JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 178.217.11.6

178.217.11.6 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 48%: ?

48%

ISP	ASTRA TELEKOM DOO BEOGRAD
Usage Type	Fixed Line ISP
ASN	AS51002
Domain Name	astratelekom.com
Country	🇷🇸 Serbia
City	Mladenovac, Central Serbia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 178.217.11.6

Whois 178.217.11.6

IP Abuse Reports for 178.217.11.6:

This IP address has been reported a total of 14 times from 11 distinct sources. 178.217.11.6 was first reported on November 23rd 2025, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-28 09:54:21 (14 hours ago)	(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 05:54:12.163170 2026] [security2:error] [pid 12386:tid 12386] [client 178.217.11.6:57147] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 178.217.11.6 (+1 hits since last alert)\|cosplayculture.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cosplayculture.com"] [uri "/xmlrpc.php"] [unique_id "akDvRDwTbUKchxccXlDQYgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 pscriptos	2026-06-27 22:33:04 (1 day ago)	{"ClientAddr":"178.217.11.6:55905","ClientHost":"178.217.11.6","ClientPort":"55905","ClientUsername" ... show more {"ClientAddr":"178.217.11.6:55905","ClientHost":"178.217.11.6","ClientPort":"55905","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":427388320,"OriginContentSize":418,"OriginDuration":423957788,"OriginStatus":403,"Overhead":3430532,"RequestAddr":"www.cleveradmin.de","RequestContentSize":715,"RequestCount":1606580,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-06-28T00:32:36.478294188+02:00","StartUTC":"2026-06-27T22:32:36.478294188Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2026-06-28T00:32:36+02:00"} {"ClientAddr":"178.217.11.6:55905","ClientHost":"178.217.11.6","ClientPort":"55905" ... show less	Brute-Force Web App Attack
🇩🇪 XYCoderXY	2026-06-27 20:50:03 (1 day ago)	SSH/web brute-force & exploit scanning against lumerux.com (automated report).	Brute-Force SSH
🇪🇸 masterguru	2026-06-27 19:13:14 (1 day ago)	(xmlrpc) Failed xmlrpc access from 178.217.11.6 (RS/Serbia/-): 5 in the last 3600 secs (0-122)	Hacking
🇺🇸 TPI-Abuse	2026-06-27 17:10:27 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 13:10:18.306033 2026] [security2:error] [pid 5580:tid 5580] [client 178.217.11.6:60698] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 178.217.11.6 (+1 hits since last alert)\|laecovillage.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "laecovillage.org"] [uri "/xmlrpc.php"] [unique_id "akAD-ulPJZfQ0qFMRHU9oAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-26 22:28:08 (2 days ago)		Brute-Force Web App Attack
Anonymous	2026-06-26 10:01:05 (2 days ago)	[ssd1.kdns.gr] httpd-xmlrpc-post: sites=me-meraki.gr; logs=/var/log/httpd/domains/me-meraki.gr.log; ... show more [ssd1.kdns.gr] httpd-xmlrpc-post: sites=me-meraki.gr; logs=/var/log/httpd/domains/me-meraki.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 09:11:43 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 05:11:33.194279 2026] [security2:error] [pid 7296:tid 7296] [client 178.217.11.6:49212] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 178.217.11.6 (+1 hits since last alert)\|register-yacht-hong-kong.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "register-yacht-hong-kong.com"] [uri "/xmlrpc.php"] [unique_id "aj5CRVCozMiBDycrF01k0QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-25 19:07:17 (3 days ago)	178.217.11.6 - - [25/Jun/2026:21:06:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com ... show more 178.217.11.6 - - [25/Jun/2026:21:06:54 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 178.217.11.6 - - [25/Jun/2026:21:06:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com" 178.217.11.6 - - [25/Jun/2026:21:07:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com" 178.217.11.6 - - [25/Jun/2026:21:07:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 178.217.11.6 - - [25/Jun/2026:21:07:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 15:56:00 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 178.217.11.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 11:55:53.989807 2026] [security2:error] [pid 4816:tid 4816] [client 178.217.11.6:50668] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 178.217.11.6 (+1 hits since last alert)\|drjasonkolber.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drjasonkolber.com"] [uri "/xmlrpc.php"] [unique_id "aj1PicBYrVOgs2dxjFXEngAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Lunix	2026-06-25 15:49:55 (3 days ago)		Brute-Force Web App Attack
🇳🇴 tmiland	2026-03-01 18:52:00 (3 months ago)	(wordpress_xmlrpc) WordPress XMLPRC Attack 178.217.11.6 (RS/Serbia/-): 3 in the last 3600 secs	Brute-Force Blog Spam Web App Attack
🇩🇪 MusicLibrary	2026-03-01 16:21:48 (3 months ago)	Attempted access to non existent wordpress urls	Bad Web Bot
Anonymous	2025-11-23 02:01:16 (7 months ago)	scanning http requests from known botnet	Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 58.48.53.254

🇺🇸 198.44.133.131

🇳🇱 193.39.208.26

🇸🇬 152.42.172.176

🇺🇸 146.88.241.111

🇩🇪 145.14.139.140

🇺🇸 138.99.38.120

🇷🇺 109.248.253.192

🇺🇸 195.184.76.178

🇿🇦 165.73.137.222

🇺🇸 152.32.234.39

🇨🇳 123.191.129.129

🇮🇳 115.247.159.106

🇹🇼 111.240.23.176

🇭🇰 101.32.15.141

🇹🇷 91.151.95.146

🇹🇷 85.111.68.99

🇺🇸 65.49.1.225

🇩🇿 41.99.101.157

🇭🇰 8.210.123.17