JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 118.99.84.71

118.99.84.71 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 9%: ?

ISP	BIZNET PREPAID
Usage Type	Fixed Line ISP
ASN	AS17451
Domain Name	biznetnetworks.com
Country	🇮🇩 Indonesia
City	Surabaya, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 118.99.84.71

Whois 118.99.84.71

IP Abuse Reports for 118.99.84.71:

This IP address has been reported a total of 20 times from 14 distinct sources. 118.99.84.71 was first reported on December 15th 2020, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-05-19 19:58:43 (2 weeks ago)	[Wed May 20 02:58:39.085214 2026] [security2:error] [pid 229399:tid 140083024844480] [client 118.99. ... show more [Wed May 20 02:58:39.085214 2026] [security2:error] [pid 229399:tid 140083024844480] [client 118.99.84.71:49869] ModSecurity: Access denied with code 403 (phase 1). Match of "pm www.office.com powerpoint.officeapps.live.com /offline-service-worker-19-02-2025.js /offline-service-worker-27-01-2024-v5-0-1.js /offline-service-worker-01-08-2023-v4-5-1.js /OneSignalSDKWorker.js /worker-analytic-helper-27-11-2022.js/ /worker-analyti ..." against "REQUEST_HEADERS:Referer" required. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "622"] [id "440067"] [msg "BAD Referer"] [data "Matched Data: staklim-malang.info found within REQUEST_HEADERS:Referer: https://www.bing.info/ request_line = GET /index.php/profil/meteorologi/list-of-all-tags/prakiraan-klimatologi?start=2000 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/index.php/profil/meteorologi/list-of-all-tags/prakiraan-klimatologi"] [unique_id "agzA796ad4JCFzqfr0wZzgABQwo"], ... show less	Email Spam Hacking
🇨🇭 pingusurmars	2026-04-24 08:00:25 (1 month ago)	Blocked by UFW on amperetwo [1433/tcp] Source port: 6510 TTL: 116 Packet length: 60 TOS: 0x00 This ... show more Blocked by UFW on amperetwo [1433/tcp] Source port: 6510 TTL: 116 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 filstal.org	2026-04-03 09:48:09 (2 months ago)	Brute-force/Enumeration: Multiple login attempts for non-existent mail accounts (Honeytrap).	Email Spam Brute-Force
🇮🇪 RoboSOC	2026-04-02 08:45:00 (2 months ago)	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	Port Scan
🇨🇭 backslash	2026-03-22 15:21:01 (2 months ago)	block ruleset Badbot using very old user-agents 5CF3CDB778C7D82564405B86B9242E612F378C68	Bad Web Bot
🇷🇸 Scan	2026-03-20 03:12:43 (2 months ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇫🇷 ✨	2026-03-20 02:15:17 (2 months ago)	Rule : Security UserAccount : Administrator S-1-0-0 - - 0x0 S-1-0-0 Administrator SERVER 0xc000006d ... show more Rule : Security UserAccount : Administrator S-1-0-0 - - 0x0 S-1-0-0 Administrator SERVER 0xc000006d %#13 0xc000006a 3 NtLmSsp NTLM SERVER - - 0 0x0 - 118.99.84.71 57572 show less	Port Scan Hacking Brute-Force
🇸🇰 GOVCERT	2026-03-19 14:22:24 (2 months ago)	Sweep Scan	Port Scan
🇷🇺 www.winos.me	2026-03-19 05:42:48 (2 months ago)	port scan	Port Scan
🇫🇷 ✨	2026-03-16 03:04:11 (2 months ago)	Rule : MSSQLSERVER sa Motivo: la contraseña no es válida para el inicio de sesión proporcionado. [ ... show more Rule : MSSQLSERVER sa Motivo: la contraseña no es válida para el inicio de sesión proporcionado. [CLIENTE: 118.99.84.71] show less	Port Scan Brute-Force
