JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.143.196.250

103.143.196.250 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 38%: ?

38%

ISP	PT JERNIH MULTI KOMUNIKASI
Usage Type	Fixed Line ISP
ASN	AS139409
Domain Name	jernihmultikomunikasi.net.id
Country	🇮🇩 Indonesia
City	Sragen, Central Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.143.196.250

Whois 103.143.196.250

IP Abuse Reports for 103.143.196.250:

This IP address has been reported a total of 13 times from 10 distinct sources. 103.143.196.250 was first reported on May 21st 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Vegascosmetics	2026-06-12 06:45:48 (1 day ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security	DDoS Attack Hacking Exploited Host
🇮🇩 hermawan	2026-06-11 11:33:35 (2 days ago)	06/11/2026-18:33:31.813677 [Drop] [] [1:366:11] Suricata PROTOCOL-ICMP PING Unix [] [Classifica ... show more 06/11/2026-18:33:31.813677 [Drop] [] [1:366:11] Suricata PROTOCOL-ICMP PING Unix [] [Classification: Misc activity] [Priority: 3] {ICMP} 103.143.196.250:8 -> 103.166.156.58:0 ... show less	Email Spam Hacking
🇺🇸 TPI-Abuse	2026-06-07 15:53:03 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 103.143.196.250 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 103.143.196.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 11:52:48.481433 2026] [security2:error] [pid 20619:tid 20619] [client 103.143.196.250:58549] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|homebuilt.org\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "homebuilt.org"] [uri "/vendors/p&e/[email protected]"] [unique_id "aiWT0C5Rv_q11nZmO6RS_AAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (2 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: f33ea243-b344-42fe-b994-8adedb9f85ca	DDoS Attack
🇮🇹 A000Z	2026-05-15 23:08:08 (4 weeks ago)	Fail2Ban: 103.143.196.250 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/ ... show more Fail2Ban: 103.143.196.250 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 show less	Bad Web Bot
🇩🇪 EGP Abuse Dept	2026-05-02 01:11:18 (1 month ago)	Scraping webshop URLs (webshop.hofstede-optiek.nl), likely botnet drone	Bad Web Bot Exploited Host
🇬🇧 PeravixGroup	2026-04-29 22:31:09 (1 month ago)	Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aar ... show more Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aaran.cloud show less	Hacking Exploited Host
Anonymous	2026-04-29 06:30:46 (1 month ago)	Apr 29 02:30:43 localhost kernel: [105789627.074158] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:9 ... show more Apr 29 02:30:43 localhost kernel: [105789627.074158] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=103.143.196.250 DST=[mungedIP2] LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=12640 DF PROTO=TCP SPT=59649 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 Apr 29 02:30:43 localhost kernel: [105789627.074182] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=103.143.196.250 DST=[mungedIP2] LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=12640 DF PROTO=TCP SPT=59649 DPT=445 SEQ=604791972 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030201010402) Apr 29 02:30:46 localhost kernel: [105789630.084194] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=103.143.196.250 DST=[mungedIP2] LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=12841 DF PROTO=TCP SPT=59649 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 Apr 29 02:30:46 localhost kernel: [105789630.084229] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC= show less	Port Scan
🇮🇹 A000Z	2026-03-16 08:54:29 (2 months ago)	Fail2Ban: 103.143.196.250 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/ ... show more Fail2Ban: 103.143.196.250 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.95 Safari/537.36 QIHU 360SE show less	Bad Web Bot
Anonymous	2026-02-04 07:09:17 (4 months ago)	DDoS botnet 510.000+ IPs; URL with bing/trustpilot/githubhelp and %C2%A4 or \xc2\xa4. NEW 09/2025: a ... show more DDoS botnet 510.000+ IPs; URL with bing/trustpilot/githubhelp and %C2%A4 or \xc2\xa4. NEW 09/2025: amplification attacks via third-parties e.g. HTTP_USER_AGENT facebookexternalhit/meta-externalagent/meta-externalfetcher or IPs from googleusercontent.com with fake HTTP_REFERER foxnews.com/newsweek.com/upwork.com/activision.com/... Port 443. show less	DDoS Attack Bad Web Bot Web App Attack
🇮🇹 VHosting	2025-12-23 11:23:27 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇮🇩 hermawan	2025-07-21 23:28:29 (10 months ago)	[Tue Jul 22 06:28:26.037991 2025] [security2:error] [pid 209180:tid 139735991318208] [client 103.143 ... show more [Tue Jul 22 06:28:26.037991 2025] [security2:error] [pid 209180:tid 139735991318208] [client 103.143.196.250:33650] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "myactivity.google.com" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "461"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: myactivity.google.com found within REQUEST_HEADERS:Referer: https://myactivity.google.com/ request_line = GET /images/Klimatologi/Prakiraan/03-Prakiraan-Bulanan/Prakiraan_Sifat_Hujan_Bulanan/Prakiraan_Sifat_Hujan_Bulanan_Provinsi_Jawa_Timur/2025/02_FEBRUARI_2025/03_Prakiraan_Sifat_Hujan_Bulan_JUNI_2025_di_Provinsi_Jawa_Timur-Update_dari_Analisis_Bulan_Februari_2025.jpg HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/Klimatologi/Prakiraan/03-Prakiraan-Bulanan/Prakiraan_Sifat_Hujan_Bulanan/Prakiraan_Sifat_Hujan_Bulanan_Provinsi_Jawa_Timur/2025/02_FEBRUARI_2025/03_Praki ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-05-21 18:00:47 (1 year ago)	[Thu May 22 00:59:46.368566 2025] [security2:error] [pid 220044:tid 140247108105920] [client 103.143 ... show more [Thu May 22 00:59:46.368566 2025] [security2:error] [pid 220044:tid 140247108105920] [client 103.143.196.250:37010] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "myactivity.google.com" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.14.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "439"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: myactivity.google.com found within REQUEST_HEADERS:Referer: https://myactivity.google.com/ request_line = GET /images/Klimatologi/Prakiraan/03-Prakiraan-Bulanan/Prakiraan_Sifat_Hujan_Bulanan/Prakiraan_Sifat_Hujan_Bulanan_Provinsi_Jawa_Timur/2025/02_FEBRUARI_2025/03_Prakiraan_Sifat_Hujan_Bulan_JUNI_2025_di_Provinsi_Jawa_Timur-Update_dari_Analisis_Bulan_Februari_2025.jpg HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/Klimatologi/Prakiraan/03-Prakiraan-Bulanan/Prakiraan_Sifat_Hujan_Bulanan/Prakiraan_Sifat_Hujan_Bulanan_Provinsi_Jawa_Timur/2025/02_FEBRUARI_2025/03_Praki ... show less	Hacking Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 52.140.76.154

🇳🇱 160.119.71.12

🇺🇸 150.107.38.192

🇺🇸 70.91.135.181

🇭🇰 43.161.217.205

🇬🇧 35.203.210.153

🇫🇷 217.128.163.121

🇫🇷 85.217.140.38

🇳🇱 45.148.10.152

🇮🇩 34.101.98.53

🇸🇬 34.21.182.52

🇳🇱 5.61.209.92

🇮🇹 2a02:b021:f02:74b7:cc3c:9582:59a2:1c59

🇬🇧 195.206.182.197

🇺🇸 165.154.172.152

🇺🇸 91.230.168.248

🇸🇬 47.84.136.36

🇩🇪 46.224.200.131

🇷🇴 2.57.122.177

🇳🇱 195.178.110.199