JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.169.207.201

103.169.207.201 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 100%: ?

100%

ISP	CV Pajar Utama Sejahtera
Usage Type	Data Center/Web Hosting/Transit
ASN	AS138115
Hostname(s)	103-169-207-201.nevacloud.net
Domain Name	saranaserver.com
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.169.207.201

Whois 103.169.207.201

IP Abuse Reports for 103.169.207.201:

This IP address has been reported a total of 29 times from 24 distinct sources. 103.169.207.201 was first reported on June 15th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 Ivo Vynckier	2026-06-16 10:54:00 (3 days ago)	103.169.207.201 - - [15/Jun/2026:19:56:08 +0200] "GET /app/.env HTTP/1.1" 403 117 "-" "Go-http-clien ... show more 103.169.207.201 - - [15/Jun/2026:19:56:08 +0200] "GET /app/.env HTTP/1.1" 403 117 "-" "Go-http-client/1.1" 103.169.207.201 - - [15/Jun/2026:19:56:08 +0200] "GET /.env HTTP/1.1" 403 117 "-" "Go-http-client/1.1" 103.169.207.201 - - [15/Jun/2026:19:56:08 +0200] "GET /api/.env HTTP/1.1" 403 117 "-" "Go-http-client/1.1" 103.169.207.201 - - [15/Jun/2026:19:56:08 +0200] "GET /api/.env HTTP/1.1" 403 117 "-" "Go-http-client/1.1" 103.169.207.201 - - [15/Jun/2026:19:56:08 +0200] "GET /.env HTTP/1.1" 403 117 "-" "Go-http-client/1.1" 103.169.207.201 - - [15/Jun/2026:19:56:08 +0200] "GET /app/.env HTTP/1.1" 403 117 "-" "Go-http-client/1.1" show less	Web App Attack
🇬🇧 andypiper	2026-06-16 01:00:41 (4 days ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 mnsf	2026-06-16 00:16:16 (4 days ago)	Scanning/Probing (17)	Brute-Force Web App Attack
🇦🇺 paulshipley.com.au	2026-06-15 20:19:17 (4 days ago)	[Tue Jun 16 06:19:17.140342 2026] [security2:error] [pid 145531] [client 103.169.207.201:38294] [cli ... show more [Tue Jun 16 06:19:17.140342 2026] [security2:error] [pid 145531] [client 103.169.207.201:38294] [client 103.169.207.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "furst.com.au"] [uri "/app/.env"] [unique_id "ajBeRZf5lxUG31RVMeRqCQAAAAQ"], referer: http://furst.com.au/app/.env ... show less	Web App Attack
🇫🇮 inlink.ltd	2026-06-15 19:49:03 (4 days ago)	dot file probe	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:02:30 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 103.169.207.201 (103-169-207-201.nevacloud.net) ... show more (mod_security) mod_security (id:210492) triggered by 103.169.207.201 (103-169-207-201.nevacloud.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:02:24.260522 2026] [security2:error] [pid 3707:tid 3707] [client 103.169.207.201:38582] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whoownsmyhome.com"] [uri "/api/.env"] [unique_id "ajBMQKXpESKPsRYb8_-8cQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Trueforce Threat Report	2026-06-15 17:44:17 (4 days ago)	Automated report, trolling for resource vulnerabilities	Bad Web Bot Web App Attack
🇩🇪 Hary74656	2026-06-15 17:18:42 (4 days ago)	[Mon Jun 15 19:18:39.374913 2026] [security2:error] [pid 143313:tid 143483] [client 103.169.207.201: ... show more [Mon Jun 15 19:18:39.374913 2026] [security2:error] [pid 143313:tid 143483] [client 103.169.207.201:45558] [client 103.169.207.201] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "weavernet.de"] [uri "/app/.env"] [unique_id "ajAz7u3o1E7p9uhcg1DlQwAAARo"] [Mon Jun 15 19:18:39.374967 2026] [security2:error] [pid 143640:tid 143837] [client 103.169.207.201:45544] [client 103.169.207.201] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr ... show less	Web App Attack
🇫🇷 dynamix	2026-06-15 16:33:35 (4 days ago)	Multiple WAF Violations	Web App Attack
🇺🇸 uchat-ai.com	2026-06-15 15:58:16 (4 days ago)	IP 103.169.207.201 在过去24小时内进行了 2 次攻击。详细信息: 攻击类型: Restricted File Access Attempt, 攻击信息: Matched Data: ... show more IP 103.169.207.201 在过去24小时内进行了 2 次攻击。详细信息: 攻击类型: Restricted File Access Attempt, 攻击信息: Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] (Severity: 2); 攻击类型: Restricted File Access Attempt, 攻击信息: Matched Data: /.env found within REQUEST_FILENAME: /.env"] (Severity: 2) show less	Web App Attack
🇮🇩 Burayot	2026-06-15 14:11:42 (4 days ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 103.169.207.201 (ID/Indonesia/103-16 ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 103.169.207.201 (ID/Indonesia/103-169-207-201.nevacloud.net): 1 in the last 3600 secs show less	Web App Attack
🇬🇧 consul.to	2026-06-15 13:35:31 (4 days ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 4server	2026-06-15 13:31:01 (4 days ago)	[MonJun1515:30:56.7338222026][security2:error][pid72775:tid72923][client103.169.207.201:0]ModSecurit ... show more [MonJun1515:30:56.7338222026][security2:error][pid72775:tid72923][client103.169.207.201:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"mgpublishing.ch\"][uri\"/app/.env\"][unique_id\"ai_-kGYCS0F6nEsfSecJaAAAAQM\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 BlueWire Hosting	2026-06-15 12:47:37 (4 days ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇬🇧 Yosi	2026-06-15 12:34:51 (4 days ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.238.83.106

🇨🇭 209.99.191.217

🇺🇸 208.84.102.213

🇬🇧 185.216.145.183

🇺🇸 162.216.149.222

🇩🇪 69.5.169.214

🇺🇸 67.20.76.166

🇻🇳 27.79.7.135

🇺🇸 20.64.104.27

🇮🇳 205.254.166.144

🇧🇷 205.210.31.224

🇳🇱 203.159.90.204

🇨🇳 203.55.221.42

🇹🇳 197.240.200.245

🇧🇷 187.65.18.83

🇺🇸 162.216.149.51

🇧🇷 152.243.91.162

🇭🇰 152.32.212.226

🇨🇦 104.36.181.53

🇺🇸 64.62.156.54