JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 170.238.128.199

170.238.128.199 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 74%: ?

74%

ISP	Smart Telecom Networks Serv.de Telecom. LTDA M.E
Usage Type	Fixed Line ISP
ASN	AS266319
Domain Name	serv.de
Country	🇧🇷 Brazil
City	Rio de Janeiro, Rio de Janeiro

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 170.238.128.199

Whois 170.238.128.199

IP Abuse Reports for 170.238.128.199:

This IP address has been reported a total of 21 times from 16 distinct sources. 170.238.128.199 was first reported on July 12th 2024, and the most recent report was 49 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 17:32:03 (49 minutes ago)	(mod_security) mod_security (id:240335) triggered by 170.238.128.199 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 170.238.128.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 13:31:55.966591 2026] [security2:error] [pid 25770:tid 25792] [client 170.238.128.199:60226] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 170.238.128.199 (+1 hits since last alert)\|whatismetamodern.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whatismetamodern.com"] [uri "/xmlrpc.php"] [unique_id "ajQrixrVGN1abdCZY052LwAAAM4"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-18 15:53:29 (2 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-18 12:12:14 (6 hours ago)	[redacted] 170.238.128.199 - - [18/Jun/2026:14:11:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" ... show more [redacted] 170.238.128.199 - - [18/Jun/2026:14:11:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack/12.1; WordPress/6.2; http://site94217765.com" [redacted] 170.238.128.199 - - [18/Jun/2026:14:11:37 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack/12.1; WordPress/6.4; http://site90275433.com" [redacted] 170.238.128.199 - - [18/Jun/2026:14:11:49 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com" [redacted] 170.238.128.199 - - [18/Jun/2026:14:12:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com" [redacted] 170.238.128.199 - - [18/Jun/2026:14:12:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇫🇷 dynamix	2026-06-18 00:40:30 (17 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 19:36:30 (22 hours ago)	(mod_security) mod_security (id:240335) triggered by 170.238.128.199 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 170.238.128.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 15:36:25.335143 2026] [security2:error] [pid 2558:tid 2558] [client 170.238.128.199:60765] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 170.238.128.199 (+1 hits since last alert)\|navarrete.ws\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "navarrete.ws"] [uri "/xmlrpc.php"] [unique_id "ajL3OaMMcbtlcMMcNLUqwgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TAY	2026-06-17 15:29:53 (1 day ago)	170.238.128.199 - - [17/Jun/2026:23:29:30 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4491 "-" "Jetpack b ... show more 170.238.128.199 - - [17/Jun/2026:23:29:30 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4491 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" 170.238.128.199 - - [17/Jun/2026:23:29:41 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4491 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)" 170.238.128.199 - - [17/Jun/2026:23:29:52 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4491 "-" "WordPress.com; https://wordpress.com" ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-16 18:17:08 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 170.238.128.199 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 170.238.128.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 14:17:01.267338 2026] [security2:error] [pid 3487:tid 3487] [client 170.238.128.199:60623] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 170.238.128.199 (+1 hits since last alert)\|yanlidesign.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "yanlidesign.com"] [uri "/xmlrpc.php"] [unique_id "ajGTHdVYf98UfgKcXt53YgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-16 17:18:46 (2 days ago)	Blocked by ModSec and CSF	Port Scan
🇫🇷 Kenshin869	2026-06-16 14:39:08 (2 days ago)	Wordpress unauthorized access attempt	Brute-Force
🇦🇺 clapper	2026-06-16 13:39:59 (2 days ago)	(mod_security) mod_security (id:350202) triggered by 170.238.128.199 (BR/Brazil/-): 5 in the last 60 ... show more (mod_security) mod_security (id:350202) triggered by 170.238.128.199 (BR/Brazil/-): 5 in the last 600 secs; ID: rub show less	Brute-Force Bad Web Bot
Anonymous	2026-06-16 04:36:20 (2 days ago)	170.238.128.199 - - [16/Jun/2026:06:35:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by ... show more 170.238.128.199 - - [16/Jun/2026:06:35:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" 170.238.128.199 - - [16/Jun/2026:06:36:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" 170.238.128.199 - - [16/Jun/2026:06:36:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" 170.238.128.199 - - [16/Jun/2026:06:36:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" 170.238.128.199 - - [16/Jun/2026:06:36:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)" ... show less	Brute-Force Web App Attack
🇺🇸 WeekendWeb	2026-06-15 23:29:13 (2 days ago)	Wordpress Vunerability attack	Web App Attack
Anonymous	2026-06-15 17:49:14 (3 days ago)	[server.tmg.gr] httpd-xmlrpc-post: sites=crisis-management2021.eu; logs=/var/log/httpd/domains/crisi ... show more [server.tmg.gr] httpd-xmlrpc-post: sites=crisis-management2021.eu; logs=/var/log/httpd/domains/crisis-management2021.eu.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:17:16 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 170.238.128.199 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 170.238.128.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:17:13.252737 2026] [security2:error] [pid 21845:tid 21845] [client 170.238.128.199:60611] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 170.238.128.199 (+1 hits since last alert)\|xyncom.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "xyncom.com"] [uri "/xmlrpc.php"] [unique_id "ajAliSzUp7Ym21Cn4Td-KQAAAGA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 14:42:53 (3 days ago)	[redacted] 170.238.128.199 - - [15/Jun/2026:16:42:09 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" ... show more [redacted] 170.238.128.199 - - [15/Jun/2026:16:42:09 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack/12.5; WordPress/6.4; http://site32934296.com" [redacted] 170.238.128.199 - - [15/Jun/2026:16:42:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)" [redacted] 170.238.128.199 - - [15/Jun/2026:16:42:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" [redacted] 170.238.128.199 - - [15/Jun/2026:16:42:41 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com" [redacted] 170.238.128.199 - - [15/Jun/2026:16:42:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)" ... show less	Hacking Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇷 213.142.156.145

🇨🇦 207.6.214.169

🇨🇱 201.186.40.161

🇳🇱 185.93.89.167

🇮🇳 152.32.156.138

🇨🇳 116.179.37.134

🇺🇸 108.62.56.179

🇨🇳 106.75.176.60

🇳🇱 91.92.40.12

🇺🇸 64.92.6.70

🇰🇷 59.12.92.206

🇺🇸 205.210.31.95

🇳🇱 193.39.208.26

🇺🇸 191.101.25.77

🇩🇪 138.201.249.188

🇸🇬 119.28.101.155

🇨🇳 117.144.83.196

🇨🇳 116.179.37.58

🇨🇳 116.179.37.12

🇺🇸 108.62.63.13