JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 125.166.1.111

125.166.1.111 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 15%: ?

15%

ISP	PT TELKOM INDONESIA
Usage Type	Fixed Line ISP
ASN	AS7713
Domain Name	telkom.co.id
Country	🇮🇩 Indonesia
City	Malang, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 125.166.1.111

Whois 125.166.1.111

IP Abuse Reports for 125.166.1.111:

This IP address has been reported a total of 14 times from 10 distinct sources. 125.166.1.111 was first reported on March 16th 2023, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Hiigara	2026-06-24 07:31:01 (4 hours ago)	connection attempt : 125.166.1.111 on port : tcp/1433 (MSSQL)	Port Scan
🇺🇸 thororen	2026-06-23 06:18:22 (1 day ago)	Blocked by UFW [135/tcp] Source port: 30233 TTL: 115 Packet length: 52 TOS: 0x00 This report was ge ... show more Blocked by UFW [135/tcp] Source port: 30233 TTL: 115 Packet length: 52 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇮🇩 hermawan	2025-05-11 08:25:17 (1 year ago)	[Sun May 11 15:24:47.202083 2025] [security2:error] [pid 1022052:tid 140597012686528] [client 125.16 ... show more [Sun May 11 15:24:47.202083 2025] [security2:error] [pid 1022052:tid 140597012686528] [client 125.166.1.111:20274] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "themes" at REQUEST_FILENAME. [file "/etc/modsecurity/coreruleset-4.14.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "52"] [id "448101"] [msg "BAD REQUEST FILENAME - Detected and Blocked"] [data "Matched Data: themes found within REQUEST_FILENAME: /TableFilter/TF_Themes/Default/TF_Default.css request_line = GET /TableFilter/TF_Themes/Default/TF_Default.css HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/TableFilter/TF_Themes/Default/TF_Default.css"] [unique_id "aCBez49CRrCbD-Jh9nG9nwAAbgc"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1022060] [1Jym7o/5/VU] [aCBez49CRrCbD-Jh9nG9nwAAbgc] keep_alive=[1] [2025-05-11 15:24:47.202089] [R:aCBez49CRrCbD-Jh9nG9nwAAbgc] UA:'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Mob ... show less	Hacking Web App Attack
Anonymous	2024-11-10 05:06:16 (1 year ago)	wordpress-trap	Web App Attack
🇨🇳 ThreatBook.io	2024-07-27 22:48:49 (1 year ago)	ThreatBook Intelligence: Zombie more details on http://threatbook.io/ip/125.166.1.111 2024-07-27 08: ... show more ThreatBook Intelligence: Zombie more details on http://threatbook.io/ip/125.166.1.111 2024-07-27 08:51:17 ["enable","system","shell","sh","cat /proc/mounts; /bin/busybox YOGWW"] show less	Brute-Force
Anonymous	2024-07-27 09:51:16 (1 year ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇸🇪 webbfabriken	2024-07-27 00:51:47 (1 year ago)	spam or other hacking activities reported by webbfabriken security servers Attack reported by Webbf ... show more spam or other hacking activities reported by webbfabriken security servers Attack reported by Webbfabiken Security API - WFSecAPI show less	Web Spam
🇳🇱 EGP Abuse Dept	2024-03-22 07:07:33 (2 years ago)	Unauthorized connection to proxy port 8080	Port Scan Hacking
Anonymous	2024-03-22 05:28:07 (2 years ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇮🇩 hermawan	2023-07-06 14:59:33 (2 years ago)	Jul 6 21:59:31 staklim-malang sshd[13015]: error: PAM: Authentication failure for root from 125.166 ... show more Jul 6 21:59:31 staklim-malang sshd[13015]: error: PAM: Authentication failure for root from 125.166.1.111 Jul 6 21:59:31 staklim-malang sshd[13015]: Failed keyboard-interactive/pam for root from 125.166.1.111 port 15173 ssh2 Jul 6 21:59:31 staklim-malang sshd[13015]: error: maximum authentication attempts exceeded for root from 125.166.1.111 port 15173 ssh2 [preauth] ... show less	Hacking Brute-Force
