JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.21.238.170

65.21.238.170 was found in our database!

This IP was reported 114 times. Confidence of Abuse is 62%: ?

62%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.170.238.21.65.clients.your-server.de
Domain Name	hetzner.com
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.21.238.170

Whois 65.21.238.170

IP Abuse Reports for 65.21.238.170:

This IP address has been reported a total of 114 times from 53 distinct sources. 65.21.238.170 was first reported on June 26th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-17 08:15:17 (1 day ago)	Brute forcing Wordpress login	Hacking Web App Attack
🇫🇷 masterguru	2026-06-17 07:46:07 (1 day ago)	(modsec_5040) ModSec 5040: API Basic Auth blocked from 65.21.238.170 (FI/Finland/static.170.238.21.6 ... show more (modsec_5040) ModSec 5040: API Basic Auth blocked from 65.21.238.170 (FI/Finland/static.170.238.21.65.clients.your-server.de): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-17 03:48:25 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 23:48:20.468440 2026] [security2:error] [pid 29064:tid 29122] [client 65.21.238.170:47930] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rawhabitat.philacentric.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rawhabitat.philacentric.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajIZBGEymkStkETIRiu2NQAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 EGP Abuse Dept	2026-06-17 03:08:45 (1 day ago)	Scanning for port/service exploits on utopia.aipotu.nl	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-16 17:20:07 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 13:19:58.252447 2026] [security2:error] [pid 9978:tid 9978] [client 65.21.238.170:49364] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lukeschicago.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lukeschicago.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajGFvsp9G2Yq2yRQvnxbuQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 13:48:25 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 09:48:20.800980 2026] [security2:error] [pid 11787:tid 11787] [client 65.21.238.170:44402] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|test.high5-vr.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "test.high5-vr.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajFUJL2rYY-hdj1KtzZxbQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 etu brutus	2026-06-16 10:32:28 (1 day ago)	65.21.238.170 has been banned for [WebApp Attack] ...	Hacking Bad Web Bot Web App Attack
🇺🇸 dtorrer	2026-06-16 09:34:16 (2 days ago)	Forged login request.	Brute-Force
🇺🇸 TPI-Abuse	2026-06-16 08:02:00 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 04:01:53.847695 2026] [security2:error] [pid 21143:tid 21143] [client 65.21.238.170:43596] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|nextlevelcharge.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "nextlevelcharge.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajEC8Rme3jWI5iUc17gUcgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-16 06:14:36 (2 days ago)	(modsec_5040) ModSec 5040: API Basic Auth blocked from 65.21.238.170 (FI/Finland/static.170.238.21.6 ... show more (modsec_5040) ModSec 5040: API Basic Auth blocked from 65.21.238.170 (FI/Finland/static.170.238.21.65.clients.your-server.de): 1 in the last 3600 secs (0-196) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-15 22:45:22 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 18:45:15.013498 2026] [security2:error] [pid 27217:tid 27217] [client 65.21.238.170:60348] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|waterjetsolutions.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "waterjetsolutions.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajCAepqlTlriYZQWLJD2NgAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 lostswordfish.com	2026-06-15 17:32:03 (2 days ago)	Wordfence waf block on registrymatters	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 17:13:02 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 65.21.238.170 (static.170.238.21.65.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:12:58.225470 2026] [security2:error] [pid 18327:tid 18327] [client 65.21.238.170:53954] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|dynamic-therapy-mn.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dynamic-therapy-mn.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajAympat8gVo2DvrU17fVwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 dtorrer	2026-05-01 23:09:56 (1 month ago)	Brute-force general attack.	Brute-Force
🇺🇸 interbiznw.com	2026-05-01 03:53:20 (1 month ago)	wordpress-bruteforce	Hacking Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 114 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 213.33.204.130

🇫🇷 185.103.143.101

🇨🇳 120.48.7.234

🇺🇸 100.50.17.159

🇰🇿 92.47.46.174

🇳🇱 45.148.10.183

🇺🇸 198.44.166.11

🇺🇸 162.158.174.126

🇮🇳 103.127.30.137

🇷🇴 80.94.92.184

🇺🇸 66.132.195.22

🇳🇱 45.148.10.15

🇧🇪 34.14.122.221

🇹🇷 195.174.125.161

🇺🇸 138.59.4.228

🇭🇰 123.58.215.102

🇻🇳 103.189.208.13

🇫🇷 91.231.89.25

🇻🇳 45.117.177.47

🇺🇸 40.124.185.240