JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.181.255.231

103.181.255.231 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 0%: ?

ISP	CV Langit Bersama
Usage Type	Fixed Line ISP
ASN	AS141145
Domain Name	langitbersama.my.id
Country	🇮🇩 Indonesia
City	Jember, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.181.255.231

Whois 103.181.255.231

IP Abuse Reports for 103.181.255.231:

This IP address has been reported a total of 13 times from 6 distinct sources. 103.181.255.231 was first reported on January 5th 2025, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2025-11-25 10:13:33 (6 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-17 16:54:01 (6 months ago)	scanning http requests from known botnet	Web App Attack
🇮🇩 hermawan	2025-11-14 21:29:06 (6 months ago)	[Sat Nov 15 04:27:14.538702 2025] [security2:error] [pid 191646:tid 140213213972160] [client 103.181 ... show more [Sat Nov 15 04:27:14.538702 2025] [security2:error] [pid 191646:tid 140213213972160] [client 103.181.255.231:44246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].?[\\"'`]\|(?:\\\\r?\\\\n)?\\\\z\|[^\\"'`]+)\|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]?from\|(?:alter\|(?:(?:cre\|trunc\|upd)at\|renam)e\|d(?:e(?:lete\|sc)\|rop)\|(?:inser\|selec)t\|load)[\\\\s\\\\x0b]?\\\\([\\\\s\\\\x0b]?space[\\\\s\\\\x0b]?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.20.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1989"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: , like Gecko) Version/4.0 Chrome/141.0.7390.122 Mobile Safari/537.36 OcIdWebView ({\\x22os\\x22:\\x22Android\\x22, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 12; SM-A1 ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-11-13 07:58:06 (6 months ago)	[Thu Nov 13 14:57:21.382991 2025] [security2:error] [pid 1158882:tid 140633483228864] [client 103.18 ... show more [Thu Nov 13 14:57:21.382991 2025] [security2:error] [pid 1158882:tid 140633483228864] [client 103.181.255.231:35276] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].?[\\"'`]\|(?:\\\\r?\\\\n)?\\\\z\|[^\\"'`]+)\|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]?from\|(?:alter\|(?:(?:cre\|trunc\|upd)at\|renam)e\|d(?:e(?:lete\|sc)\|rop)\|(?:inser\|selec)t\|load)[\\\\s\\\\x0b]?\\\\([\\\\s\\\\x0b]?space[\\\\s\\\\x0b]?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.20.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1989"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: , like Gecko) Version/4.0 Chrome/141.0.7390.122 Mobile Safari/537.36 OcIdWebView ({\\x22os\\x22:\\x22Android\\x22, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 12; SM-A ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-10-22 07:25:46 (7 months ago)	[Wed Oct 22 14:24:56.465074 2025] [security2:error] [pid 1435183:tid 140576920954560] [client 103.18 ... show more [Wed Oct 22 14:24:56.465074 2025] [security2:error] [pid 1435183:tid 140576920954560] [client 103.181.255.231:56602] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].?[\\"'`]\|(?:\\\\r?\\\\n)?\\\\z\|[^\\"'`]+)\|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]?from\|(?:alter\|(?:(?:cre\|trunc\|upd)at\|renam)e\|d(?:e(?:lete\|sc)\|rop)\|(?:inser\|selec)t\|load)[\\\\s\\\\x0b]?\\\\([\\\\s\\\\x0b]?space[\\\\s\\\\x0b]?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "2129"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: , like Gecko) Version/4.0 Chrome/141.0.7390.97 Mobile Safari/537.36 OcIdWebView ({\\x22os\\x22:\\x22Android\\x22, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 15; CPH25 ... show less	Hacking Web App Attack
🇳🇱 exxos	2025-08-28 18:05:29 (9 months ago)	Attacks with Bad user agents	Hacking
🇮🇩 hermawan	2025-06-04 08:26:18 (1 year ago)	[Wed Jun 04 15:26:17.895460 2025] [security2:error] [pid 277519:tid 139724457973440] [client 103.181 ... show more [Wed Jun 04 15:26:17.895460 2025] [security2:error] [pid 277519:tid 139724457973440] [client 103.181.255.231:37840] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "myactivity.google.com" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.14.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "439"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: myactivity.google.com found within REQUEST_HEADERS:Referer: https://myactivity.google.com/ request_line = GET /images/Klimatologi/Konferensi_Pers/2025/Press_Release_Prediksi_Musim_Kemarau_2025.jpg HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/Klimatologi/Konferensi_Pers/2025/Press_Release_Prediksi_Musim_Kemarau_2025.jpg"] [unique_id "aEADKdzrn3YJsopwW9c1ZwABXQ0"], referer https://myactivity.google.com/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[277533] [385DwCKjumg] [aEADKdzrn3YJsopwW9c1ZwABXQ0] keep_alive=[1] [2025-06-04 15:26:17.895468] [R:aEADKdz ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-05-19 07:54:09 (1 year ago)	[Mon May 19 14:53:07.420242 2025] [security2:error] [pid 800179:tid 140623390492352] [client 103.181 ... show more [Mon May 19 14:53:07.420242 2025] [security2:error] [pid 800179:tid 140623390492352] [client 103.181.255.231:56796] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "myactivity.google.com" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.14.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "439"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: myactivity.google.com found within REQUEST_HEADERS:Referer: https://myactivity.google.com/ request_line = GET /images/berita/2025/04/04-04-2025/Ucapan_Duka_Atas_Meninggalnya_Lestari.jpg HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/berita/2025/04/04-04-2025/Ucapan_Duka_Atas_Meninggalnya_Lestari.jpg"] [unique_id "aCrjY1FKbqCgXnqUwjyNvgABzzE"], referer https://myactivity.google.com/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[800229] [0aAqbIC7IIw] [aCrjY1FKbqCgXnqUwjyNvgABzzE] keep_alive=[1] [2025-05-19 14:53:07.420248] [R:aCrjY1FKbqCgXnqUwjyNvgABzzE] ... show less	Hacking Web App Attack
🇦🇺 MAGIC	2025-05-12 14:01:18 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 COMPLEX	2025-04-03 01:15:36 (1 year ago)	Triggered Cloudflare WAF (l7ddos) from ID. Action taken: BLOCK ASN: 141145 (GIGANET-AS-ID PT Giga Di ... show more Triggered Cloudflare WAF (l7ddos) from ID. Action taken: BLOCK ASN: 141145 (GIGANET-AS-ID PT Giga Digital Nusantara) Protocol: HTTP/1.1 (GET method) Timestamp: 2025-04-03T01:14:12Z show less	Bad Web Bot
🇩🇪 Packets-Decreaser.NET	2025-03-29 05:47:16 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇩🇪 Packets-Decreaser.NET	2025-01-08 21:47:59 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇩🇪 Packets-Decreaser.NET	2025-01-05 15:26:48 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.96

🇲🇽 189.194.140.170

🇲🇽 186.96.145.241

🇳🇱 172.211.56.214

🇨🇳 106.13.36.108

🇺🇸 75.102.23.159

🇳🇱 45.198.224.92

🇫🇮 45.156.22.81

🇳🇱 45.148.10.183

🇻🇳 27.79.2.165

🇩🇪 8.211.27.88

🇯🇵 8.209.236.193

🇬🇧 217.146.80.109

🇺🇸 216.180.246.199

🇬🇧 193.32.209.227

🇺🇸 162.216.150.173

🇨🇦 85.217.149.11

🇨🇦 69.49.112.72

🇭🇰 46.236.242.133

🇮🇩 36.66.16.233