:31:02 (11 months ago)	[Fri Jun 20 22:31:01.039119 2025] [security2:error] [pid 73403:tid 139765423716032] [client 103.144. ... show more [Fri Jun 20 22:31:01.039119 2025] [security2:error] [pid 73403:tid 139765423716032] [client 103.144.18.77:38705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "myactivity.google.com" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.15.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "455"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: myactivity.google.com found within REQUEST_HEADERS:Referer: https://myactivity.google.com/ request_line = GET /images/Klimatologi/Prakiraan/03-Prakiraan-Bulanan/Prakiraan_Curah_Hujan_Bulanan/Prakiraan_Curah_Hujan_Bulanan_Provinsi_Jawa_Timur/2025/03_Maret_2025/03_Prediksi_Curah_Hujan_Bulan_JULI_2025_di_Provinsi_Jawa_Timur-Update_dari_Analisis_Bulan_Maret_2025.jpg HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/Klimatologi/Prakiraan/03-Prakiraan-Bulanan/Prakiraan_Curah_Hujan_Bulanan/Prakiraan_Curah_Hujan_Bulanan_Provinsi_Jawa_Timur/2025/03_Maret_2025/03_Prediksi_Curah_Huj ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-05-16 20:34:56 (1 year ago)	[Sat May 17 03:34:10.601162 2025] [security2:error] [pid 725998:tid 140676446533312] [client 103.144 ... show more [Sat May 17 03:34:10.601162 2025] [security2:error] [pid 725998:tid 140676446533312] [client 103.144.18.77:14550] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "myactivity.google.com" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.14.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "439"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: myactivity.google.com found within REQUEST_HEADERS:Referer: https://myactivity.google.com/ request_line = GET /images/berita/2025/04/04-04-2025/Ucapan_Duka_Atas_Meninggalnya_Lestari.jpg HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/berita/2025/04/04-04-2025/Ucapan_Duka_Atas_Meninggalnya_Lestari.jpg"] [unique_id "aCehQjfkYNgnlmiGY31TeQAATgI"], referer https://myactivity.google.com/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[726001] [uZVhtF45AZA] [aCehQjfkYNgnlmiGY31TeQAATgI] keep_alive=[1] [2025-05-17 03:34:10.601167] [R:aCehQjfkYNgnlmiGY31TeQAATgI] UA ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-05-03 08:16:26 (1 year ago)	[Sat May 03 14:42:02.775874 2025] [security2:error] [pid 489281:tid 140328297707200] [client 103.144 ... show more [Sat May 03 14:42:02.775874 2025] [security2:error] [pid 489281:tid 140328297707200] [client 103.144.18.77:45576] ModSecurity: Access denied with code 403 (phase 2). Match of "rx [0-9]\\\\s\\\\'\\\\s[0-9]" against "MATCHED_VAR" required. [file "/etc/modsecurity/coreruleset-4.13.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1747"] [id "932240"] [msg "Remote Command Execution: Unix Command Injection evasion attempt detected"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: s1746258122$o1 found within MATCHED_VAR: GS2.1.s1746258122$o1$g0$t1746258122$j60$l0$h0 request_line = GET /worker-analytic-helper-29-11-2022.js HTTP/2.0 Request URI RAW = /worker-analytic-helper-29-11-2022.js Request Basename = worker-analytic-helper-29-11-2022.js"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] ... show less	Hacking Web App Attack
🇺🇸 VSM Networks	2021-07-26 10:18:12 (4 years ago)	Credential Stuffing	Brute-Force
🇺🇸 VSM Networks	2021-06-05 09:10:21 (5 years ago)	Credential Stuffing	Brute-Force

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.145

🇿🇦 197.184.68.73

🇺🇸 195.184.76.146

🇺🇸 195.184.76.85

🇹🇷 185.174.20.64

🇺🇸 162.216.149.207

🇫🇮 132.243.206.170

🇮🇪 108.131.115.128

🇬🇧 92.21.50.43

🇳🇱 89.21.67.147

🇫🇷 87.88.236.77

🇰🇪 197.248.159.62

🇺🇸 147.185.132.189

🇦🇿 31.171.55.79

🇺🇸 2607:f8b0:4004:100d::12e

🇬🇧 185.116.173.8

🇲🇾 180.75.4.190

🇧🇷 177.11.17.179

🇿🇦 165.165.95.196

🇺🇸 162.216.150.168