JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.175.49.165

103.175.49.165 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 20%: ?

20%

ISP	PT. Trans Indonesia Superkoridor
Usage Type	Fixed Line ISP
ASN	AS138871
Domain Name	tis.net.id
Country	🇮🇩 Indonesia
City	Pekalongan, Central Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.175.49.165

Whois 103.175.49.165

IP Abuse Reports for 103.175.49.165:

This IP address has been reported a total of 11 times from 6 distinct sources. 103.175.49.165 was first reported on March 7th 2024, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-29 14:09:59 (8 hours ago)	(mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 10:09:51.283823 2026] [security2:error] [pid 21497:tid 21497] [client 103.175.49.165:39494] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.175.49.165 (+1 hits since last alert)\|godcanuseyou.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "godcanuseyou.com"] [uri "/xmlrpc.php"] [unique_id "akJ8r2trCe1yxNf_OxntCgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-29 11:46:58 (11 hours ago)	(mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 07:46:54.869936 2026] [security2:error] [pid 5824:tid 5904] [client 103.175.49.165:20793] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.175.49.165 (+1 hits since last alert)\|woofnrose.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "woofnrose.com"] [uri "/xmlrpc.php"] [unique_id "akJbLiu__90s-6qIF4ZbigAAAQk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-29 08:41:33 (14 hours ago)	[redacted] 103.175.49.165 - - [29/Jun/2026:10:40:49 +0200] "POST /xmlrpc.php HTTP/1.1" 403 1511 "-" ... show more [redacted] 103.175.49.165 - - [29/Jun/2026:10:40:49 +0200] "POST /xmlrpc.php HTTP/1.1" 403 1511 "-" "Jetpack by WordPress.com" [redacted] 103.175.49.165 - - [29/Jun/2026:10:41:00 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "WordPress.com; https://wordpress.com" [redacted] 103.175.49.165 - - [29/Jun/2026:10:41:10 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" [redacted] 103.175.49.165 - - [29/Jun/2026:10:41:21 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)" [redacted] 103.175.49.165 - - [29/Jun/2026:10:41:32 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-03 07:48:42 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 03 03:48:37.009344 2026] [security2:error] [pid 23524:tid 23524] [client 103.175.49.165:19473] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.175.49.165 (+1 hits since last alert)\|comunicacion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "comunicacion.com"] [uri "/xmlrpc.php"] [unique_id "afb91aowaRqIWmz6wzBDJwAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 ConsulHosting	2026-04-30 14:20:53 (1 month ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇺🇸 TPI-Abuse	2026-04-29 15:33:07 (2 months ago)	(mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 11:32:59.574077 2026] [security2:error] [pid 25792:tid 25811] [client 103.175.49.165:55876] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.175.49.165 (+1 hits since last alert)\|sandiegosamsolo.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sandiegosamsolo.com"] [uri "/xmlrpc.php"] [unique_id "afIkq5zLpoXAc23o-ARlKQAAAE8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 03:20:20 (2 months ago)	(mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 23:20:15.321936 2026] [security2:error] [pid 13104:tid 13104] [client 103.175.49.165:50723] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.175.49.165 (+1 hits since last alert)\|midwayisland.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "midwayisland.com"] [uri "/xmlrpc.php"] [unique_id "afAnb4am2rofgQiF1CCHLwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 01:48:39 (2 months ago)	(mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.175.49.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 21:48:35.439973 2026] [security2:error] [pid 14853:tid 14853] [client 103.175.49.165:23340] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.175.49.165 (+1 hits since last alert)\|exhaustthelimits.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "exhaustthelimits.org"] [uri "/xmlrpc.php"] [unique_id "afAR83D9DpI1siOeUnWmrAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 exxos	2025-08-30 03:03:01 (9 months ago)	http-no-verb	Hacking
🇦🇺 aglenday	2025-08-23 19:46:19 (10 months ago)	(imapd) Failed IMAP login from 103.175.49.165 (ID/Indonesia/-): 1 in the last 3600 secs; Ports: ; D ... show more (imapd) Failed IMAP login from 103.175.49.165 (ID/Indonesia/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 2025-08-24T05:46:14.794361+10:00 mail dovecot: imap-login: Disconnected: Connection closed (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=103.175.49.165, lip=149.28.180.240, TLS: Connection closed, session=<2ckfkw09rjVnrzGl> show less	Port Scan
🇧🇷 diego	2024-03-07 04:36:39 (2 years ago)	[rede-arem1] 03/07/2024-01:36:39.511070, 103.175.49.165, Protocol: 6, ET SCAN Suspicious inbound to ... show more [rede-arem1] 03/07/2024-01:36:39.511070, 103.175.49.165, Protocol: 6, ET SCAN Suspicious inbound to mySQL port 3306 show less	Hacking

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.200.98.61

🇺🇸 23.226.212.143

🇯🇵 203.25.124.190

🇲🇳 203.23.199.89

🇧🇷 200.155.66.2

🇪🇬 197.50.151.219

🇮🇹 172.253.12.156

🇫🇮 147.185.133.250

🇺🇸 147.185.132.30

🇪🇪 109.206.241.199

🇨🇳 106.75.176.119

🇰🇷 59.23.162.107

🇧🇷 38.252.65.35

🇺🇸 20.65.192.66

🇨🇦 20.63.86.26

🇮🇩 203.148.84.6

🇮🇳 202.88.222.110

🇺🇸 192.34.62.126

🇧🇷 189.60.197.142

🇺🇸 185.150.191.236