JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.156.71.25

103.156.71.25 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 26%: ?

26%

ISP	Asia Pacific Network Information Centre
Usage Type	Fixed Line ISP
ASN	AS141081
Domain Name	apnic.net
Country	🇮🇩 Indonesia
City	Genteng, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.156.71.25

Whois 103.156.71.25

IP Abuse Reports for 103.156.71.25:

This IP address has been reported a total of 11 times from 8 distinct sources. 103.156.71.25 was first reported on March 26th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-06-25 06:48:11 (1 day ago)	[Thu Jun 25 13:48:10.485172 2026] [security2:error] [pid 1867743:tid 140674509809344] [client 103.15 ... show more [Thu Jun 25 13:48:10.485172 2026] [security2:error] [pid 1867743:tid 140674509809344] [client 103.156.71.25:47262] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.yahoo.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.yahoo.go.id found within REQUEST_HEADERS:Referer: https://www.yahoo.go.id/ request_line = GET /index.php/informasi-iklim/infografis-iklim/infografis-klimat-story/555561307-infografis-perubahan-iklim-jawa-timur HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/informasi-iklim/infografis-iklim/infografis-klimat-story/555561307-infografis-perubahan-iklim-jawa-timur"] [unique_id "ajzPKkoSjxpRvqeGFyEfIAAByQQ"], referer https://www.yahoo.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1867748] [06kVYM6rv24] [ajzPKkoSjxpRvqeGFyEfIAAByQQ] keep_alive=[1] [2026 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-22 12:57:10 (4 days ago)	[Mon Jun 22 19:57:08.026993 2026] [security2:error] [pid 585738:tid 140214570800832] [client 103.156 ... show more [Mon Jun 22 19:57:08.026993 2026] [security2:error] [pid 585738:tid 140214570800832] [client 103.156.71.25:53177] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bing.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bing.go.id found within REQUEST_HEADERS:Referer: https://www.bing.go.id/ request_line = GET /index.php/prediksi-iklim/prediksi-dasarian/probabilistik-curah-hujan-provinsi-jawa-timur HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prediksi-iklim/prediksi-dasarian/probabilistik-curah-hujan-provinsi-jawa-timur"] [unique_id "ajkxJJJMJrGbha7fUiDvaQAFjAk"], referer https://www.bing.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[585749] [S5AELtddvn8] [ajkxJJJMJrGbha7fUiDvaQAFjAk] keep_alive=[1] [2026-06-22 19:57:08.026997] [R:ajkxJJJMJrGbha7fUiDvaQAFjAk] UA ... show less	Email Spam Hacking
🇬🇧 PeravixGroup	2026-06-13 02:57:59 (1 week ago)	Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aar ... show more Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aaran.cloud show less	Hacking Exploited Host
🇮🇩 hermawan	2026-06-04 04:42:37 (3 weeks ago)	[Thu Jun 04 11:42:32.696629 2026] [security2:error] [pid 209429:tid 140067361208000] [client 103.156 ... show more [Thu Jun 04 11:42:32.696629 2026] [security2:error] [pid 209429:tid 140067361208000] [client 103.156.71.25:34723] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bmkg.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bmkg.go.id found within REQUEST_HEADERS:Referer: https://www.bmkg.go.id/ request_line = GET /index.php/informasi-iklim/buletin-1/buletin-informasi-iklim-dan-lingkungan HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/informasi-iklim/buletin-1/buletin-informasi-iklim-dan-lingkungan"] [unique_id "aiECOAw_f4lFGivLNtevSwABDws"], referer https://www.bmkg.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[209454] [gnYhLCaDrRU] [aiECOAw_f4lFGivLNtevSwABDws] keep_alive=[1] [2026-06-04 11:42:32.696634] [R:aiECOAw_f4lFGivLNtevSwABDws] UA:'Mozilla/5.0 (Linux; Androi ... show less	Email Spam Hacking
🇩🇪 SMARTNET	2026-05-27 06:03:53 (4 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: f33ea243-b344-42fe-b994-8adedb9f85ca	DDoS Attack
🇫🇷 security.rdmc.fr	2026-05-24 01:01:09 (1 month ago)	Port Scan Attack proto:TCP src:45405 dst:23	Port Scan
🇬🇧 PeravixGroup	2026-05-22 01:46:50 (1 month ago)	Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aar ... show more Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aaran.cloud show less	Hacking Exploited Host
🇹🇷 Threat.live	2026-05-18 07:45:08 (1 month ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 mnsf	2026-04-16 13:07:38 (2 months ago)	Login Too Frequent (7)	Brute-Force Web App Attack
🇳🇱 EGP Abuse Dept	2026-03-30 12:09:05 (2 months ago)	Scraping webshop URLs (www.badgehouder.nl), likely botnet drone	Bad Web Bot Exploited Host
🇵🇹 nuno	2026-03-26 04:59:38 (3 months ago)	103.156.71.25 - - [26/Mar/2026:04:07:38 +0000] _:443 "oOx80xEAZxDAx90xA5c" 400 384 "-" "-" "-" 9.408 ... show more 103.156.71.25 - - [26/Mar/2026:04:07:38 +0000] _:443 "oOx80xEAZxDAx90xA5c" 400 384 "-" "-" "-" 9.408 - 103.156.71.25 - - [26/Mar/2026:04:12:18 +0000] _:443 "-xC8x0Bx8Btx86x95x8BUxDA" 400 384 "-" "-" "-" 10.659 - ... show less	Hacking Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 147.185.132.56

🇺🇸 2600:1f18:5b75:b803:5dc0:7ad2:cd5c:f046

🇨🇳 221.0.15.111

🇧🇷 205.210.31.241

🇧🇷 205.210.31.240

🇵🇱 166.88.82.44

🇮🇳 115.248.8.65

🇨🇳 110.249.202.161

🇧🇩 103.42.203.47

🇷🇺 95.26.200.249

🇸🇪 20.240.51.74

🇺🇸 216.25.89.127

🇧🇷 205.210.31.229

🇧🇷 205.210.31.215

🇧🇷 205.210.31.208

🇱🇻 188.112.150.160

🇺🇸 162.216.150.61

🇮🇳 157.32.138.190

🇯🇵 149.22.87.50

🇺🇸 147.185.132.75