JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 125.166.117.130

125.166.117.130 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 28%: ?

28%

ISP	PT TELKOM INDONESIA
Usage Type	Fixed Line ISP
ASN	AS7713
Domain Name	telkom.co.id
Country	🇮🇩 Indonesia
City	Jember, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 125.166.117.130

Whois 125.166.117.130

IP Abuse Reports for 125.166.117.130:

This IP address has been reported a total of 16 times from 11 distinct sources. 125.166.117.130 was first reported on December 17th 2021, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 ByeByte API	2026-06-18 02:12:55 (3 days ago)	byebyte.space auth: TCP packet to port 1433 (MSSQL) at 2026-06-18T02:12:54Z. Source port 18472. TCP ... show more byebyte.space auth: TCP packet to port 1433 (MSSQL) at 2026-06-18T02:12:54Z. Source port 18472. TCP flags: SYN. Packet: 52B, TTL 116, window 8192, IP id 15514. Single packet, dropped at firewall. p0f: OS Windows 7 or 8 (exact match), 12 hops, link DSL. show less	Port Scan
🇳🇱 VMHeaven.io	2026-06-18 02:12:55 (3 days ago)	Blocked by UFW [1433/tcp] Source port: 14179 TTL: 116 Packet length: 52	Port Scan
🇳🇱 ByeByte API	2026-06-18 02:12:54 (3 days ago)	Port scan from this IP. Firewall dropped every packet. Targeted TCP ports: 1433. Single burst at 202 ... show more Port scan from this IP. Firewall dropped every packet. Targeted TCP ports: 1433. Single burst at 2026-06-18 02:12 UTC. show less	Port Scan
🇧🇷 diego	2026-06-14 08:03:23 (1 week ago)	[rede-top188] 06/14/2026-05:03:23.353464, 125.166.117.130, Protocol: 6, ET SCAN Suspicious inbound t ... show more [rede-top188] 06/14/2026-05:03:23.353464, 125.166.117.130, Protocol: 6, ET SCAN Suspicious inbound to MSSQL port 1433 show less	Hacking
🇷🇴 abuse_IP_reporter	2026-06-05 07:45:03 (2 weeks ago)	Jun 5 10:06:52 server UFW BLOCK SRC=125.166.117.130 DF PROTO=TCP SPT=32119	Port Scan
🇮🇩 hermawan	2025-10-05 13:34:22 (8 months ago)	[Sun Oct 05 20:33:45.532520 2025] [security2:error] [pid 2311674:tid 140074445432512] [client 125.16 ... show more [Sun Oct 05 20:33:45.532520 2025] [security2:error] [pid 2311674:tid 140074445432512] [client 125.166.117.130:27911] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i),.?[\\"'\\\\)0-9`-f][\\"'`](?:[\\"'`].?[\\"'`]\|(?:\\\\r?\\\\n)?\\\\z\|[^\\"'`]+)\|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]?from\|(?:alter\|(?:(?:cre\|trunc\|upd)at\|renam)e\|d(?:e(?:lete\|sc)\|rop)\|(?:inser\|selec)t\|load)[\\\\s\\\\x0b]?\\\\([\\\\s\\\\x0b]?space[\\\\s\\\\x0b]?\\\\(" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "2129"] [id "942200"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: , like Gecko) Mobile/15E148 OcIdWebView ({\\x22isDarkTheme\\x22:true, found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_1_1 like Mac OS X) AppleWebKit/605.1.15 (KH ... show less	Hacking Web App Attack
🇫🇷 security.rdmc.fr	2025-03-28 19:15:20 (1 year ago)	Port Scan Attack proto:TCP src:28546 dst:23	Port Scan
Anonymous	2025-03-27 14:18:15 (1 year ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
Anonymous	2025-03-27 07:16:34 (1 year ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇧🇷 diego	2024-09-14 15:42:17 (1 year ago)	[rede-164-29] 09/14/2024-12:42:17.120558, 125.166.117.130, Protocol: 6, ET SCAN Suspicious inbound t ... show more [rede-164-29] 09/14/2024-12:42:17.120558, 125.166.117.130, Protocol: 6, ET SCAN Suspicious inbound to mySQL port 3306 show less	Hacking
🇨🇳 ThreatBook.io	2023-03-28 23:45:14 (3 years ago)	ThreatBook Intelligence: Zombie more details on http://threatbook.io/ip/125.166.117.130 2023-03-28 1 ... show more ThreatBook Intelligence: Zombie more details on http://threatbook.io/ip/125.166.117.130 2023-03-28 14:12:12 / show less	Web App Attack
🇮🇩 hermawan	2022-09-16 11:24:56 (3 years ago)	[Fri Sep 16 22:24:55.033553 2022] [-:error] [pid 65815:tid 139850703210048] [client 125.166.117.130: ... show more [Fri Sep 16 22:24:55.033553 2022] [-:error] [pid 65815:tid 139850703210048] [client 125.166.117.130:18598] [client 125.166.117.130] ModSecurity: Access denied with code 403 (phase 1). Match of "pm www.google.com myactivity.google.com googleweblight.com applebot iPhone bingbot https://yandex.com/ https://www.google.com.tw facebookbot https://www.ecosia.org/ https://duckduckgo.com/ facebookcatalog facebookexternalhit Googlebot/2.1 http://www.googl ..." against "REQUEST_HEADERS:Referer" required. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "40"] [id "440067"] [msg "BAD Referer"] [data "Matched Data: staklim-jatim.bmkg.go.id found within REQUEST_HEADERS:Referer: https://www-suarasurabaya-net.cdn.ampproject.org/ request_line = GET /b/musim.pdf HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/b/musim.pdf"] [unique_id "YySVR_YoAJwp-JJ2z90l4AAA1AQ"], referer https://www-suarasurabaya-net.cdn.ampproject.org/ [stakl ... show less	Hacking Web App Attack
🇲🇾 syokadmin	2022-07-06 21:03:45 (3 years ago)	125.166.117.130 (ID/Indonesia/-), 2 distributed smtpauth attacks on account [[email protected]] in t ... show more 125.166.117.130 (ID/Indonesia/-), 2 distributed smtpauth attacks on account [[email protected]] in the last 3600 secs show less	Brute-Force
🇲🇾 syokadmin	2022-07-06 00:53:08 (3 years ago)	125.166.117.130 (ID/Indonesia/-), 2 distributed smtpauth attacks on account [[email protected]] in ... show more 125.166.117.130 (ID/Indonesia/-), 2 distributed smtpauth attacks on account [[email protected]] in the last 3600 secs show less	Brute-Force
🇩🇪 uestueno	2022-07-04 21:11:52 (3 years ago)	SMTP/SASL Bruteforce	Brute-Force

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 167.99.242.167

🇻🇳 103.172.78.123

🇮🇷 2.180.214.252

🇦🇷 153.67.15.102

🇮🇳 152.52.196.134

🇺🇸 135.237.123.203

🇨🇳 101.96.203.52

🇬🇧 87.236.176.241

🇺🇸 74.197.220.5

🇺🇸 66.132.172.245

🇺🇸 3.85.167.215

🇨🇦 68.183.193.242

🇺🇸 40.124.175.75

🇵🇱 31.41.81.65

🇻🇳 27.79.43.95

🇮🇳 20.244.20.183

🇺🇸 18.215.181.94

🇰🇷 210.217.96.217

🇦🇷 186.122.177.140

🇺🇦 185.78.239.27