JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 213.128.70.19

213.128.70.19 was found in our database!

This IP was reported 63 times. Confidence of Abuse is 100%: ?

100%

ISP	H29277
Usage Type	Fixed Line ISP
ASN	AS201178
Hostname(s)	server-213.128.70.19.radore.net.tr
Domain Name	rh.net.tr
Country	🇹🇷 Turkey
City	Istanbul, Istanbul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 213.128.70.19

Whois 213.128.70.19

IP Abuse Reports for 213.128.70.19:

This IP address has been reported a total of 63 times from 48 distinct sources. 213.128.70.19 was first reported on June 14th 2026, and the most recent report was 18 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Yepngo	2026-06-14 16:08:17 (18 minutes ago)	213.128.70.19 - - [14/Jun/2026:18:08:16 +0200] "POST /xmlrpc.php HTTP/2.0" 200 408 "-" "Mozilla/5.0 ... show more 213.128.70.19 - - [14/Jun/2026:18:08:16 +0200] "POST /xmlrpc.php HTTP/2.0" 200 408 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 15:17:22 (1 hour ago)	(mod_security) mod_security (id:225170) triggered by 213.128.70.19 (server-213.128.70.19.radore.net. ... show more (mod_security) mod_security (id:225170) triggered by 213.128.70.19 (server-213.128.70.19.radore.net.tr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 11:17:18.107671 2026] [security2:error] [pid 4817:tid 4817] [client 213.128.70.19:56108] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ohanameetup.party\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ohanameetup.party"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ai7F_kjDOwvidI3bU75nrgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 YF	2026-06-14 15:00:30 (1 hour ago)	wp-login.php Brute force	Brute-Force Web App Attack
🇺🇸 dtorrer	2026-06-14 14:56:01 (1 hour ago)	Brute-force general attack.	Brute-Force
🇺🇸 lostswordfish.com	2026-06-14 14:54:04 (1 hour ago)	Wordfence waf block on registrymatters	Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 14:47:11 (1 hour ago)	(mod_security) mod_security (id:225170) triggered by 213.128.70.19 (server-213.128.70.19.radore.net. ... show more (mod_security) mod_security (id:225170) triggered by 213.128.70.19 (server-213.128.70.19.radore.net.tr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 10:47:07.889485 2026] [security2:error] [pid 32745:tid 32745] [client 213.128.70.19:57028] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|arsenalfordemocracy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "arsenalfordemocracy.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ai6-62wfW2meEQ7FM9OtzQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 netclix.gr	2026-06-14 14:38:06 (1 hour ago)	(wordpress) Failed wordpress login from 213.128.70.19 (TR/Türkiye/server-213.128.70.19.radore.net.tr ... show more (wordpress) Failed wordpress login from 213.128.70.19 (TR/Türkiye/server-213.128.70.19.radore.net.tr): (CF_ENABLE) show less	Brute-Force
🇨🇦 polycoda	2026-06-14 14:31:56 (1 hour ago)	📄 Probes for wp-login.php and other inexistent URLs	Hacking Web App Attack
🇺🇸 xmission.com	2026-06-14 14:31:26 (1 hour ago)	213.128.70.19 - - [14/Jun/2026:08:31:26 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 ... show more 213.128.70.19 - - [14/Jun/2026:08:31:26 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" ... show less	Web App Attack
🇺🇸 TAY	2026-06-14 14:14:58 (2 hours ago)	213.128.70.19 - - [14/Jun/2026:22:09:51 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6263 "-" "Mozilla/5.0 ... show more 213.128.70.19 - - [14/Jun/2026:22:09:51 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6263 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 213.128.70.19 - - [14/Jun/2026:22:10:05 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6263 "-" "Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 213.128.70.19 - - [14/Jun/2026:22:14:58 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4833 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" ... show less	Brute-Force
🇫🇷 Kimax	2026-06-14 14:14:27 (2 hours ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
Anonymous	2026-06-14 14:13:38 (2 hours ago)	[Sun Jun 14 16:03:55.078038 2026] [authz_core:error] [pid 1790:tid 1937] [client 213.128.70.19:46862 ... show more [Sun Jun 14 16:03:55.078038 2026] [authz_core:error] [pid 1790:tid 1937] [client 213.128.70.19:46862] AH01630: client denied by server configuration: /var/www/wordp/wp-login.php [Sun Jun 14 16:03:57.028918 2026] [authz_core:error] [pid 1790:tid 1952] [client 213.128.70.19:46862] AH01630: client denied by server configuration: /var/www/wordp/wp-login.php, referer: https://akcurate.de/wp-login.php [Sun Jun 14 16:13:37.158587 2026] [authz_core:error] [pid 1790:tid 1947] [client 213.128.70.19:38172] AH01630: client denied by server configuration: /var/www/cimt-precision/wp-login.php [Sun Jun 14 16:13:37.587527 2026] [authz_core:error] [pid 1790:tid 1914] [client 213.128.70.19:38172] AH01630: client denied by server configuration: /var/www/cimt-precision/wp-login.php, referer: https://pre.cimt-precision.de/wp-login.php ... show less	Brute-Force Web App Attack
🇺🇸 integrantservices.com	2026-06-14 14:10:51 (2 hours ago)	(PERMBLOCK) 213.128.70.19 (TR/Türkiye/server-213.128.70.19.radore.net.tr) has had more than 4 temp b ... show more (PERMBLOCK) 213.128.70.19 (TR/Türkiye/server-213.128.70.19.radore.net.tr) has had more than 4 temp blocks show less	Hacking
🇺🇸 xxkodedxx	2026-06-14 14:10:48 (2 hours ago)	[Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. ... show more [Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. Active: 14:10:03→14:10:09 UTC Volume: 2 honeypot probe(s) Bait taken: /wp-login.php UA: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 14:08:52 (2 hours ago)	(mod_security) mod_security (id:225170) triggered by 213.128.70.19 (server-213.128.70.19.radore.net. ... show more (mod_security) mod_security (id:225170) triggered by 213.128.70.19 (server-213.128.70.19.radore.net.tr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 10:08:46.400901 2026] [security2:error] [pid 13268:tid 13268] [client 213.128.70.19:56260] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|raintechgutters.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "raintechgutters.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ai617mEVS3rQ_buVKCsHZgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 63 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2604:a880:400:d1:0:4:9635:d001

🇭🇰 199.45.154.152

🇰🇷 183.103.217.221

🇩🇪 178.105.196.60

🇳🇱 176.65.148.30

🇩🇪 167.94.145.23

🇭🇰 118.26.36.248

🇨🇳 117.50.174.180

🇺🇸 98.82.214.73

🇷🇴 80.94.92.177

🇹🇷 78.180.35.26

🇧🇭 37.131.105.170

🇨🇦 20.151.5.99

🇬🇧 198.244.183.186

🇵🇹 193.236.64.120

🇺🇸 192.178.115.209

🇨🇴 190.60.242.28

🇻🇳 171.231.189.74

🇨🇳 120.46.184.6

🇺🇦 80.64.83.91