JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.66.128.172

157.66.128.172 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 61%: ?

61%

ISP	PT Lumajang Network Nusantara
Usage Type	Fixed Line ISP
ASN	AS136873
Domain Name	lumajangnetworknusantara.com
Country	🇮🇩 Indonesia
City	Jember, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.66.128.172

Whois 157.66.128.172

IP Abuse Reports for 157.66.128.172:

This IP address has been reported a total of 17 times from 13 distinct sources. 157.66.128.172 was first reported on March 7th 2026, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-10 01:02:56 (14 hours ago)	(mod_security) mod_security (id:240335) triggered by 157.66.128.172 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 157.66.128.172 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 21:02:49.777213 2026] [security2:error] [pid 1189:tid 1189] [client 157.66.128.172:52038] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.66.128.172 (+1 hits since last alert)\|lesdaniels.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lesdaniels.com"] [uri "/xmlrpc.php"] [unique_id "aii3ufcpFf2NCcVToQRgOQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 16:30:46 (1 day ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇵🇱 bmino.pl	2026-06-08 06:05:12 (2 days ago)	Autoban IP(2): 157.66.128.172 - Hostname: MEGADATA-ISP - City: Kraksaan - Region: East Java - Countr ... show more Autoban IP(2): 157.66.128.172 - Hostname: MEGADATA-ISP - City: Kraksaan - Region: East Java - Country: Indonesia - Location: - Organization: PT Lumajang Network Nusantara - failed attempts. show less	Brute-Force
Anonymous	2026-06-07 20:06:13 (2 days ago)	(smtpauth) Failed SMTP AUTH login from 157.66.128.172 (ID/Indonesia/-)	Brute-Force
🇳🇱 maxxsense	2026-06-07 20:05:13 (2 days ago)	(smtpauth) Failed SMTP AUTH login from 157.66.128.172 (ID/Indonesia/-)	Brute-Force
🇫🇮 notelseit	2026-06-07 14:18:33 (3 days ago)	2026-06-07T16:18:27.084057+02:00 mail postfix/smtps/smtpd[625164]: warning: unknown[157.66.128.172]: ... show more 2026-06-07T16:18:27.084057+02:00 mail postfix/smtps/smtpd[625164]: warning: unknown[157.66.128.172]: SASL PLAIN authentication failed: (reason unavailable), [email protected] 2026-06-07T16:18:33.189986+02:00 mail postfix/smtps/smtpd[625164]: warning: unknown[157.66.128.172]: SASL LOGIN authentication failed: (reason unavailable), [email protected] 2026-06-07T16:18:33.389748+02:00 mail postfix/smtps/smtpd[625164]: disconnect from unknown[157.66.128.172] ehlo=1 auth=0/2 commands=1/3 ... show less	Brute-Force Email Spam
🇦🇺 MAGIC	2026-06-07 00:26:03 (3 days ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇷🇴 INTEQ	2026-06-04 04:33:15 (6 days ago)	Web attack from 157.66.128.172	Web App Attack
🇫🇮 notelseit	2026-06-03 07:48:55 (1 week ago)	2026-06-03T09:48:54.197015+02:00 mail postfix/smtps/smtpd[3980972]: warning: unknown[157.66.128.172] ... show more 2026-06-03T09:48:54.197015+02:00 mail postfix/smtps/smtpd[3980972]: warning: unknown[157.66.128.172]: SASL PLAIN authentication failed: (reason unavailable), [email protected] 2026-06-03T09:48:54.197351+02:00 mail postfix/smtps/smtpd[3980970]: warning: unknown[157.66.128.172]: SASL PLAIN authentication failed: (reason unavailable), [email protected] 2026-06-03T09:48:54.595973+02:00 mail postfix/smtps/smtpd[3980970]: disconnect from unknown[157.66.128.172] ehlo=1 auth=0/2 commands=1/3 ... show less	Brute-Force Email Spam
🇺🇸 MPL	2026-05-24 03:32:31 (2 weeks ago)	tcp/23	Port Scan
🇺🇸 TPI-Abuse	2026-05-20 01:46:26 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 157.66.128.172 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 157.66.128.172 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 21:46:21.785181 2026] [security2:error] [pid 15207:tid 15207] [client 157.66.128.172:56083] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.66.128.172 (+1 hits since last alert)\|worshipconcert.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "worshipconcert.com"] [uri "/xmlrpc.php"] [unique_id "ag0SbVXv2q1udmKpwV6vbQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 01:54:15 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 157.66.128.172 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 157.66.128.172 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 18 21:54:08.612349 2026] [security2:error] [pid 30006:tid 30013] [client 157.66.128.172:52522] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.66.128.172 (+1 hits since last alert)\|rpiusa.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rpiusa.net"] [uri "/xmlrpc.php"] [unique_id "agvCwF6UueI5IZ4-E7N8fgAAAQI"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 hermawan	2026-05-18 13:54:57 (3 weeks ago)	[Mon May 18 20:46:22.641119 2026] [security2:error] [pid 95348:tid 140565308962496] [client 157.66.1 ... show more [Mon May 18 20:46:22.641119 2026] [security2:error] [pid 95348:tid 140565308962496] [client 157.66.128.172:55946] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/login" at REQUEST_FILENAME. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "130"] [id "448101"] [msg "BAD REQUEST FILENAME - Detected and Blocked"] [data "Matched Data: /login found within REQUEST_FILENAME: /login request_line = GET /login HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/login"] [unique_id "agsYLvbzMVpgVxcDeMjdxgAA1BE"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[95367] [Bc8qydcX3wc] [agsYLvbzMVpgVxcDeMjdxgAA1BE] keep_alive=[1] [2026-05-18 20:46:22.641121] [R:agsYLvbzMVpgVxcDeMjdxgAA1BE] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' COOKIE:'cf_clearance=FKB2kscru5GVo_y75p2s_B3b6eQZzIgcUsyaIKNm.SI-177 ... show less	Email Spam Hacking
Anonymous	2026-05-12 04:47:15 (4 weeks ago)	Attack Signature Blocked: /wishlist/index/add/product/13677/form_key/HIECaOhfHILeaPVm/ (Magento Site ... show more Attack Signature Blocked: /wishlist/index/add/product/13677/form_key/HIECaOhfHILeaPVm/ (Magento Site) (Botnet activity attributed to: Angara Technologies Group / mikhail-smirnov-79830322) show less	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-12 01:37:50 (4 weeks ago)	(mod_security) mod_security (id:240335) triggered by 157.66.128.172 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 157.66.128.172 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 21:37:44.921118 2026] [security2:error] [pid 30653:tid 30653] [client 157.66.128.172:57388] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.66.128.172 (+1 hits since last alert)\|ssion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ssion.com"] [uri "/xmlrpc.php"] [unique_id "agKEaE3TkhCWBr7Wme-rfgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇱 190.110.99.41

🇲🇾 182.62.161.163

🇺🇸 170.247.223.60

🇺🇸 165.22.34.238

🇮🇳 103.203.172.12

🇻🇳 222.255.222.219

🇺🇸 170.247.223.254

🇺🇸 170.247.223.253

🇺🇸 170.247.223.244

🇸🇬 165.245.184.50

🇨🇳 119.99.251.193

🇺🇸 52.167.144.231

🇬🇪 2.57.217.229

🇷🇴 2.57.121.112

🇳🇱 176.65.139.47

🇳🇱 176.65.139.29

🇺🇸 170.247.223.236

🇺🇸 170.247.223.231

🇨🇦 152.232.67.96

🇯🇵 150.109.196.248