🇮🇩 hermawan	2026-03-10 01:50:57 (2 months ago)	[Tue Mar 10 08:50:24.797841 2026] [security2:error] [pid 297599:tid 139778585618112] [client 118.99. ... show more [Tue Mar 10 08:50:24.797841 2026] [security2:error] [pid 297599:tid 139778585618112] [client 118.99.84.71:7139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:^\|b[\\"'\\\\)\\\\[\\\\x5c](?:(?:(?:\\\\\|\\\\\|\|&&)[\\\\s\\\\x0b])?\\\\$[!#\\\$\\\\\\\\-0-9\\\\?@_a-\\\\{])?\\\\x5c?u[\\"'\\\$\\\\[\\\\x5c](?:(?:(?:\\\\\|\\\\\|\|&&)[\\\\s\\\\x0b])?\\\\$[!#\\\$\\\\\\\\-0-9\\\\?@_a-\\\\{])?\\\\x5c?s[\\"'\\\$\\\\[\\\\x5c](?:(?:(?:\\\\\|\\\\\|\|&&)[\\\\s\\\\x0b])?\\\\$[!#\\\\(\\\\*\\\\-0- ..." at ARGS_NAMES:id. [file "/etc/modsecurity/coreruleset-4.24.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "3199"] [id "932350"] [msg "Remote Command Execution: Direct Unix Command Execution (No Arguments)"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: id found within ARGS_NAMES:id: id request_line = GET /index.php/component/search/?Itemid=1310&id=408:gempa-terkini&format=opensearch HTTP/2.0 Request URI ... show less	Web App Attack Hacking
🇮🇩 hermawan	2026-03-09 14:48:59 (2 months ago)	03/09/2026-21:48:29.574520 [Drop] [] [1:2210050:3] SURICATA STREAM reassembly overlap with differ ... show more 03/09/2026-21:48:29.574520 [Drop] [] [1:2210050:3] SURICATA STREAM reassembly overlap with different data [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 118.99.84.71:58225 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇨🇿 Rx007	2026-03-09 05:33:36 (2 months ago)	CrowdSec detection: a1ad/mikrotik-scan-scenario on MikroTik/NPMplus	Port Scan Brute-Force SSH
🇮🇩 hermawan	2026-03-08 15:04:22 (3 months ago)	[Sun Mar 08 22:04:21.902165 2026] [security2:error] [pid 197090:tid 140398847547072] [client 118.99. ... show more [Sun Mar 08 22:04:21.902165 2026] [security2:error] [pid 197090:tid 140398847547072] [client 118.99.84.71:48605] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:^\|b[\\"'\\\\)\\\\[\\\\x5c](?:(?:(?:\\\\\|\\\\\|\|&&)[\\\\s\\\\x0b])?\\\\$[!#\\\$\\\\\\\\-0-9\\\\?@_a-\\\\{])?\\\\x5c?u[\\"'\\\$\\\\[\\\\x5c](?:(?:(?:\\\\\|\\\\\|\|&&)[\\\\s\\\\x0b])?\\\\$[!#\\\$\\\\\\\\-0-9\\\\?@_a-\\\\{])?\\\\x5c?s[\\"'\\\$\\\\[\\\\x5c](?:(?:(?:\\\\\|\\\\\|\|&&)[\\\\s\\\\x0b])?\\\\$[!#\\\\(\\\\*\\\\-0- ..." at ARGS_NAMES:id. [file "/etc/modsecurity/coreruleset-4.24.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "3199"] [id "932350"] [msg "Remote Command Execution: Direct Unix Command Execution (No Arguments)"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: id found within ARGS_NAMES:id: id request_line = GET /index.php/component/search/?Itemid=1310&id=408:gempa-terkini&format=opensearch HTTP/2.0 Request UR ... show less	Web App Attack Hacking
Anonymous	2026-03-06 13:57:20 (3 months ago)	Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ... show more Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in thread-skip.asp show less	Exploited Host Bad Web Bot

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.190.78.227

🇨🇳 183.253.84.164

🇨🇳 153.0.124.144

🇸🇬 114.119.155.44

🇺🇸 97.107.133.213

🇭🇰 43.255.118.11

🇹🇼 34.81.164.108

🇳🇱 185.242.226.126

🇳🇱 160.119.76.51

🇩🇪 144.31.16.121

🇳🇱 81.19.216.70

🇩🇪 69.5.169.164

🇷🇺 46.39.254.221

🇳🇱 204.76.203.231

🇺🇸 191.101.33.114

🇩🇪 139.59.139.151

🇨🇳 118.145.246.44

🇧🇩 103.148.53.115

🇧🇪 34.14.7.168

🇨🇳 221.226.17.34