JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.254.112.231

180.254.112.231 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 42%: ?

42%

ISP	PT TELKOM INDONESIA
Usage Type	Fixed Line ISP
ASN	AS7713
Domain Name	telkom.co.id
Country	🇮🇩 Indonesia
City	Sidoarjo, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.254.112.231

Whois 180.254.112.231

IP Abuse Reports for 180.254.112.231:

This IP address has been reported a total of 11 times from 6 distinct sources. 180.254.112.231 was first reported on June 17th 2026, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-18 06:51:12 (10 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-18 05:49:51 (11 hours ago)	[redacted] 180.254.112.231 - - [18/Jun/2026:07:48:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ... show more [redacted] 180.254.112.231 - - [18/Jun/2026:07:48:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 180.254.112.231 - - [18/Jun/2026:07:49:10 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 180.254.112.231 - - [18/Jun/2026:07:49:22 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 180.254.112.231 - - [18/Jun/2026:07:49:33 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 180.254.112.231 - - [18/Jun/2026:07:49:49 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 03:50:30 (13 hours ago)	(mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 23:50:27.159691 2026] [security2:error] [pid 6702:tid 6702] [client 180.254.112.231:58415] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.254.112.231 (+1 hits since last alert)\|guarinofurnituredesigns.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "guarinofurnituredesigns.com"] [uri "/xmlrpc.php"] [unique_id "ajNrA5FfNOnaqcwF2yOlfgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 08:14:44 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 04:14:37.154772 2026] [security2:error] [pid 31382:tid 31382] [client 180.254.112.231:57549] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.254.112.231 (+1 hits since last alert)\|nebraskaadaptivesports.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nebraskaadaptivesports.org"] [uri "/xmlrpc.php"] [unique_id "ajJXbajWw27PtZODuYi3qwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 07:43:05 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 03:43:01.028674 2026] [security2:error] [pid 21333:tid 21333] [client 180.254.112.231:53837] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.254.112.231 (+1 hits since last alert)\|k2servicesinc.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "k2servicesinc.net"] [uri "/xmlrpc.php"] [unique_id "ajJQBYF4YOnYmXx3Twn9uwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇿 Tripwire	2026-06-17 07:30:19 (1 day ago)	Suspicious Fake User Agents - 1 hits, 108 blocks, 47 user agents	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-17 05:42:51 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 01:42:45.665565 2026] [security2:error] [pid 5349:tid 5349] [client 180.254.112.231:58915] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.254.112.231 (+1 hits since last alert)\|kimbrothersduluth.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kimbrothersduluth.com"] [uri "/xmlrpc.php"] [unique_id "ajIz1dbDibk0egXx7-kfHQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-17 05:09:48 (1 day ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
Anonymous	2026-06-17 05:09:31 (1 day ago)	[redacted] 180.254.112.231 - - [17/Jun/2026:07:08:44 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ... show more [redacted] 180.254.112.231 - - [17/Jun/2026:07:08:44 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 180.254.112.231 - - [17/Jun/2026:07:08:54 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 180.254.112.231 - - [17/Jun/2026:07:09:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site67473570.com" [redacted] 180.254.112.231 - - [17/Jun/2026:07:09:15 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 180.254.112.231 - - [17/Jun/2026:07:09:30 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.4; http://site88541397.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 03:03:26 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 180.254.112.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 23:03:21.239390 2026] [security2:error] [pid 22267:tid 22267] [client 180.254.112.231:58527] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 180.254.112.231 (+1 hits since last alert)\|casaluzislamujeres.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "casaluzislamujeres.com"] [uri "/xmlrpc.php"] [unique_id "ajIOeX8nDTQcg1aEOe8gcgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 Dunham Support	2026-06-17 02:08:56 (1 day ago)	(wordpress) Failed wordpress login from 180.254.112.231 (ID/Indonesia/-)	Brute-Force

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 52.225.83.240

🇺🇸 172.253.214.29

🇧🇩 103.158.206.141

🇳🇱 45.142.193.131

🇰🇷 220.84.212.67

🇩🇪 167.94.146.66

🇧🇩 103.65.240.34

🇻🇳 103.63.108.25

🇭🇰 47.238.188.245

🇺🇸 43.159.152.184

🇺🇸 38.34.175.146

🇬🇧 35.203.210.205

🇨🇳 180.117.109.144

🇨🇳 111.229.131.191

🇮🇳 103.79.168.227

🇱🇹 81.30.98.225

🇬🇧 35.203.211.55

🇺🇸 162.216.149.74

🇩🇪 134.122.93.100

🇨🇳 116.177.172.94