JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.128.140.80

138.128.140.80 was found in our database!

This IP was reported 183 times. Confidence of Abuse is 84%: ?

84%

ISP	i3D.net B.V
Usage Type	Data Center/Web Hosting/Transit
ASN	AS49544
Hostname(s)
Domain Name	i3d.net
Country	🇺🇸 United States of America
City	Elk Grove Village, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.128.140.80

Whois 138.128.140.80

IP Abuse Reports for 138.128.140.80:

This IP address has been reported a total of 183 times from 79 distinct sources. 138.128.140.80 was first reported on July 20th 2025, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 pltcldvlpr	2026-06-20 22:44:42 (4 hours ago)	CMS/framework probe: 138.128.140.80 - - [21/Jun/2026:00:44:41 +0200] "POST /xmlrpc.php HTTP/1.1" 301 ... show more CMS/framework probe: 138.128.140.80 - - [21/Jun/2026:00:44:41 +0200] "POST /xmlrpc.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/86.0.0.0 Safari/537.36" asn=49544 org="i3D.net B.V" country=US ... show less	Web App Attack
Anonymous	2026-06-20 18:54:41 (8 hours ago)	[da.kdns.gr] httpd-xmlrpc-post: sites=oro24.gr; logs=/var/log/httpd/domains/oro24.gr.log; samples=/x ... show more [da.kdns.gr] httpd-xmlrpc-post: sites=oro24.gr; logs=/var/log/httpd/domains/oro24.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 16:06:15 (11 hours ago)	(mod_security) mod_security (id:225170) triggered by 138.128.140.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 138.128.140.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 12:06:09.389319 2026] [security2:error] [pid 18534:tid 18540] [client 138.128.140.80:57763] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|koalacogs.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "koalacogs.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aja6cYXnaQmDcBBGlqkYYgAAAMQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 13:42:53 (13 hours ago)	(mod_security) mod_security (id:225170) triggered by 138.128.140.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 138.128.140.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 09:42:49.119409 2026] [security2:error] [pid 5361:tid 5361] [client 138.128.140.80:56114] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|grexicon.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grexicon.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajaY2QitOB7ExHg2QGcNBQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 gnom4ik	2026-06-19 06:16:03 (1 day ago)	ban-reviewer auto report; ip=138.128.140.80; scenario=http:scan; scenario_context=http:scan,firehol_ ... show more ban-reviewer auto report; ip=138.128.140.80; scenario=http:scan; scenario_context=http:scan,firehol_greensnow; verdict=valid_ban; confidence=0.92; categories=14,15,18,22; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=ip_decision_count_high show less	Port Scan Hacking Brute-Force SSH
🇨🇦 zXero	2026-06-18 21:07:11 (2 days ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
🇩🇪 big-cloud.nl	2026-06-17 20:26:25 (3 days ago)	Try to access /xmlrpc.php	Web App Attack
Anonymous	2026-06-17 20:01:50 (3 days ago)	[redacted] 138.128.140.80 - - [17/Jun/2026:22:01:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 138.128.140.80 - - [17/Jun/2026:22:01:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/15.0.0.0 Safari/537.36" [redacted] 138.128.140.80 - - [17/Jun/2026:22:01:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/99.0.0.0 Safari/537.36" [redacted] 138.128.140.80 - - [17/Jun/2026:22:01:24 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.3; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/99.0.0.0 Safari/537.36" [redacted] 138.128.140.80 - - [17/Jun/2026:22:01:28 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/11.0.0.0 Safari/537.36" [redacted] 138.128.140.80 - - [17/Jun/2026:22:01:46 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Macintosh; Intel Mac ... show less	Hacking Web App Attack
🇩🇪 Hazzard	2026-06-17 09:23:43 (3 days ago)	(wordpress) Failed wordpress login from 138.128.140.80 (US/United States/Illinois/Elk Grove Village/ ... show more (wordpress) Failed wordpress login from 138.128.140.80 (US/United States/Illinois/Elk Grove Village/-/[redacted]): (CF_ENABLE) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-17 02:05:41 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 138.128.140.80 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 138.128.140.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 22:05:35.878560 2026] [security2:error] [pid 28102:tid 28102] [client 138.128.140.80:50738] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|robinsnestingplace.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "robinsnestingplace.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajIA70PZ40JeDn53QKZpYwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 Mga Admin	2026-06-17 00:06:29 (4 days ago)	138.128.140.80 - - [17/Jun/2026:07:06:29 +0700] "POST /xmlrpc.php HTTP/1.1" 404 69 "-" "Mozilla/5.0 ... show more 138.128.140.80 - - [17/Jun/2026:07:06:29 +0700] "POST /xmlrpc.php HTTP/1.1" 404 69 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇷 tecnicorioja	2026-06-16 22:00:13 (4 days ago)	POST /xmlrpc.php [16/Jun/2026:18:58:06	Brute-Force Web App Attack
🇩🇪 findlab	2026-06-15 22:00:02 (5 days ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
Anonymous	2026-06-15 21:25:15 (5 days ago)	[server.tmg.gr] httpd-xmlrpc-post: sites=geomed.gr; logs=/var/log/httpd/domains/geomed.gr.log; sampl ... show more [server.tmg.gr] httpd-xmlrpc-post: sites=geomed.gr; logs=/var/log/httpd/domains/geomed.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-12 14:15:03 (1 week ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack

Showing 1 to 15 of 183 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 220.167.233.147

🇷🇺 213.234.11.10

🇷🇴 193.46.255.86

🇿🇦 165.165.113.110

🇵🇭 139.135.222.44

🇺🇸 135.119.89.140

🇺🇸 107.150.97.156

🇺🇸 66.132.195.23

🇦🇺 45.132.225.222

🇰🇷 4.230.16.89

🇫🇷 213.136.80.134

🇩🇪 212.30.36.216

🇳🇬 197.211.59.67

🇫🇮 178.20.210.152

🇳🇱 176.65.149.111

🇸🇦 176.45.191.72

🇸🇬 172.217.97.18

🇸🇳 154.124.82.134

🇨🇴 143.105.99.3

🇨🇳 112.132.158.95