JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 213.196.109.81

213.196.109.81 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 81%: ?

81%

ISP	TELEKOM SRBIJA a.d.
Usage Type	Fixed Line ISP
ASN	AS8400
Domain Name	mts.rs
Country	🇷🇸 Serbia
City	Nis, Central Serbia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 213.196.109.81

Whois 213.196.109.81

IP Abuse Reports for 213.196.109.81:

This IP address has been reported a total of 39 times from 24 distinct sources. 213.196.109.81 was first reported on May 7th 2026, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 alferez	2026-06-25 23:46:18 (15 hours ago)	xmlrpc.php attack DOS	Hacking Exploited Host Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-25 19:26:47 (19 hours ago)	Blocked by CSF 13 firewall - Rule: XMLRPC BA/Bosnia and Herzegovina/-	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 14:51:42 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 10:51:35.759348 2026] [security2:error] [pid 23725:tid 23725] [client 213.196.109.81:60802] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.196.109.81 (+1 hits since last alert)\|schlegelcreative.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "schlegelcreative.com"] [uri "/xmlrpc.php"] [unique_id "aj1Adxg0i9f2HllDnFmYhwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-21 19:58:19 (4 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-20 14:21:00 (6 days ago)	(wordpress) Failed wordpress login from 213.196.109.81 (RS/Serbia/-)	Brute-Force
🇫🇮 YF	2026-06-16 20:00:47 (1 week ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
Anonymous	2026-06-16 19:54:50 (1 week ago)	[redacted] 213.196.109.81 - - [16/Jun/2026:21:54:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 213.196.109.81 - - [16/Jun/2026:21:54:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)" [redacted] 213.196.109.81 - - [16/Jun/2026:21:54:17 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 213.196.109.81 - - [16/Jun/2026:21:54:27 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 213.196.109.81 - - [16/Jun/2026:21:54:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 213.196.109.81 - - [16/Jun/2026:21:54:49 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇩🇪 grassau.com	2026-06-14 18:59:14 (1 week ago)	(wordpress) Failed wordpress login from 213.196.109.81 (RS/Serbia/Belgrade/Belgrade/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-14 18:30:19 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 14:30:16.087008 2026] [security2:error] [pid 25918:tid 25918] [client 213.196.109.81:29015] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.196.109.81 (+1 hits since last alert)\|medusakenya.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "medusakenya.com"] [uri "/xmlrpc.php"] [unique_id "ai7zOExgx4fsCcdP139cCwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 17:28:05 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 13:28:01.091224 2026] [security2:error] [pid 24407:tid 24414] [client 213.196.109.81:65102] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.196.109.81 (+1 hits since last alert)\|darrylrichards.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "darrylrichards.com"] [uri "/xmlrpc.php"] [unique_id "ai7koaI71X_ztpsSXdr74gAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-06-14 15:12:19 (1 week ago)	(wordpress) Failed wordpress login from 213.196.109.81 (RS/Serbia/-)	Brute-Force
🇫🇷 dynamix	2026-06-14 11:15:33 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-13 18:00:10 (1 week ago)	(wordpress) Failed wordpress login from 213.196.109.81 (RS/Serbia/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-07 19:51:41 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 15:51:37.890580 2026] [security2:error] [pid 8884:tid 8884] [client 213.196.109.81:35343] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.196.109.81 (+1 hits since last alert)\|creationorevolution.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "creationorevolution.net"] [uri "/xmlrpc.php"] [unique_id "aiXLyXFE_b5688wXVnOfXwAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 17:37:23 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 213.196.109.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:37:16.089513 2026] [security2:error] [pid 32279:tid 32311] [client 213.196.109.81:52235] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.196.109.81 (+1 hits since last alert)\|willmanlawfirm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "willmanlawfirm.com"] [uri "/xmlrpc.php"] [unique_id "aiWsTCX9fTrTZTRxcmURSgAAANE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.228

🇧🇷 2001:1284:f502:3899:2577:68bf:1274:5526

🇮🇳 182.95.182.166

🇨🇳 180.166.233.66

🇺🇸 172.174.72.225

🇩🇪 85.28.47.237

🇺🇸 64.62.156.224

🇰🇷 59.15.58.148

🇨🇳 58.242.190.39

🇳🇱 45.156.128.164

🇻🇳 42.117.181.210

🇨🇳 221.0.10.153

🇺🇸 216.172.179.93

🇨🇦 206.75.44.8

🇮🇩 180.241.29.190

🇫🇮 147.185.133.175

🇺🇸 108.179.150.142

🇬🇧 90.240.181.218

🇫🇮 80.223.192.112

🇺🇸 73.207.76.128