JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 125.164.16.138

125.164.16.138 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 0%: ?

ISP	PT TELKOM INDONESIA
Usage Type	Fixed Line ISP
ASN	AS7713
Domain Name	telkom.co.id
Country	🇮🇩 Indonesia
City	Malang, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 125.164.16.138

Whois 125.164.16.138

IP Abuse Reports for 125.164.16.138:

This IP address has been reported a total of 29 times from 20 distinct sources. 125.164.16.138 was first reported on February 21st 2022, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 Sipo Chutão	2026-04-29 03:00:01 (1 month ago)	/aws-exports.json	Hacking
🇳🇱 homeshowdomain.nl	2026-04-23 22:00:26 (2 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-04-22. show less	Web App Attack SSH Hacking
🇪🇸 IT Infraestructura	2026-04-23 04:59:00 (2 months ago)	Illegal Resource Access Request blocked to URL: /.htaccess(GET)	Bad Web Bot
🇺🇸 Mundo Bueno	2026-04-23 00:38:59 (2 months ago)	[ISILIA Protection v2.1] Tentative d'accès: /phpinfo.php \| Pays: ID \| UA: Mozilla/5.0 (X11; Linux x8 ... show more [ISILIA Protection v2.1] Tentative d'accès: /phpinfo.php \| Pays: ID \| UA: Mozilla/5.0 (X11; Linux x86_64) CrackEnv/1.2 show less	Hacking Web App Attack
🇺🇸 kosada.com	2026-04-23 00:08:53 (2 months ago)	Web vulnerability probing: /phpinfo.php	Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 21:47:06 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 17:46:59.093161 2026] [security2:error] [pid 2322242:tid 2322242] [client 125.164.16.138:18363] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gh057.io"] [uri "/.htaccess"] [unique_id "aelB0yTToVqMzywzn3kZ1AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 21:31:34 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 17:31:30.174451 2026] [security2:error] [pid 15380:tid 15380] [client 125.164.16.138:24956] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.firstlegend.info"] [uri "/.env"] [unique_id "aek-MoLOGUTDetddaQ57eAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 21:15:04 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 17:14:58.400946 2026] [security2:error] [pid 2772186:tid 2772186] [client 125.164.16.138:5550] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stocks.nautos-usa.com"] [uri "/.env"] [unique_id "aek6UjgQmMWG-C-M4cJqCgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-04-22 21:12:05 (2 months ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 20:57:30 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 16:57:25.440951 2026] [security2:error] [pid 3089253:tid 3089253] [client 125.164.16.138:2321] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.verenacastle.com"] [uri "/.htaccess"] [unique_id "aek2NejkvPO7Nb_GcO5dfgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 20:03:42 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 16:03:35.697805 2026] [security2:error] [pid 2238:tid 2238] [client 125.164.16.138:32937] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gadgeteer.net"] [uri "/.env"] [unique_id "aekpl718CGq6gYr_sIPEUQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 19:42:54 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 15:42:47.801022 2026] [security2:error] [pid 1714704:tid 1714704] [client 125.164.16.138:26419] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.lobibilisim.com"] [uri "/.env"] [unique_id "aekkt166DPlfltD_aaDErwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-22 19:33:57 (2 months ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
🇩🇪 betternews.app	2026-04-22 14:47:15 (2 months ago)	"a web request contained keyword "aws"; Suspicious URL: /aws-exports.json"	Web Spam Blog Spam Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 12:42:04 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 125.164.16.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 08:41:56.017148 2026] [security2:error] [pid 17538:tid 17552] [client 125.164.16.138:31377] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "luxury.management"] [uri "/.env"] [unique_id "aejCFOJmCz0nIwbsBNzrSAAAAQw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.99

🇩🇪 194.187.176.104

🇨🇳 120.48.75.127

🇻🇳 103.61.123.132

🇳🇱 62.163.172.93

🇸🇬 47.84.160.127

🇦🇷 200.89.159.59

🇧🇪 198.235.24.242

🇺🇸 193.36.225.183

🇬🇧 188.240.59.24

🇧🇴 181.115.175.103

🇨🇳 120.55.195.75

🇺🇸 107.151.204.88

🇸🇬 68.178.167.214

🇯🇵 43.165.167.72

🇹🇭 223.205.7.126

🇩🇪 185.242.3.195

🇺🇸 152.32.235.206

🇮🇳 128.185.33.227

🇻🇳 118.70.239.231