AbuseIPDB » 213.152.161.138

213.152.161.138 was found in our database!

This IP was reported 852 times. Confidence of Abuse is 84%: ?

84%

ISP	Global Layer B.V.
Usage Type	Data Center/Web Hosting/Transit
Hostname(s)	138.161.152.213.in-addr.arpa
Domain Name	global-layer.com
Country	Netherlands
City	Amsterdam, Noord-Holland

IP info including ISP, Usage Type, and Location provided by IP2Location. Updated monthly.

Report 213.152.161.138

Whois 213.152.161.138

IP Abuse Reports for 213.152.161.138:

This IP address has been reported a total of 852 times from 146 distinct sources. 213.152.161.138 was first reported on March 17th 2021, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp	Comment	Categories
Marc	2023-11-28 02:37:10 (1 week ago)		Brute-Force Web App Attack
Birdflew	2023-11-27 23:50:28 (1 week ago)	Wordpress attack	Web App Attack
Malta	2023-11-27 23:44:05 (1 week ago)	213.152.161.138 - - [28/Nov/2023:00:44:04 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more213.152.161.138 - - [28/Nov/2023:00:44:04 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack
Kenshin869	2023-11-27 11:02:29 (2 weeks ago)	Wordpress unauthorized access attempt	Brute-Force
corthorn	2023-11-27 10:57:37 (2 weeks ago)	213.152.161.138 - - [27/Nov/2023:11:57:36 +0100] "POST /xmlrpc.php HTTP/1.1" 200 5944 "-" "Mozilla/5 ... show more213.152.161.138 - - [27/Nov/2023:11:57:36 +0100] "POST /xmlrpc.php HTTP/1.1" 200 5944 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" ... show less	Brute-Force
Swiptly	2023-11-26 21:59:08 (2 weeks ago)	WordPress xmlrpc spam or enumeration ...	Web Spam Bad Web Bot Web App Attack
rh24	2023-11-26 21:58:11 (2 weeks ago)	(wordpress) Failed wordpress login from 213.152.161.138 (NL/The Netherlands/138.161.152.213.in-addr. ... show more(wordpress) Failed wordpress login from 213.152.161.138 (NL/The Netherlands/138.161.152.213.in-addr.arpa): (CF_ENABLE) show less	Brute-Force
Malta	2023-11-26 21:57:28 (2 weeks ago)	213.152.161.138 - - [26/Nov/2023:22:57:27 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more213.152.161.138 - - [26/Nov/2023:22:57:27 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" show less	Hacking Web App Attack
francoisunix	2023-11-26 18:31:05 (2 weeks ago)	213.152.161.138 - - [25/Nov/2023:21:35:16 +0000] "POST /xmlrpc.php HTTP/1.1" 401 422 "-" "Mozilla/5. ... show more213.152.161.138 - - [25/Nov/2023:21:35:16 +0000] "POST /xmlrpc.php HTTP/1.1" 401 422 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" 213.152.161.138 - - [26/Nov/2023:18:20:54 +0000] "POST /xmlrpc.php HTTP/1.1" 401 427 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" 213.152.161.138 - - [26/Nov/2023:18:31:03 +0000] "POST /xmlrpc.php HTTP/1.1" 401 422 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" show less	Web App Attack
Kenshin869	2023-11-25 21:46:54 (2 weeks ago)	Wordpress unauthorized access attempt	Brute-Force
rafled	2023-11-25 21:36:20 (2 weeks ago)	post to xmlrpc	Web App Attack
Malta	2023-11-25 21:34:27 (2 weeks ago)	213.152.161.138 - - [25/Nov/2023:22:34:26 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more213.152.161.138 - - [25/Nov/2023:22:34:26 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack
NxtGenIT	2023-11-23 17:41:24 (2 weeks ago)	213.152.161.138 has been observed attacking Port 123. Observed Threat: NTP Amplification REQ_MON_GET ... show more213.152.161.138 has been observed attacking Port 123. Observed Threat: NTP Amplification REQ_MON_GETLIST Request Found show less	DDoS Attack
Malta	2023-11-22 15:14:32 (2 weeks ago)	213.152.161.138 - - [22/Nov/2023:16:14:32 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more213.152.161.138 - - [22/Nov/2023:16:14:32 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" show less	Hacking Web App Attack
TPI-Abuse	2023-11-22 09:25:04 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 213.152.161.138 (138.161.152.213.in-addr.arpa): ... show more(mod_security) mod_security (id:240335) triggered by 213.152.161.138 (138.161.152.213.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 22 04:24:55.550774 2023] [security2:error] [pid 19523] [client 213.152.161.138:45310] [client 213.152.161.138] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 213.152.161.138 (+1 hits since last alert)|sorellegold.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sorellegold.com"] [uri "/xmlrpc.php"] [unique_id "ZV3I50-652MaTprVebYypAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