JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.76.109.38

103.76.109.38 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 0%: ?

ISP	PT Mahawira Nusantara Grup
Usage Type	Fixed Line ISP
ASN	AS151576
Domain Name	mahawiranusantaragroup.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.76.109.38

Whois 103.76.109.38

IP Abuse Reports for 103.76.109.38:

This IP address has been reported a total of 6 times from 4 distinct sources. 103.76.109.38 was first reported on October 6th 2025, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2025-12-19 02:37:08 (5 months ago)	Blocked by UFW (TCP on 9101) Source port: 65056 TTL: 114 Packet length: 52 TOS: 0x00 This report (f ... show more Blocked by UFW (TCP on 9101) Source port: 65056 TTL: 114 Packet length: 52 TOS: 0x00 This report (for 103.76.109.38) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇮🇩 hermawan	2025-11-23 13:53:00 (6 months ago)	[Sun Nov 23 20:52:34.756548 2025] [security2:error] [pid 827307:tid 140348584093376] [client 103.76. ... show more [Sun Nov 23 20:52:34.756548 2025] [security2:error] [pid 827307:tid 140348584093376] [client 103.76.109.38:43952] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Brave" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.20.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "247"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Brave found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/78.0.3904.108 Safari/537.36 request_line = GET /index.php/profil/meteorologi/list-all-categories/3941-klimatologi/prakiraan-klimatologi/prakiraan-dasarian/prakiraan-curah-hujan-dasarian/prakiraan-probabilistik-curah-hujan-dasarian/prakiraan-probabilistik-curah-hujan-dasarian-provinsi-jawa-timur/prakiraan-probabilistik-curah-hujan-dasarian-provins..."] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/list-all- ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-11-13 13:07:15 (6 months ago)	[Thu Nov 13 20:05:23.405132 2025] [security2:error] [pid 1503649:tid 140633206326976] [client 103.76 ... show more [Thu Nov 13 20:05:23.405132 2025] [security2:error] [pid 1503649:tid 140633206326976] [client 103.76.109.38:60542] ModSecurity: Access denied with code 403 (phase 1). Match of "pm matomo.staklim-malang.info " against "SERVER_NAME" required. [file "/etc/modsecurity/coreruleset-4.20.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "183"] [id "440235"] [msg "BAD REQUEST Bro"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: %3a found within SERVER_NAME: staklim-malang.info request_line = GET /index.php/profil/arsip-artikel?catid=475&id=731%3Aprakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-22-28-september-2015&start=80 HTTP/2.0 Request URI RAW = /index.php/profil/arsip-artikel?catid=475&id=731%3Aprakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-22-28-september-2015&start=80..."] [hostname "staklim-malang.info"] [uri "/index.php/profil/arsip-artikel"] [unique_id "aRXXk9L-KZu3 ... show less	Hacking Web App Attack
Anonymous	2025-11-12 19:02:42 (6 months ago)	Web attack	Bad Web Bot Web App Attack
🇳🇱 exxos	2025-10-20 15:03:01 (7 months ago)	Attacks with Bad user agents	Hacking
🇮🇩 hermawan	2025-10-06 13:08:36 (8 months ago)	[Mon Oct 06 20:05:56.378807 2025] [security2:error] [pid 3798371:tid 140606448850624] [client 103.76 ... show more [Mon Oct 06 20:05:56.378807 2025] [security2:error] [pid 3798371:tid 140606448850624] [client 103.76.109.38:49506] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].?[\\"'`]\|(?:\\\\r?\\\\n)?\\\\z\|[^\\"'`]+)\|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]?from\|(?:alter\|(?:(?:cre\|trunc\|upd)at\|renam)e\|d(?:e(?:lete\|sc)\|rop)\|(?:inser\|selec)t\|load)[\\\\s\\\\x0b]?\\\\([\\\\s\\\\x0b]?space[\\\\s\\\\x0b]?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "2129"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: , like Gecko) Version/4.0 Chrome/140.0.7339.208 Mobile Safari/537.36 OcIdWebView ({\\x22os\\x22:\\x22Android\\x22, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 15; 25028P ... show less	Hacking Web App Attack

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.200

🇱🇹 141.98.11.83

🇲🇾 76.13.182.161

🇺🇸 47.251.249.8

🇺🇸 35.243.197.1

🇲🇲 202.157.190.169

🇲🇽 187.249.66.186

🇺🇸 153.66.28.132

🇨🇳 150.255.36.111

🇮🇳 124.123.125.62

🇨🇳 101.71.38.3

🇬🇧 35.246.100.183

🇫🇮 35.228.199.26

🇧🇪 35.205.32.150

🇻🇳 14.228.230.246

🇻🇳 14.224.157.42

🇧🇪 194.187.251.91

🇳🇱 185.156.73.233

🇺🇸 167.172.152.94

🇮🇳 122.175.194.53