JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.85.213.28

157.85.213.28 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 46%: ?

46%

ISP	PT XLSMART Telecom Sejahtera, TBK
Usage Type	Fixed Line ISP
ASN	AS139994
Domain Name	xlsmart.co.id
Country	🇮🇩 Indonesia
City	Soreang, West Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.85.213.28

Whois 157.85.213.28

IP Abuse Reports for 157.85.213.28:

This IP address has been reported a total of 14 times from 8 distinct sources. 157.85.213.28 was first reported on April 9th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-28 10:28:08 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 06:28:00.470175 2026] [security2:error] [pid 31743:tid 31743] [client 157.85.213.28:14104] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.85.213.28 (+1 hits since last alert)\|assheton.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "assheton.com"] [uri "/xmlrpc.php"] [unique_id "akD3MNX37K-D3kDZLc0QZAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 09:28:57 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 05:28:51.257458 2026] [security2:error] [pid 16287:tid 16287] [client 157.85.213.28:24250] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.85.213.28 (+1 hits since last alert)\|proyectando.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "proyectando.com"] [uri "/xmlrpc.php"] [unique_id "akDpU_H4Gc59-FS9DuejggAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 07:55:20 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 03:55:12.765777 2026] [security2:error] [pid 24092:tid 24092] [client 157.85.213.28:9715] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.85.213.28 (+1 hits since last alert)\|axiomemail.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "axiomemail.net"] [uri "/xmlrpc.php"] [unique_id "akDTYIE6Sc9qo3cj4eKRIQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 05:23:07 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 01:23:03.027488 2026] [security2:error] [pid 510:tid 510] [client 157.85.213.28:16479] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.85.213.28 (+1 hits since last alert)\|birdlovesfish.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "birdlovesfish.com"] [uri "/xmlrpc.php"] [unique_id "akCvt8UqNSxgm7SotyYaEwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-28 01:45:48 (2 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 23:15:05 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 19:14:59.301522 2026] [security2:error] [pid 17731:tid 17731] [client 157.85.213.28:12388] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.85.213.28 (+1 hits since last alert)\|johncyphers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "johncyphers.com"] [uri "/xmlrpc.php"] [unique_id "akBZc3zkb-0gmhm-ewxs2gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-27 23:12:45 (2 days ago)	157.85.213.28 - - [28/Jun/2026:01:12:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 798 "-" "Jetpack by W ... show more 157.85.213.28 - - [28/Jun/2026:01:12:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 798 "-" "Jetpack by WordPress.com" 157.85.213.28 - - [28/Jun/2026:01:12:25 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com" 157.85.213.28 - - [28/Jun/2026:01:12:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 798 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" 157.85.213.28 - - [28/Jun/2026:01:12:34 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" 157.85.213.28 - - [28/Jun/2026:01:12:44 +0200] "POST /xmlrpc.php HTTP/1.1" 200 798 "-" "Jetpack/12.1; WordPress/6.2; http://site84129918.com" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 22:12:11 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 18:12:06.504958 2026] [security2:error] [pid 4053:tid 4053] [client 157.85.213.28:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.85.213.28 (+1 hits since last alert)\|cloudex.click\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cloudex.click"] [uri "/xmlrpc.php"] [unique_id "akBKtv8DPqRQgfEZVsjNiAAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 15:44:52 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 157.85.213.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 11:44:48.139577 2026] [security2:error] [pid 17224:tid 17224] [client 157.85.213.28:17895] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 157.85.213.28 (+1 hits since last alert)\|fadcometal.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fadcometal.com"] [uri "/xmlrpc.php"] [unique_id "aj_v8AQ0vL1QEj4DdJQqeAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-27 15:13:02 (2 days ago)	[redacted] 157.85.213.28 - - [27/Jun/2026:17:12:18 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ... show more [redacted] 157.85.213.28 - - [27/Jun/2026:17:12:18 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 157.85.213.28 - - [27/Jun/2026:17:12:28 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" [redacted] 157.85.213.28 - - [27/Jun/2026:17:12:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.4; http://site91076774.com" [redacted] 157.85.213.28 - - [27/Jun/2026:17:12:50 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 157.85.213.28 - - [27/Jun/2026:17:13:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" ... show less	Hacking Web App Attack
Anonymous	2026-06-22 13:24:35 (1 week ago)	2026-06-22T15:24:28.835249+02:00 postfix/smtpd[1785095]: NOQUEUE: reject: RCPT from unknown[157.85. ... show more 2026-06-22T15:24:28.835249+02:00 postfix/smtpd[1785095]: NOQUEUE: reject: RCPT from unknown[157.85.213.28]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [157.85.213.28]; proto=ESMTP helo=<[157.85.213.28]> show less	Email Spam
🇳🇱 Cloud86 B.V.	2026-06-20 06:13:36 (1 week ago)	categories: Email Spam	Email Spam
🇩🇪 EGP Abuse Dept	2026-06-20 03:02:07 (1 week ago)	Numeric HELO: 157.85.213.28	Email Spam Exploited Host
🇬🇧 djboddington	2026-04-09 03:09:15 (2 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/postfix-dnsblog	Email Spam Exploited Host

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 185.198.240.75

🇨🇴 181.129.41.162

🇮🇩 163.7.1.156

🇺🇸 162.216.150.104

🇺🇸 136.66.184.223

🇫🇷 91.231.89.55

🇨🇦 85.217.149.34

🇨🇳 47.98.244.175

🇲🇽 201.119.76.93

🇧🇷 179.168.132.230

🇧🇷 170.0.171.153

🇫🇮 147.185.133.246

🇺🇸 141.11.88.4

🇨🇳 120.195.50.149

🇫🇷 91.231.89.145

🇳🇱 91.92.42.64

🇬🇧 86.147.149.130

🇫🇷 85.204.70.104

🇧🇬 79.124.49.226

🇧🇬 79.124.40.158