JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 213.109.66.157

213.109.66.157 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 81%: ?

81%

ISP	AKNET Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS12764
Hostname(s)	213-109-66-157.aknet.kg
Domain Name	aknet.kg
Country	🇰🇬 Kyrgyzstan
City	Kant, Chuy Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 213.109.66.157

Whois 213.109.66.157

IP Abuse Reports for 213.109.66.157:

This IP address has been reported a total of 38 times from 22 distinct sources. 213.109.66.157 was first reported on December 13th 2022, and the most recent report was 7 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 14:59:02 (7 minutes ago)	(mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 10:58:54.941545 2026] [security2:error] [pid 22443:tid 22443] [client 213.109.66.157:63742] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.109.66.157 (+1 hits since last alert)\|artigelisim.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "artigelisim.com"] [uri "/xmlrpc.php"] [unique_id "ajVZLs-G8nyZOIEnXxqi6AAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 11:15:15 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 07:15:00.128957 2026] [security2:error] [pid 18459:tid 18459] [client 213.109.66.157:60264] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.109.66.157 (+1 hits since last alert)\|kotelbarmitzvah.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kotelbarmitzvah.com"] [uri "/xmlrpc.php"] [unique_id "ajPTNCpF7M1oYroaQjf0KwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 09:00:13 (1 day ago)	Attac	Brute-Force
🇫🇷 masterguru	2026-06-18 08:59:26 (1 day ago)	(xmlrpc) Apache: Failed xmlrpc access from 213.109.66.157 (KG/Kyrgyzstan/213-109-66-157.aknet.kg): 1 ... show more (xmlrpc) Apache: Failed xmlrpc access from 213.109.66.157 (KG/Kyrgyzstan/213-109-66-157.aknet.kg): 10 in the last 3600 secs (0-201) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-18 08:30:55 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 04:30:51.635371 2026] [security2:error] [pid 30562:tid 30562] [client 213.109.66.157:52516] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.109.66.157 (+1 hits since last alert)\|jeffmasonmusic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jeffmasonmusic.com"] [uri "/xmlrpc.php"] [unique_id "ajOsu32F1e62kvWHkLwJKQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 konseptit	2026-06-17 13:22:14 (2 days ago)	(wordpress) Failed wordpress login from 213.109.66.157 (KG/Kyrgyzstan/213-109-66-157.aknet.kg)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-17 11:42:12 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 07:42:07.532488 2026] [security2:error] [pid 9912:tid 9912] [client 213.109.66.157:51909] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.109.66.157 (+1 hits since last alert)\|astglobaltech.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "astglobaltech.com"] [uri "/xmlrpc.php"] [unique_id "ajKID3wuc93PectOwRR9gQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 ipoac.nl	2026-06-17 11:07:08 (2 days ago)	2026-06-17T13:07:07.569153+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication attempt for unknown ... show more 2026-06-17T13:07:07.569153+02:00 ipoac.nl wordpress(-)-: XML-RPC authentication attempt for unknown user 5fm from 213.109.66.157 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 16:15:53 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 12:15:49.171941 2026] [security2:error] [pid 27610:tid 27610] [client 213.109.66.157:63097] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.109.66.157 (+1 hits since last alert)\|blindshine.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "blindshine.com"] [uri "/xmlrpc.php"] [unique_id "ajF2tVfadcONUMR8zfArUwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-16 16:13:56 (2 days ago)	(xmlrpc_405) XMLRPC-Bot 405 213.109.66.157 (KG/Kyrgyzstan/213-109-66-157.aknet.kg)	Hacking
🇳🇱 Site.eu	2026-06-14 19:07:04 (4 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇦🇺 FireGuard Server	2026-06-14 17:25:03 (4 days ago)	Blocked by OPNsense firewall; 3 hits, proto=tcp, ports=443	Port Scan Hacking
Anonymous	2026-06-14 16:56:10 (4 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-14 15:11:28 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 213.109.66.157 (213-109-66-157.aknet.kg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 11:11:22.239741 2026] [security2:error] [pid 6448:tid 6448] [client 213.109.66.157:64011] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.109.66.157 (+1 hits since last alert)\|theamarals.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theamarals.com"] [uri "/xmlrpc.php"] [unique_id "ai7EmvJaoa5lagLF9QyM0QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Lunix	2026-06-14 12:04:50 (5 days ago)		Brute-Force Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 185.239.224.89

🇺🇸 162.246.254.13

🇺🇸 162.216.149.59

🇵🇰 103.117.162.224

🇳🇵 103.104.28.217

🇺🇸 52.21.81.179

🇧🇷 205.210.31.236

🇺🇸 198.62.7.130

🇺🇸 192.159.99.144

🇺🇸 82.22.97.205

🇺🇸 73.177.135.218

🇳🇱 45.148.10.157

🇨🇦 37.122.149.28

🇺🇸 23.92.21.85

🇮🇱 2620:171:6a:f002:9999::49

🇺🇸 195.184.76.168

🇪🇬 156.197.61.6

🇮🇳 103.110.237.114

🇭🇰 103.56.115.187

🇪🇸 85.87.99.114