JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.146.80.241

159.146.80.241 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 52%: ?

52%

ISP	Turknet-Broadband
Usage Type	Fixed Line ISP
ASN	AS12735
Hostname(s)	241.80.146.159.srv.turk.net
Domain Name	turknet.net.tr
Country	🇹🇷 Turkey
City	Kayseri, Kayseri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.146.80.241

Whois 159.146.80.241

IP Abuse Reports for 159.146.80.241:

This IP address has been reported a total of 18 times from 11 distinct sources. 159.146.80.241 was first reported on January 31st 2023, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Baking333	2026-06-15 06:18:20 (11 hours ago)	[redacted] 159.146.80.241 - - [15/Jun/2026:07:18:17 +0100] "POST /[redacted] HTTP/1.1" 405 4877 0/17 ... show more [redacted] 159.146.80.241 - - [15/Jun/2026:07:18:17 +0100] "POST /[redacted] HTTP/1.1" 405 4877 0/174229 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/90.0.0.0 Safari/537.36" [redacted] 159.146.80.241 - - [15/Jun/2026:07:18:19 +0100] "POST /[redacted] HTTP/1.1" 405 4877 0/75121 "-" "Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/78.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 03:50:19 (13 hours ago)	(mod_security) mod_security (id:225170) triggered by 159.146.80.241 (241.80.146.159.srv.turk.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 159.146.80.241 (241.80.146.159.srv.turk.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 23:50:14.293669 2026] [security2:error] [pid 18020:tid 18020] [client 159.146.80.241:12392] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|guldunyayayinlari.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "guldunyayayinlari.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai92dke2UFDbIaPu-wFcawAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 stinpriza	2026-06-15 00:43:21 (16 hours ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 16:25:16 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 159.146.80.241 (241.80.146.159.srv.turk.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 159.146.80.241 (241.80.146.159.srv.turk.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 12:25:13.124164 2026] [security2:error] [pid 18223:tid 18223] [client 159.146.80.241:12108] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|visionremota.info\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "visionremota.info"] [uri "/wp-json/wp/v2/users"] [unique_id "ai7V6csxAJL4Z6Rp58JI5AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 15:24:16 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 159.146.80.241 (241.80.146.159.srv.turk.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 159.146.80.241 (241.80.146.159.srv.turk.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 11:24:10.911331 2026] [security2:error] [pid 1358:tid 1358] [client 159.146.80.241:11568] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|tgaguide.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tgaguide.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai7Hmref0Wai_I2xna-IeAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 findlab	2026-06-14 14:00:02 (1 day ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇳🇿 Tripwire	2026-06-14 08:29:16 (1 day ago)	Probing for Wordpress - /xmlrpc.php	Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-14 05:20:21 (1 day ago)	(xmlrpc) Apache: Failed xmlrpc access from 159.146.80.241 (TR/Turkey/241.80.146.159.srv.turk.net): 1 ... show more (xmlrpc) Apache: Failed xmlrpc access from 159.146.80.241 (TR/Turkey/241.80.146.159.srv.turk.net): 10 in the last 3600 secs (0-201) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-13 22:10:48 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 159.146.80.241 (241.80.146.159.srv.turk.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 159.146.80.241 (241.80.146.159.srv.turk.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 18:10:44.010305 2026] [security2:error] [pid 8379:tid 8391] [client 159.146.80.241:12278] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|dbestcarting.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dbestcarting.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai3VZHd9jeNXhQzxyjfULwAAAUg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-13 18:30:04 (1 day ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇬🇷 setupgr	2026-06-13 12:35:45 (2 days ago)	(XMLRPC) WP XMLPRC Attack 159.146.80.241: 1 in the last 86400 secs; Ports: ; Direction: inout; Trig ... show more (XMLRPC) WP XMLPRC Attack 159.146.80.241: 1 in the last 86400 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 159.146.80.241 - - [13/Jun/2026:15:34:09 +0300] "POST /xmlrpc.php HTTP/1.1" 404 160175 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/80.0.0.0 Safari/537.36" show less	Port Scan
🇩🇪 filstal.org	2026-04-30 17:16:05 (1 month ago)	Bad web bot: Spoofed/obsolete UA (Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 4.0; Trident/3.0)). ... show more Bad web bot: Spoofed/obsolete UA (Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 4.0; Trident/3.0)). Mass-scanning WordPress plugin. Coordinated large-scale bot attack. show less	Bad Web Bot Web App Attack
Anonymous	2024-08-02 08:42:53 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-07-30 08:28:41 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 sebaro11	2023-01-31 12:47:18 (3 years ago)	Portscan on 20043/TCP blocked by UFW	Port Scan

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇬 217.52.167.131

🇺🇸 195.184.76.177

🇧🇷 187.109.174.221

🇧🇷 177.196.87.226

🇨🇳 115.231.78.11

🇩🇪 87.156.176.191

🇧🇷 45.231.116.119

🇮🇹 217.26.178.147

🇺🇸 209.38.70.156

🇰🇷 175.200.217.128

🇵🇱 143.20.97.243

🇧🇷 138.255.157.62

🇵🇰 119.30.118.27

🇹🇷 95.130.170.146

🇰🇷 49.254.0.82

🇺🇸 23.95.137.106

🇺🇸 20.168.122.39

🇮🇩 202.73.25.202

🇳🇱 195.178.110.30

🇦🇷 190.97.28.137