JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 118.99.125.135

118.99.125.135 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 12%: ?

12%

ISP	Biznet Networks
Usage Type	Fixed Line ISP
ASN	AS17451
Domain Name	biznetnetworks.com
Country	🇮🇩 Indonesia
City	Malang, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 118.99.125.135

Whois 118.99.125.135

IP Abuse Reports for 118.99.125.135:

This IP address has been reported a total of 15 times from 2 distinct sources. 118.99.125.135 was first reported on June 4th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-06-17 09:03:37 (1 week ago)	Captured JA4H: ge20c_41f2a4a3d3e8 \| Log: 118.99.125.135 - - [17/Jun/2026:16:02:32 +0700] "GET /b/bul ... show more Captured JA4H: ge20c_41f2a4a3d3e8 \| Log: 118.99.125.135 - - [17/Jun/2026:16:02:32 +0700] "GET /b/bulanan.pdf HTTP/2.0" 200 4005779 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Mobile Safari/537.36" ge20c_sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,upgrade-insecure-requests,user-agent,accept,sec-fetch-site,sec-fetch-mode,sec-fetch-dest,accept-encoding,accept-language,cookie,if-modified-since,priority,host... ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-17 01:53:03 (1 week ago)	[Wed Jun 17 08:53:03.223549 2026] [security2:error] [pid 1334446:tid 139998491825856] [client 118.99 ... show more [Wed Jun 17 08:53:03.223549 2026] [security2:error] [pid 1334446:tid 139998491825856] [client 118.99.125.135:63016] ModSecurity: Access denied with code 403 (phase 1). Pattern match "((?:(?:[!-\\\\+\\\\-:->@\\\\[\\\\]\\\\^`\\\\{-~]\|\\\\x{c2}\\\\x{b4}\|\\\\x{e2}\\\\x80[\\\\x98\\\\x99])[^!-\\\\+\\\\-:->@\\\\[\\\\]\\\\^`\\\\{-~]*?){8})" at REQUEST_COOKIES:cfzs_google-analytics_v4. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "4249"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (8)"] [data "Matched Data: {\\x220bd2_pageviewCounter\\x22:{\\x22v\\x22: found within REQUEST_COOKIES:cfzs_google-analytics_v4: {\\x220bd2_pageviewCounter\\x22:{\\x22v\\x22:\\x222\\x22},\\x220bd2_conversionCounter\\x22:{\\x22v\\x22:\\x222\\x22}} Matched Data ARGS charset: - Matched Data TX.1: {\\x220bd2_pageviewCounter\\x22:{\\x22v\\x22: found within Content-Type multipart form Matched Data: {\\x220bd2_ ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-17 00:46:44 (1 week ago)	[Wed Jun 17 07:46:44.565376 2026] [authz_core:error] [pid 1298154:tid 139771320981184] [client 118.9 ... show more [Wed Jun 17 07:46:44.565376 2026] [authz_core:error] [pid 1298154:tid 139771320981184] [client 118.99.125.135:25043] AH01630: client denied by server configuration: /var/www/administrator/index.php [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1298156] [D57JZOidiDw] [ajHudPgPcRH4YfJ2N0q5rwAAhwE] keep_alive=[1] [2026-06-17 07:46:44.565379] [R:ajHudPgPcRH4YfJ2N0q5rwAAhwE] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:151.0) Gecko/20100101 Firefox/151.0' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' Accept-Encoding:'gzip, deflate, br, zstd Accept-Language:'en-US,en;q=0.9 Upgrade-Insecure-Requests:'1 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-15 14:46:39 (1 week ago)	[Mon Jun 15 21:46:34.545557 2026] [security2:error] [pid 256111:tid 139624711976640] [client 118.99. ... show more [Mon Jun 15 21:46:34.545557 2026] [security2:error] [pid 256111:tid 139624711976640] [client 118.99.125.135:58520] ModSecurity: Access denied with code 403 (phase 1). Invalid URL Encoding: Non-hexadecimal digits used at TX:2. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1094"] [id "920220"] [msg "URL Encoding Abuse Attack Attempt"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: /adminer-5.4.2.php?server=&username=kangsetwe3ploso&db=karangploso&select=bpoq1_content&where[0][op]=LIKE+%25%25&where[0][val]=katam found within TX:2: ?server=&username=kangsetwe3ploso&db=karangploso&select=bpoq1_content&where[0][op]=LIKE %%&where[0][val]=katam request_line = GET /adminer-5.4.2.php?server=&username=kangsetwe3ploso&db=karangploso&select=bpoq1_content&where[0][op]=LIKE+%25%25&where[0]..."] [severity "CRITICAL"] [ver "OWASP_CRS/4.10.0"] [tag "application-multi"] [tag "language-multi ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-15 08:46:11 (2 weeks ago)	2026-06-15T15:46:07.784228+07:00 staklim-malang sshd[912588]: error: PAM: Authentication failure for ... show more 2026-06-15T15:46:07.784228+07:00 staklim-malang sshd[912588]: error: PAM: Authentication failure for root from 118.99.125.135 2026-06-15T15:46:07.784680+07:00 staklim-malang sshd[912588]: Failed keyboard-interactive/pam for root from 118.99.125.135 port 25784 ssh2 2026-06-15T15:46:07.784804+07:00 staklim-malang sshd[912588]: error: maximum authentication attempts exceeded for root from 118.99.125.135 port 25784 ssh2 [preauth] ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-11 00:40:07 (2 weeks ago)	[Thu Jun 11 07:40:03.942116 2026] [authz_core:error] [pid 1037732:tid 139786059671232] [client 118.9 ... show more [Thu Jun 11 07:40:03.942116 2026] [authz_core:error] [pid 1037732:tid 139786059671232] [client 118.99.125.135:12198] AH01630: client denied by server configuration: /var/www/administrator [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1037757] [pRvcmS/GUqI] [aioD40hmE1_hVRwdZVJ0FQACABg] keep_alive=[1] [2026-06-11 07:40:03.942121] [R:aioD40hmE1_hVRwdZVJ0FQACABg] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:151.0) Gecko/20100101 Firefox/151.0' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' Accept-Encoding:'gzip, deflate, br, zstd Accept-Language:'en-US,en;q=0.9 Upgrade-Insecure-Requests:'1 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-10 08:58:37 (2 weeks ago)	[Wed Jun 10 15:58:36.979776 2026] [security2:error] [pid 370380:tid 140281635616448] [client 118.99. ... show more [Wed Jun 10 15:58:36.979776 2026] [security2:error] [pid 370380:tid 140281635616448] [client 118.99.125.135:30252] ModSecurity: Access denied with code 403 (phase 2). Match of "endsWith .%{request_headers.host}" against "TX:rfi_parameter_ARGS:jform[link]" required. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "177"] [id "931134"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data " Matched Data ARGS charset: - Matched Data TX.1: wbs.bmkg.go.id found within Content-Type multipart form Matched Data: https://wbs.bmkg.go.id/ found within TX:rfi_parameter_ARGS:jform[link]: .wbs.bmkg.go.id request_line = POST /administrator/index.php?option=com_menus&view=item&client_id=0&layout=edit&id=1741 HTTP/2.0 Request URI RAW = /administrator/index.php?option=com_menus&view=item&client_id=0&layout=edit&id=1741 Request Basename = index.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-10 01:04:36 (2 weeks ago)	06/10/2026-08:04:32.136275 [Drop] [] [1:921373:1] Suricata Dibuat Gemini TCP SYN port scanner - W ... show more 06/10/2026-08:04:32.136275 [Drop] [] [1:921373:1] Suricata Dibuat Gemini TCP SYN port scanner - Win 65535 [**] [Classification: (null)] [Priority: 3] {TCP} 118.99.125.135:34627 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-09 06:36:49 (2 weeks ago)	06/09/2026-13:36:45.242906 [Drop] [] [1:2210044:2] SURICATA STREAM Packet with invalid timestamp ... show more 06/09/2026-13:36:45.242906 [Drop] [] [1:2210044:2] SURICATA STREAM Packet with invalid timestamp [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 118.99.125.135:21108 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-09 03:26:17 (2 weeks ago)	[Tue Jun 09 10:26:13.951434 2026] [security2:error] [pid 159230:tid 140246147598016] [client 118.99. ... show more [Tue Jun 09 10:26:13.951434 2026] [security2:error] [pid 159230:tid 140246147598016] [client 118.99.125.135:3280] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:^\|b[\\"'\\\\)\\\\[\\\\x5c](?:(?:(?:\\\\\|\\\\\|\|&&)[\\\\s\\\\x0b])?\\\\$[!#\\\$\\\\\\\\-0-9\\\\?@_a-\\\\{])?\\\\x5c?u[\\"'\\\$\\\\[\\\\x5c](?:(?:(?:\\\\\|\\\\\|\|&&)[\\\\s\\\\x0b])?\\\\$[!#\\\$\\\\\\\\-0-9\\\\?@_a-\\\\{])?\\\\x5c?s[\\"'\\\$\\\\[\\\\x5c](?:(?:(?:\\\\\|\\\\\|\|&&)[\\\\s\\\\x0b])?\\\\$[!#\\\\(\\\\*\\\\-0- ..." at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "3256"] [id "932350"] [msg "Remote Command Execution: Direct Unix Command Execution (No Arguments)"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: =top found within REQUEST_HEADERS:Referer: https://staklim-jatim.bmkg.go.id/administrator/index.php?option=com_menus&view=items&menutype=top ... show less	Email Spam Hacking
