JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.252.95.189

180.252.95.189 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 31%: ?

31%

ISP	PT TELKOM INDONESIA
Usage Type	Fixed Line ISP
ASN	AS7713
Domain Name	telkom.co.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.252.95.189

Whois 180.252.95.189

IP Abuse Reports for 180.252.95.189:

This IP address has been reported a total of 15 times from 10 distinct sources. 180.252.95.189 was first reported on December 10th 2022, and the most recent report was 19 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-04 08:28:22 (19 minutes ago)	(mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 04:28:16.514876 2026] [security2:error] [pid 22713:tid 22713] [client 180.252.95.189:63421] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.252.95.189 (+1 hits since last alert)\|themadwriter.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "themadwriter.us"] [uri "/xmlrpc.php"] [unique_id "aiE3IE7F_41wFN8_X4qHPgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 07:27:37 (1 hour ago)	(mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 03:27:31.107152 2026] [security2:error] [pid 23727:tid 23727] [client 180.252.95.189:54652] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.252.95.189 (+1 hits since last alert)\|tcit.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tcit.org"] [uri "/xmlrpc.php"] [unique_id "aiEo4w4-lhIyYbJn3AkG6AAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 01:08:01 (7 hours ago)	(mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 21:07:57.327543 2026] [security2:error] [pid 14356:tid 14360] [client 180.252.95.189:53058] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.252.95.189 (+1 hits since last alert)\|willmanlawfirm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "willmanlawfirm.com"] [uri "/xmlrpc.php"] [unique_id "aiDP7VxI6nXc8c1l3AHF3AAAAII"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 00:37:04 (8 hours ago)	(mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 20:37:00.446050 2026] [security2:error] [pid 24889:tid 24889] [client 180.252.95.189:58038] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.252.95.189 (+1 hits since last alert)\|keychainfilms.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "keychainfilms.com"] [uri "/xmlrpc.php"] [unique_id "aiDIrAe21JytYGcRokVwdQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-03 11:56:23 (20 hours ago)	(wordpress) Failed wordpress login from 180.252.95.189 (ID/Indonesia/-): (CF_ENABLE)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-03 10:45:57 (22 hours ago)	(mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 06:45:52.201017 2026] [security2:error] [pid 26835:tid 26835] [client 180.252.95.189:63947] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.252.95.189 (+1 hits since last alert)\|tonydelov.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tonydelov.com"] [uri "/xmlrpc.php"] [unique_id "aiAF4GjOjqANYOccKnnQAQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-03 03:12:55 (1 day ago)	(xmlrpc) Apache: Failed xmlrpc access from 180.252.95.189 (ID/Indonesia/-): 10 in the last 3600 secs ... show more (xmlrpc) Apache: Failed xmlrpc access from 180.252.95.189 (ID/Indonesia/-): 10 in the last 3600 secs (0-201) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-03 02:11:32 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 180.252.95.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 22:11:26.164906 2026] [security2:error] [pid 2278:tid 2278] [client 180.252.95.189:63219] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.252.95.189 (+1 hits since last alert)\|kavahawaii.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kavahawaii.com"] [uri "/xmlrpc.php"] [unique_id "ah-NTj9DZX3nmO4Xr_wWcwAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 grassau.com	2026-06-03 01:09:39 (1 day ago)	(wordpress) Failed wordpress login from 180.252.95.189 (ID/Indonesia/West Java/Bogor/-)	Brute-Force
🇺🇸 xmission.com	2025-09-02 16:55:21 (9 months ago)	Blocked by UFW (TCP on 9101) Source port: 37218 TTL: 47 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 9101) Source port: 37218 TTL: 47 Packet length: 60 TOS: 0x00 This report (for 180.252.95.189) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2024-03-28 12:38:38 (2 years ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇦🇹 urnilxfgbez	2024-03-26 23:45:00 (2 years ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇪 speedhost.se	2024-03-23 04:39:27 (2 years ago)	Unauthorized connection attempt detected from IP address 180.252.95.189 to port 445 (WARDEN) [m]	Brute-Force Exploited Host
🇫🇷 Hippoline	2024-02-15 02:31:40 (2 years ago)	Feb 15 03:28:01 local wp(XXXX-A)[13668]: Authentication attempt for unknown user admin from 180.252. ... show more Feb 15 03:28:01 local wp(XXXX-A)[13668]: Authentication attempt for unknown user admin from 180.252.95.189 ... show less	Brute-Force Web App Attack
🇦🇷 NotMarco	2022-12-10 07:45:41 (3 years ago)	Unauthorized connection attempt from 180.252.95.189 to port 3306/TCP	Port Scan Hacking

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.224

🇻🇳 157.66.48.9

🇻🇳 118.70.182.193

🇷🇺 109.167.249.94

🇳🇬 102.88.137.145

🇱🇺 64.89.160.178

🇯🇵 218.219.193.151

🇳🇱 176.65.148.2

🇮🇳 164.100.212.64

🇺🇸 162.216.149.179

🇮🇳 122.185.237.142

🇵🇰 119.157.76.94

🇮🇳 103.186.132.188

🇬🇪 91.151.137.42

🇺🇸 66.132.186.250

🇳🇱 45.198.224.22

🇮🇷 37.148.5.246

🇷🇴 2.57.121.112

🇮🇳 223.185.12.225

🇵🇰 202.63.207.43