🇮🇩 hermawan	2023-07-06 12:18:39 (2 years ago)	[Thu Jul 06 19:18:36.974848 2023] [security2:error] [pid 620029:tid 139894292653632] [client 125.166 ... show more [Thu Jul 06 19:18:36.974848 2023] [security2:error] [pid 620029:tid 139894292653632] [client 125.166.1.111:8224] [client 125.166.1.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:[\\"'`](?:\\\\s?(?:(?:between\|x?or\|and\|div)[\\\\w\\\\s-]+\\\\s?[+<>=(),-]\\\\s?[\\\\d\\"'`]\|like(?:[\\\\w\\\\s-]+\\\\s?[+<>=(),-]\\\\s?[\\\\d\\"'`]\|\\\\W+[\\\\w\\"'`(])\|[!=\|](?:[\\\\d\\\\s!=+-]+.?[\\"'`(].?\|[\\\\d\\\\s!=]+.?\\\\d+)$\|[^\\\\w\\\\s]?=\\\\s?[\\"'`])\|(?:\\\\W?[+=]+\\\\W*?\|[<>~] ..." at REQUEST_COOKIES:_pk_cvar.3.4ae3. [file "/etc/modsecurity/coreruleset-3.3.4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "754"] [id "942180"] [msg "Detects basic SQL authentication bypass attempts 1/3"] [data "Matched Data: \\x22ormal (6 found within REQUEST_COOKIES:_pk_cvar.3.4ae3: {\\x221\\x22:[\\x22SW OneSignal Installing quota\\x22,\\x22SW OneSignal Installing Terunduh = 0 bytes dari Total = 64024370380 bytes.\\x22],\\x223\\x22:[\\x22Largest Contentful Paint LCP\\x22 ... show less	Hacking Web App Attack
🇮🇩 hermawan	2023-07-05 15:19:27 (2 years ago)	[Wed Jul 05 22:19:25.875364 2023] [security2:error] [pid 94518:tid 140236151567936] [client 125.166. ... show more [Wed Jul 05 22:19:25.875364 2023] [security2:error] [pid 94518:tid 140236151567936] [client 125.166.1.111:18739] [client 125.166.1.111] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/coreruleset-3.3.4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1287"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php"] [unique_id "ZKWJ_ckwXUz21fvaCggyCgAAAO0"] [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[94657] [VhLW7P7XBKY] [ZKWJ_ckwXUz21fvaCggyCgAAAO0] keep_alive=[0] [2023-07-05 22:19:25.875367] [R:ZKWJ_ckwXUz21fvaCggyCgAAAO0] UA:'Mozilla/ ... show less	Hacking Web App Attack
🇮🇩 RasyiidWho	2023-04-10 10:09:52 (3 years ago)	ip112.20 . 2023-04-10 17:09:51 220065 [Warning] Access denied for user 'root'@'125.166.1.111' (using ... show more ip112.20 . 2023-04-10 17:09:51 220065 [Warning] Access denied for user 'root'@'125.166.1.111' (using password: NO) ... show less	DDoS Attack Port Scan Brute-Force Bad Web Bot Web App Attack SSH
🇮🇩 RasyiidWho	2023-03-16 14:08:21 (3 years ago)	ip112.20 . 2023-03-16 21:08:21 154308 [Warning] Access denied for user 'root'@'125.166.1.111' (using ... show more ip112.20 . 2023-03-16 21:08:21 154308 [Warning] Access denied for user 'root'@'125.166.1.111' (using password: NO) ... show less	DDoS Attack Port Scan Brute-Force Bad Web Bot Web App Attack SSH

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 44.192.48.170

🇩🇪 44.148.112.209

🇲🇽 38.58.66.244

🇰🇿 37.32.73.108

🇦🇪 20.46.45.121

🇨🇳 218.249.142.146

🇧🇪 178.51.100.177

🇮🇳 122.187.230.227

🇨🇳 111.26.167.36

🇹🇭 110.164.193.195

🇬🇧 81.19.219.198

🇵🇱 77.83.246.97

🇺🇸 67.214.181.56

🇳🇱 45.148.10.141

🇳🇱 34.178.21.247

🇦🇿 31.171.50.31

🇰🇬 217.29.22.13

🇺🇿 213.230.93.7

🇺🇿 213.230.93.3

🇺🇿 213.230.87.6