🇮🇪 RoboSOC	2026-06-08 15:16:33 (2 weeks ago)	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	Port Scan
🇮🇩 hermawan	2026-06-08 04:55:47 (3 weeks ago)	Captured JA4H: ge20c_8371614dba5e \| Log: 118.99.125.135 - - [08/Jun/2026:11:55:39 +0700] "GET /offli ... show more Captured JA4H: ge20c_8371614dba5e \| Log: 118.99.125.135 - - [08/Jun/2026:11:55:39 +0700] "GET /offline-service-worker-19-02-2025.js HTTP/2.0" 200 2635 "https://staklim-jatim.bmkg.go.id/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/15E148 Safari/604.1" ge20c_user-agent,dnt,accept,sec-fetch-site,sec-fetch-mode,sec-fetch-dest,sec-fetch-storage-access,referer,accept-encoding,accept-language,cookie,priority,host... ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-04 13:22:22 (3 weeks ago)	[Thu Jun 04 20:22:18.817285 2026] [security2:error] [pid 254254:tid 139764490524352] [client 118.99. ... show more [Thu Jun 04 20:22:18.817285 2026] [security2:error] [pid 254254:tid 139764490524352] [client 118.99.125.135:46268] ModSecurity: Access denied with code 403 (phase 2). Operator GT matched 1048576 at FILES_COMBINED_SIZE. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1827"] [id "920410"] [msg "Total uploaded files size too large"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: /administrator/index.php?option found within FILES_COMBINED_SIZE: 1448095 request_line = POST /administrator/index.php?option=com_installer&view=install HTTP/2.0 Request URI RAW = /administrator/index.php?option=com_installer&view=install Request Basename = index.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.26.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/ ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-04 10:31:58 (3 weeks ago)	[Thu Jun 04 17:31:54.484923 2026] [authz_core:error] [pid 160348:tid 140506777482944] [client 118.99 ... show more [Thu Jun 04 17:31:54.484923 2026] [authz_core:error] [pid 160348:tid 140506777482944] [client 118.99.125.135:46740] AH01630: client denied by server configuration: /var/www/administrator/index.php [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[160374] [SLGQDWvsxWc] [aiFUGoOSnUA5ePI8AB7XlgAAhgc] keep_alive=[1] [2026-06-04 17:31:54.484926] [R:aiFUGoOSnUA5ePI8AB7XlgAAhgc] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:151.0) Gecko/20100101 Firefox/151.0' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' Accept-Encoding:'gzip, deflate, br, zstd Accept-Language:'en-US,en;q=0.9 Upgrade-Insecure-Requests:'1 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-04 02:47:21 (3 weeks ago)	[Thu Jun 04 09:47:18.304478 2026] [security2:error] [pid 151643:tid 140066852689600] [client 118.99. ... show more [Thu Jun 04 09:47:18.304478 2026] [security2:error] [pid 151643:tid 140066852689600] [client 118.99.125.135:7494] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Microsoft" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "254"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Microsoft found within REQUEST_HEADERS:User-Agent: Microsoft Office Word 2014 request_line = HEAD /index.php/publik/hasil-survey/4252-hasil-indeks-kepuasan-masyarakat-tahun-2023 HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/publik/hasil-survey/4252-hasil-indeks-kepuasan-masyarakat-tahun-2023"] [unique_id "aiDnNqKvZLCsWSLHn62HWwAAAIk"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[151679] [120DkGRczBE] [aiDnNqKvZLCsWSLHn62HWwAAAIk] keep_alive=[0] [2026-06-04 09:47:18.304484] [R:aiDnNqKvZLCsWSLHn62HWwAAAIk] UA:'Microsoft Office Word 2014' Host ... show less	Email Spam Hacking

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 103.175.49.165

🇳🇱 45.148.10.239

🇺🇸 20.171.206.176

🇸🇬 165.154.200.214

🇩🇪 139.59.146.150

🇮🇩 125.166.94.73

🇸🇬 103.189.234.57

🇺🇸 66.132.172.117

🇮🇩 49.0.24.107

🇺🇸 192.3.53.240

🇺🇸 172.86.119.208

🇺🇸 148.105.15.200

🇩🇪 116.203.72.76

🇭🇰 114.111.52.109

🇺🇸 64.62.197.125

🇳🇱 45.148.10.152

🇬🇭 41.242.115.83

🇸🇬 13.212.75.158

🇮🇹 4.232.93.183

🇺🇸 209.141.43.146