JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.65.236.149

103.65.236.149 was found in our database!

This IP was reported 664 times. Confidence of Abuse is 90%: ?

90%

ISP	PT Berkah Solusi Teknologi Informasi
Usage Type	Data Center/Web Hosting/Transit
ASN	AS135450
Hostname(s)	149.236.65.in-addr.arpa
Domain Name	ptbsti.com
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.65.236.149

Whois 103.65.236.149

IP Abuse Reports for 103.65.236.149:

This IP address has been reported a total of 664 times from 215 distinct sources. 103.65.236.149 was first reported on February 1st 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-04 09:37:11 (2 days ago)	Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇩🇪 FeG Deutschland	2026-06-04 06:19:53 (2 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇫🇷 pm33	2026-06-03 19:52:19 (2 days ago)	Excessive crawling HTTP 404	Web App Attack
🇩🇪 Didier Lagaert	2026-06-03 16:51:36 (2 days ago)	lie-17 : Block hidden directories=>/.vscode/sftp.json(/)	Hacking
🇺🇸 TPI-Abuse	2026-06-03 13:23:45 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 103.65.236.149 (149.236.65.in-addr.arpa): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 103.65.236.149 (149.236.65.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 09:23:40.014273 2026] [security2:error] [pid 9856:tid 9856] [client 103.65.236.149:61148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "al-hafeeztrust.net"] [uri "/sftp-config.json"] [unique_id "aiAq3EjjyuyBtqJjpFYp9wAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 02:45:43 (3 days ago)	Automated report (2026-06-03T10:45:44+08:00). Caught probing for exposed VSCode data.	Hacking Web App Attack
Anonymous	2026-06-03 02:45:42 (3 days ago)	Automated report (2026-06-03T10:45:42+08:00). Caught probing for exposed FTP credentials.	Hacking
🇺🇸 TPI-Abuse	2026-06-02 20:56:47 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 103.65.236.149 (149.236.65.in-addr.arpa): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 103.65.236.149 (149.236.65.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 16:56:39.511947 2026] [security2:error] [pid 2186:tid 2186] [client 103.65.236.149:62557] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stbms.com"] [uri "/sftp-config.json"] [unique_id "ah9Dh46ME1140gw6XpztcAAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-02 19:36:41 (3 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 05:57:33 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 103.65.236.149 (149.236.65.in-addr.arpa): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 103.65.236.149 (149.236.65.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 01:57:29.177464 2026] [security2:error] [pid 8480:tid 8480] [client 103.65.236.149:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kirklandhighlands.org"] [uri "/sftp-config.json"] [unique_id "ahPkyY_hUdXFeVLH4yGEJAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-05-24 22:35:51 (1 week ago)	Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-mnz6-1)	Hacking Web App Attack
🇨🇦 dispensight	2026-05-24 05:57:54 (1 week ago)	Automated web scanner: 2 GET requests to help.dispensight.cloud. Paths: /. UA: Mozilla/5.0 (Macintos ... show more Automated web scanner: 2 GET requests to help.dispensight.cloud. Paths: /. UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0. PT Berkah Solusi Teknologi Informasi (Jakarta, Indonesia). show less	Bad Web Bot
🇩🇪 FeG Deutschland	2026-05-24 03:05:02 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 01:54:36 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 103.65.236.149 (149.236.65.in-addr.arpa): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 103.65.236.149 (149.236.65.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 21:54:28.103099 2026] [security2:error] [pid 12219:tid 12219] [client 103.65.236.149:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "local639.com"] [uri "/sftp-config.json"] [unique_id "ahJaVLwPtVa6hnYyIDuSjAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-24 01:41:24 (1 week ago)	(caddyscan) Scanner path probe from 103.65.236.149 (ID/Indonesia/149.236.65.in-addr.arpa): 5 in the ... show more (caddyscan) Scanner path probe from 103.65.236.149 (ID/Indonesia/149.236.65.in-addr.arpa): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 404 224 103.65.236.149 - - [24/May/2026:01:40:49 +0000] "GET /sftp-config.json HTTP/1.1" [REDACTED] 404 225 103.65.236.149 - - [24/May/2026:01:40:50 +0000] "GET /.vscode/sftp.json HTTP/1.1" [REDACTED] 200 2627 103.65.236.149 - - [24/May/2026:01:40:53 +0000] "GET /.vscode/sftp.json HTTP/1.1" [REDACTED] 404 235 103.65.236.149 - - [24/May/2026:01:40:59 +0000] "GET /.vscode/sftp.json HTTP/1.1" [REDACTED] 200 2627 103.65.236.149 - - [24/May/2026:01:41:04 +0000] "GET /.vscode/sftp.json HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 664 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 195.96.139.118

🇺🇸 162.216.150.146

🇵🇰 103.83.23.169

🇺🇸 20.65.193.158

🇺🇸 2602:80d:1007::2d

🇧🇷 177.131.17.114

🇬🇧 81.19.219.247

🇮🇶 65.20.137.173

🇱🇹 45.227.254.170

🇭🇺 45.11.172.25

🇮🇶 37.236.199.24

🇺🇸 20.64.105.77

🇷🇴 2.57.121.25

🇧🇷 177.22.44.30

🇮🇹 172.253.12.211

🇺🇸 150.107.36.186

🇨🇦 46.202.232.107

🇽🇰 46.99.29.184

🇫🇷 4.211.84.189

🇰🇷 210.182.73.137