JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.159.195.13

103.159.195.13 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 28%: ?

28%

ISP	PT Giga Digital Nusantara
Usage Type	Fixed Line ISP
ASN	AS141145
Domain Name	giganet.co.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.159.195.13

Whois 103.159.195.13

IP Abuse Reports for 103.159.195.13:

This IP address has been reported a total of 16 times from 11 distinct sources. 103.159.195.13 was first reported on June 13th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-05-31 04:57:16 (1 week ago)	[Sun May 31 11:57:15.424892 2026] [security2:error] [pid 863350:tid 140573473138368] [client 103.159 ... show more [Sun May 31 11:57:15.424892 2026] [security2:error] [pid 863350:tid 140573473138368] [client 103.159.195.13:36676] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.baidu.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.baidu.go.id found within REQUEST_HEADERS:Referer: http://www.baidu.go.id/ request_line = GET /index.php/analisis-iklim/analisis-musim/perbandingan-musim-kemarau/perbandingan-awal-musim-kemarau-dengan-normalnya HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/analisis-iklim/analisis-musim/perbandingan-musim-kemarau/perbandingan-awal-musim-kemarau-dengan-normalnya"] [unique_id "ahu_qwLiXxUuMlLgklutJAABQRg"], referer http://www.baidu.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[863375] [OWNh6dUk+PU] [ahu_qwLiXxUuMlLgklutJAABQRg] keep_alive=[1] [2026- ... show less	Email Spam Hacking
🇺🇸 MPL	2026-05-24 01:49:59 (2 weeks ago)	tcp/23 (2 or more attempts)	Port Scan
🇳🇱 EGP Abuse Dept	2026-05-24 01:27:36 (2 weeks ago)	Unauthorized connection to Telnet port 23	Port Scan Hacking
🇮🇩 hermawan	2026-05-14 14:29:07 (4 weeks ago)	05/14/2026-09:44:23.825286 [Drop] [] [1:2100000462:0] Suricata match TLS JA4 scan Uniq Zeek no 46 ... show more 05/14/2026-09:44:23.825286 [Drop] [] [1:2100000462:0] Suricata match TLS JA4 scan Uniq Zeek no 462 with hash_t12d1516h2_8daaf6152771_ea2cbcd64924 [**] [Classification: (null)] [Priority: 3] {TCP} 103.159.195.13:40073 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇹🇼 kk_it_man	2026-05-11 11:20:02 (1 month ago)	honey catch	Port Scan
🇺🇸 cybsecaoccol	2026-05-11 10:24:28 (1 month ago)	unauthorized connection or malicious port scan attempted on tcp port - corp	Port Scan Hacking
Anonymous	2026-05-02 08:29:26 (1 month ago)	Unauthorized connection attempt on Port 2323	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-03-26 14:05:59 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 103.159.195.13 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 103.159.195.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 10:05:53.780479 2026] [security2:error] [pid 27665:tid 27665] [client 103.159.195.13:63333] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rentkase.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rentkase.com"] [uri "/wp-json/wp/v2/users"] [unique_id "acU9QSeTegaaC2gWbkcZAAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-03-26 01:06:26 (2 months ago)	Unauthorized access to webpage admin	Web App Attack
🇩🇪 strxmpp	2026-03-25 23:09:49 (2 months ago)	103.159.195.13 - - [26/Mar/2026:00:09:47 +0100] "POST /xmlrpc.php HTTP/1.1" 404 3178 "-" "Mozilla/5. ... show more 103.159.195.13 - - [26/Mar/2026:00:09:47 +0100] "POST /xmlrpc.php HTTP/1.1" 404 3178 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36" ... show less	Bad Web Bot
🇳🇱 ipoac.nl	2026-03-25 02:05:19 (2 months ago)	-:443 103.159.195.13 - - [25/Mar/2026:03:05:17 +0100] - "POST /xmlrpc.php HTTP/1.1" 404 5852 "-" "Mo ... show more -:443 103.159.195.13 - - [25/Mar/2026:03:05:17 +0100] - "POST /xmlrpc.php HTTP/1.1" 404 5852 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/100.0.0.0 Safari/537.36" show less	Bad Web Bot
🇩🇪 EGP Abuse Dept	2026-03-22 02:42:29 (2 months ago)	Scanning for port/service exploits on tpc-036.mach3builders.nl	Port Scan Hacking
🇺🇸 sumnone	2025-03-25 13:38:35 (1 year ago)	Port probing on unauthorized port 445	Port Scan Hacking Exploited Host
🇮🇩 hermawan	2024-08-24 09:58:01 (1 year ago)	[Sat Aug 24 14:47:33.455595 2024] [security2:error] [pid 280213:tid 136891496138304] [client 103.159 ... show more [Sat Aug 24 14:47:33.455595 2024] [security2:error] [pid 280213:tid 136891496138304] [client 103.159.195.13:46612] [client 103.159.195.13] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].?[\\"'`]\|(?:\\\\r?\\\\n)?\\\\z\|[^\\"'`]+)\|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]?from\|(?:alter\|(?:(?:cre\|trunc\|upd)at\|renam)e\|d(?:e(?:lete\|sc)\|rop)\|(?:inser\|selec)t\|load)[\\\\s\\\\x0b]?\\\\([\\\\s\\\\x0b]?space[\\\\s\\\\x0b]?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.5.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "2147"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: , like Gecko) Version/4.0 Chrome/127.0.6533.103 Mobile Safari/537.36 OcIdWebView ({\\x22os\\x22:\\x22Android\\x22, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 14; SM-A055F Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) ... show less	Hacking Web App Attack
Anonymous	2024-06-24 07:00:05 (1 year ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇪 212.129.79.81

🇧🇷 205.210.31.232

🇧🇷 201.55.113.122

🇳🇱 195.178.110.162

🇻🇳 160.25.166.88

🇪🇸 154.70.207.29

🇮🇳 136.232.159.198

🇨🇳 124.31.241.10

🇮🇳 115.96.247.117

🇱🇾 102.211.7.162

🇧🇬 79.124.40.126

🇺🇸 64.62.197.41

🇳🇱 45.198.224.145

🇧🇷 45.164.251.67

🇨🇳 43.240.157.140

🇧🇪 198.235.24.217

🇪🇬 195.43.2.67

🇩🇪 194.88.98.83

🇮🇩 180.247.61.189

🇧🇷 177.92.162.242