JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.140.180.87

158.140.180.87 was found in our database!

This IP was reported 103 times. Confidence of Abuse is 30%: ?

30%

ISP	PT. Eka Mas Republik
Usage Type	Fixed Line ISP
ASN	AS63859
Hostname(s)	host-158.140.180-87.myrepublic.co.id
Domain Name	myrepublic.co.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.140.180.87

Whois 158.140.180.87

IP Abuse Reports for 158.140.180.87:

This IP address has been reported a total of 103 times from 18 distinct sources. 158.140.180.87 was first reported on February 22nd 2021, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 pltcldvlpr	2026-06-17 01:28:35 (13 hours ago)	Bogus Useragent: 158.140.180.87 - - [17/Jun/2026:03:28:35 +0200] "GET /protocol?id=st_8_49&offset=80 ... show more Bogus Useragent: 158.140.180.87 - - [17/Jun/2026:03:28:35 +0200] "GET /protocol?id=st_8_49&offset=800&seq=858 HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.2; Trident/5.1)" asn=63859 org="PT. Eka Mas Republik" country=ID ... show less	Bad Web Bot
🇮🇩 sockominfo	2026-06-15 17:00:16 (1 day ago)	User login to application during non-business hours. Threat Score: 6/10 (MEDIUM). Reported by Tanger ... show more User login to application during non-business hours. Threat Score: 6/10 (MEDIUM). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 hermawan	2026-06-10 21:09:33 (6 days ago)	[Thu Jun 11 04:09:29.998352 2026] [security2:error] [pid 848458:tid 139786256824000] [client 158.140 ... show more [Thu Jun 11 04:09:29.998352 2026] [security2:error] [pid 848458:tid 139786256824000] [client 158.140.180.87:59908] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.yahoo.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.yahoo.go.id found within REQUEST_HEADERS:Referer: https://www.yahoo.go.id/ request_line = GET /index.php/e-buletin-untuk-kota-dan-kabupaten-di-provinsi-jawa-timur HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/e-buletin-untuk-kota-dan-kabupaten-di-provinsi-jawa-timur"] [unique_id "ainSiWbz2xDqnUFlM0VOmgABjBM"], referer https://www.yahoo.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[848479] [nLPOqGzdtaU] [ainSiWbz2xDqnUFlM0VOmgABjBM] keep_alive=[1] [2026-06-11 04:09:29.998356] [R:ainSiWbz2xDqnUFlM0VOmgABjBM] UA:'Mozilla/5.0 (Linux; Android 10; SM- ... show less	Email Spam Hacking
🇹🇷 Threat.live	2026-06-04 02:40:03 (1 week ago)	Threat.live: Web Scan	Web App Attack
🇮🇩 sockominfo	2026-06-02 23:00:39 (2 weeks ago)	Late night login (22:00-05:30) - High risk Jakarta timezone (WIB), User login to application during ... show more Late night login (22:00-05:30) - High risk Jakarta timezone (WIB), User login to application during non-business hours. Threat Score: 9.1/10 (CRITICAL). Confidence: 70%. CVSS v3.1: 9.9/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 96%. MITRE ATT&CK: T1078 (Valid Accounts). Tactic: TA0001. Freshness: Fresh. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-02 22:00:11 (2 weeks ago)	Late night login (22:00-05:30) - High risk Jakarta timezone (WIB). Threat Score: 8.6/10 (HIGH). Repo ... show more Late night login (22:00-05:30) - High risk Jakarta timezone (WIB). Threat Score: 8.6/10 (HIGH). Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-05-28 18:00:39 (2 weeks ago)	User login to application during non-business hours. Threat Score: 6.5/10 (HIGH). Confidence: 40%. C ... show more User login to application during non-business hours. Threat Score: 6.5/10 (HIGH). Confidence: 40%. CVSS v3.1: 4.6/10 (Medium). CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Bayesian Probability: 87%. MITRE ATT&CK: T1046 (Network Service Scanning). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-05-28 17:00:41 (2 weeks ago)	User login to application during non-business hours. Threat Score: 6.6/10 (HIGH). Confidence: 40%. C ... show more User login to application during non-business hours. Threat Score: 6.6/10 (HIGH). Confidence: 40%. CVSS v3.1: 4.6/10 (Medium). CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Bayesian Probability: 87%. MITRE ATT&CK: T1046 (Network Service Scanning). Tactic: TA0001. Freshness: Very Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇵🇱 nfsec.pl	2026-05-11 03:08:16 (1 month ago)	Detected: TCP scan on port: 445 with flags: SYN	Port Scan
🇧🇷 diego	2024-10-30 09:05:27 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 4 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-10-30 05:17:18 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-10-29 12:08:59 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 5 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-10-28 21:25:32 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 7 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-10-28 15:26:09 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 4 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-10-28 13:07:52 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 5 times in the last 10800 seconds	DDoS Attack

Showing 1 to 15 of 103 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 165.154.138.33

🇨🇳 117.35.104.66

🇿🇦 105.225.48.153

🇭🇰 101.36.121.72

🇩🇪 85.203.15.119

🇺🇸 63.42.190.241

🇧🇪 2a00:1450:400c:c01::12c

🇩🇪 81.199.26.52

🇺🇸 45.81.149.195

🇺🇸 44.153.21.103

🇪🇬 41.128.181.199

🇺🇸 35.202.253.226

🇺🇸 20.46.228.84

🇬🇧 2a06:4880:8000::a6

🇰🇷 210.118.224.138

🇺🇸 196.51.187.45

🇺🇸 192.0.113.49

🇺🇸 161.129.211.56

🇺🇸 136.144.42.35

🇨🇳 121.229.156.33