JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.148.25.42

180.148.25.42 was found in our database!

This IP was reported 71 times. Confidence of Abuse is 100%: ?

100%

ISP	PT GIGA NETWORK INDONESIA
Usage Type	Fixed Line ISP
ASN	AS154201
Domain Name	ginesia.id
Country	🇮🇩 Indonesia
City	Cianjur, West Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.148.25.42

Whois 180.148.25.42

IP Abuse Reports for 180.148.25.42:

This IP address has been reported a total of 71 times from 35 distinct sources. 180.148.25.42 was first reported on March 12th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-21 15:55:57 (2 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-21 08:29:22 (9 hours ago)	(mod_security) mod_security (id:240335) triggered by 180.148.25.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 180.148.25.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 04:29:14.140309 2026] [security2:error] [pid 28610:tid 28610] [client 180.148.25.42:57203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.148.25.42 (+1 hits since last alert)\|prostar.industries\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "prostar.industries"] [uri "/xmlrpc.php"] [unique_id "ajeg2rWAijlReCLN_48XoAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 07:29:01 (10 hours ago)	(mod_security) mod_security (id:240335) triggered by 180.148.25.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 180.148.25.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 03:28:54.826155 2026] [security2:error] [pid 20161:tid 20161] [client 180.148.25.42:63895] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.148.25.42 (+1 hits since last alert)\|serranoscoffee.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "serranoscoffee.com"] [uri "/xmlrpc.php"] [unique_id "ajeStp9Z7o8IoOWrIW2pBwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-21 06:28:10 (11 hours ago)	Attac	Brute-Force
🇪🇸 masterguru	2026-06-20 14:04:11 (1 day ago)	(xmlrpc) Failed xmlrpc access from 180.148.25.42 (ID/Indonesia/-): 5 in the last 3600 secs (0-122)	Hacking
🇩🇪 grassau.com	2026-06-20 14:00:36 (1 day ago)	(wordpress) Failed wordpress login from 180.148.25.42 (ID/Indonesia/-/-/-)	Brute-Force
🇳🇱 BlueWire Hosting	2026-06-20 12:38:39 (1 day ago)	Probing websites for vulnerabilities	Web App Attack
Anonymous	2026-06-18 11:20:25 (3 days ago)	(wordpress) Failed wordpress login from 180.148.25.42 (ID/Indonesia/-/-/-/[redacted])	Brute-Force
Anonymous	2026-06-18 11:19:43 (3 days ago)	(wordpress) Failed wordpress login from 180.148.25.42 (ID/Indonesia/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-18 10:52:50 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 180.148.25.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 180.148.25.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 06:52:45.698419 2026] [security2:error] [pid 13779:tid 13779] [client 180.148.25.42:62121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.148.25.42 (+1 hits since last alert)\|anchor07.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "anchor07.com"] [uri "/xmlrpc.php"] [unique_id "ajPN_f2aJFJT2has44hUAwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-18 10:51:04 (3 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC -	Web App Attack
🇩🇪 rh24	2026-06-17 03:15:37 (4 days ago)	(xmlrpc_405) XMLRPC-Bot 405 180.148.25.42 (ID/Indonesia/-)	Hacking
🇸🇬 pusathosting.com	2026-06-17 00:30:06 (4 days ago)	24ds22 bruteforce	Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-16 05:53:36 (5 days ago)	wp-comments-post.php request blocked, no referer. Pattern match "wp-comments-post.php" at REQUEST_UR ... show more wp-comments-post.php request blocked, no referer. Pattern match "wp-comments-post.php" at REQUEST_URI. (88520-197) show less	Hacking
Anonymous	2026-06-15 02:26:06 (6 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack

Showing 1 to 15 of 71 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 220.250.52.111

🇲🇩 212.0.217.14

🇧🇷 177.86.200.227

🇨🇱 136.248.242.166

🇮🇷 130.185.72.228

🇻🇳 103.241.43.193

🇺🇸 52.4.143.42

🇱🇹 45.227.254.170

🇨🇳 39.130.240.253

🇬🇧 35.203.210.209

🇸🇬 20.157.117.15

🇺🇸 20.80.88.160

🇺🇸 2604:a880:400:d1:0:4:9636:8001

🇪🇹 196.189.126.10

🇨🇳 58.17.6.119

🇨🇳 47.92.39.219

🇳🇱 45.148.10.200

🇩🇪 213.209.159.226

🇨🇳 120.48.122.43

🇨🇳 118.81.201.4