JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 125.166.118.193

125.166.118.193 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 62%: ?

62%

ISP	PT TELKOM INDONESIA
Usage Type	Fixed Line ISP
ASN	AS7713
Domain Name	telkom.co.id
Country	🇮🇩 Indonesia
City	Jember, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 125.166.118.193

Whois 125.166.118.193

IP Abuse Reports for 125.166.118.193:

This IP address has been reported a total of 30 times from 19 distinct sources. 125.166.118.193 was first reported on October 23rd 2021, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-26 08:38:31 (16 hours ago)	(mod_security) mod_security (id:240335) triggered by 125.166.118.193 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 125.166.118.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 04:38:23.057545 2026] [security2:error] [pid 18950:tid 18950] [client 125.166.118.193:9870] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.166.118.193 (+1 hits since last alert)\|varnadorefamily.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "varnadorefamily.com"] [uri "/xmlrpc.php"] [unique_id "aj46f8SmQ77_6rtB2CFOfQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-26 08:09:40 (16 hours ago)	[redacted] 125.166.118.193 - - [26/Jun/2026:10:08:57 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ... show more [redacted] 125.166.118.193 - - [26/Jun/2026:10:08:57 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.3; http://site43960995.com" [redacted] 125.166.118.193 - - [26/Jun/2026:10:09:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" [redacted] 125.166.118.193 - - [26/Jun/2026:10:09:18 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 125.166.118.193 - - [26/Jun/2026:10:09:28 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 125.166.118.193 - - [26/Jun/2026:10:09:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
Anonymous	2026-06-26 07:02:41 (17 hours ago)	125.166.118.193 - - [26/Jun/2026:09:02:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by ... show more 125.166.118.193 - - [26/Jun/2026:09:02:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com" 125.166.118.193 - - [26/Jun/2026:09:02:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com" 125.166.118.193 - - [26/Jun/2026:09:02:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com" 125.166.118.193 - - [26/Jun/2026:09:02:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com" 125.166.118.193 - - [26/Jun/2026:09:02:40 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com" ... show less	Brute-Force Web App Attack
🇺🇸 Dave Hansen	2026-06-26 06:51:20 (18 hours ago)	(wordpress) Failed wordpress login from 125.166.118.193 (ID/Indonesia/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-26 04:01:45 (20 hours ago)	(mod_security) mod_security (id:240335) triggered by 125.166.118.193 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 125.166.118.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 00:01:40.222753 2026] [security2:error] [pid 24735:tid 24735] [client 125.166.118.193:16046] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.166.118.193 (2+1 hits since last alert)\|nypatriotcards.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nypatriotcards.com"] [uri "/xmlrpc.php"] [unique_id "aj35pK073tHOtHnH9kxBkgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-06-26 03:15:24 (21 hours ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS	Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 02:59:06 (21 hours ago)	(mod_security) mod_security (id:240335) triggered by 125.166.118.193 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 125.166.118.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 22:59:02.795697 2026] [security2:error] [pid 19090:tid 19090] [client 125.166.118.193:12201] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.166.118.193 (+1 hits since last alert)\|stop902.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stop902.org"] [uri "/xmlrpc.php"] [unique_id "aj3q9qJpvmOWDHqq1TouAgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 01:57:04 (22 hours ago)	(mod_security) mod_security (id:240335) triggered by 125.166.118.193 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 125.166.118.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 21:56:58.408886 2026] [security2:error] [pid 28021:tid 28021] [client 125.166.118.193:10994] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 125.166.118.193 (+1 hits since last alert)\|starvationacres.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "starvationacres.us"] [uri "/xmlrpc.php"] [unique_id "aj3cavyn3NsuyDq_RNkaKgAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 Dunham Support	2026-06-25 09:13:31 (1 day ago)	(wordpress) Failed wordpress login from 125.166.118.193 (ID/Indonesia/-)	Brute-Force
🇩🇪 big-cloud.nl	2026-06-25 08:00:04 (1 day ago)	Try to access /xmlrpc.php	Web App Attack
🇫🇷 masterguru	2026-06-25 06:58:45 (1 day ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇫🇷 dynamix	2026-06-25 05:26:25 (1 day ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-25 03:24:38 (1 day ago)		Bad Web Bot Web App Attack
Anonymous	2024-05-14 03:58:01 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-05-13 00:44:11 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 30 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2001:470:1:332::8a

🇫🇷 217.71.127.125

🇷🇺 176.96.191.107

🇺🇦 176.39.102.39

🇰🇷 175.198.62.180

🇺🇸 162.216.150.228

🇺🇸 100.24.17.12

🇫🇷 91.231.89.170

🇧🇾 81.30.98.142

🇺🇸 216.25.89.138

🇩🇪 213.176.114.39

🇵🇪 200.49.241.237

🇧🇷 189.90.55.246

🇮🇩 182.8.164.187

🇮🇪 109.79.157.66

🇮🇩 103.160.213.137

🇬🇧 35.203.210.79

🇧🇷 205.210.31.175

🇹🇼 198.235.24.123

🇬🇧 195.96.139.52