JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.253.249.147

180.253.249.147 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 55%: ?

55%

ISP	PT TELKOM INDONESIA
Usage Type	Fixed Line ISP
ASN	AS7713
Domain Name	telkom.co.id
Country	🇮🇩 Indonesia
City	Bandung, West Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.253.249.147

Whois 180.253.249.147

IP Abuse Reports for 180.253.249.147:

This IP address has been reported a total of 16 times from 13 distinct sources. 180.253.249.147 was first reported on January 9th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-11 22:28:48 (1 week ago)		Brute-Force Web App Attack
🇳🇱 knock	2026-06-11 06:02:57 (1 week ago)	Knock-Knock honeypot brute-force: SMB (1 total hits)	Brute-Force
🇩🇪 reznekcs	2026-06-11 04:57:16 (1 week ago)	F2B wordpress ban. Logs: 180.253.249.147 - - [11/Jun/2026:06:57:02 +0200] "POST /xmlrpc.php HTTP/1.1 ... show more F2B wordpress ban. Logs: 180.253.249.147 - - [11/Jun/2026:06:57:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4246 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" 180.253.249.147 - - [11/Jun/2026:06:57:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4246 "-" "Jetpack by WordPress.com" show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 04:46:34 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 180.253.249.147 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 180.253.249.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 00:46:26.702386 2026] [security2:error] [pid 9403:tid 9403] [client 180.253.249.147:46832] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.253.249.147 (+1 hits since last alert)\|legacy-insight.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "legacy-insight.com"] [uri "/xmlrpc.php"] [unique_id "aio9onTVbtYMe7D3gRSVrwAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 konseptit	2026-06-11 04:40:57 (1 week ago)	(wordpress) Failed wordpress login from 180.253.249.147 (ID/Indonesia/-)	Brute-Force
🇧🇪 cmbplf	2026-06-11 03:59:29 (1 week ago)	6.034 post requests in 1 hour (2d16h1m)	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-11 03:38:54 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 180.253.249.147 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 180.253.249.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 23:38:49.987509 2026] [security2:error] [pid 20172:tid 20220] [client 180.253.249.147:42331] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.253.249.147 (+1 hits since last alert)\|whitecrosslibrary.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whitecrosslibrary.com"] [uri "/xmlrpc.php"] [unique_id "aiotyQT0GgWCsjjGPNCRDQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-11 03:25:12 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC ID/Indonesia/-	Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 03:07:45 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 180.253.249.147 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 180.253.249.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 23:07:32.348777 2026] [security2:error] [pid 7500:tid 7500] [client 180.253.249.147:31277] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.253.249.147 (+1 hits since last alert)\|fredlandia.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fredlandia.com"] [uri "/xmlrpc.php"] [unique_id "aiomdGuwEIGGpuvfVKo55AAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-11 01:53:39 (1 week ago)	(wordpress) Failed wordpress login from 180.253.249.147 (ID/Indonesia/-)	Brute-Force
🇫🇷 ✨	2026-06-11 01:42:19 (1 week ago)	Rule : MSSQLSERVER Rule: MSSQLSERVER Event: MSSQLSERVER UserAccount : sa sa Reason: Password did ... show more Rule : MSSQLSERVER Rule: MSSQLSERVER Event: MSSQLSERVER UserAccount : sa sa Reason: Password did not match that for the login provided. [CLIENT: 180.253.249.147] show less	Port Scan Brute-Force
🇺🇸 TPI-Abuse	2026-06-11 01:38:39 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 180.253.249.147 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 180.253.249.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 21:38:35.596322 2026] [security2:error] [pid 27822:tid 27822] [client 180.253.249.147:51866] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.253.249.147 (+1 hits since last alert)\|altoshp.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "altoshp.com"] [uri "/xmlrpc.php"] [unique_id "aioRm5GIaDRrEL1kp91rvQAAACo"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 mkey	2026-06-11 01:30:01 (1 week ago)	Verified scan activity detected by local IDS/firewall correlation. SCAN: HIGHRISK_SINGLEPORT \| PORTS ... show more Verified scan activity detected by local IDS/firewall correlation. SCAN: HIGHRISK_SINGLEPORT \| PORTS=445 \| HITS=2 \| IPSET=ADD \| FIRST=2026-06-11 03:27:49 \| LAST=2026-06-11 03:27:49. Last seen 2026-06-11 03:27:49. show less	Port Scan
🇫🇷 dynamix	2026-06-11 00:51:47 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-03-30 08:28:23 (2 months ago)	RdpGuard detected brute-force attempt on RDP	Brute-Force

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 195.206.182.212

🇫🇷 195.110.35.49

🇺🇸 193.202.11.112

🇦🇲 176.32.193.16

🇺🇸 147.185.132.240

🇺🇸 144.172.100.174

🇸🇬 118.194.235.16

🇯🇵 43.165.185.71

🇺🇸 2a04:c300:400::1b3

🇨🇴 206.62.136.130

🇺🇸 193.187.150.93

🇧🇷 177.39.66.118

🇳🇱 176.65.139.181

🇺🇸 104.234.53.56

🇵🇹 85.240.193.104

🇸🇪 193.183.77.2

🇺🇸 172.214.209.153

🇺🇸 172.191.239.155

🇦🇺 95.82.7.89

🇫🇷 92.205.161.152