JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 213.202.222.81

213.202.222.81 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 0%: ?

ISP	WIIT AG
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24961
Hostname(s)	srv30403.dus7.dedi.server-hosting.expert
Domain Name	wiit.cloud
Country	🇩🇪 Germany
City	Dusseldorf, North Rhine-Westphalia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 213.202.222.81

Whois 213.202.222.81

IP Abuse Reports for 213.202.222.81:

This IP address has been reported a total of 36 times from 12 distinct sources. 213.202.222.81 was first reported on January 30th 2025, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-15 17:26:53 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosti ... show more (mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosting.expert): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 15 12:26:49.699985 2026] [security2:error] [pid 30869:tid 30869] [client 213.202.222.81:38371] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gonzalez.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gonzalez.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aWkjWc1gmt0c2MVvH8kPAgAAAAk"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-15 07:33:23 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosti ... show more (mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosting.expert): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 15 02:33:16.664437 2026] [security2:error] [pid 28510:tid 28510] [client 213.202.222.81:38701] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|maffiniandbearce.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "maffiniandbearce.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aWiYPKuIwPnsy-1hPCiTdAAAACQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 waltn3mtj	2026-01-14 13:33:00 (5 months ago)	Multiple WP XMLRPC login attempts.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-11-09 06:30:41 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosti ... show more (mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosting.expert): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 09 01:30:33.693928 2025] [security2:error] [pid 21000:tid 21000] [client 213.202.222.81:48111] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|dalebeyer.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dalebeyer.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aRA1Cf95cP08_YmRxHILygAAAAs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-09 04:50:22 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosti ... show more (mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosting.expert): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 23:50:19.453690 2025] [security2:error] [pid 17730:tid 17730] [client 213.202.222.81:36141] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|macryder.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "macryder.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aRAdi0exj0TP-uKXF0kBcQAAABg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 kjaerulff	2025-11-05 17:12:25 (7 months ago)	Failed Wordpress login using wp-login.php (srv30403.dus7.dedi.server-hosting.expert)	Web App Attack
🇩🇪 kjaerulff	2025-11-02 13:07:55 (7 months ago)	Failed Wordpress login using wp-login.php (srv30403.dus7.dedi.server-hosting.expert)	Web App Attack
🇬🇧 SilverZippo	2025-11-02 07:06:45 (7 months ago)	Web App Attack	Web App Attack
🇧🇪 voormedia	2025-11-02 06:22:54 (7 months ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇩🇪 kjaerulff	2025-10-30 19:45:51 (7 months ago)	Failed Wordpress login using xmlrpc.php (srv30403.dus7.dedi.server-hosting.expert)	Web App Attack
🇺🇸 TPI-Abuse	2025-10-27 03:50:02 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosti ... show more (mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosting.expert): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 26 23:49:57.482993 2025] [security2:error] [pid 27231:tid 27231] [client 213.202.222.81:60107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|cw-enterprises.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cw-enterprises.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aP7r5TP_J6_yh6m_vc3xbwAAAAc"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Jason Howell	2025-10-27 02:26:34 (7 months ago)	213.202.222.81 - - [26/Oct/2025:21:26:25 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2718 "-" "Apache-Htt ... show more 213.202.222.81 - - [26/Oct/2025:21:26:25 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2718 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)" 213.202.222.81 - - [26/Oct/2025:21:26:27 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2791 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)" 213.202.222.81 - - [26/Oct/2025:21:26:29 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2792 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)" 213.202.222.81 - - [26/Oct/2025:21:26:30 -0500] "POST /xmlrpc.php HTTP/1.1" 200 2793 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)" 213.202.222.81 - - [26/Oct/2025:21:26:33 -0500] "GET /wp-login.php HTTP/1.1" 200 4492 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2025-10-27 01:06:46 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosti ... show more (mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosting.expert): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 26 21:06:39.573225 2025] [security2:error] [pid 19663:tid 19663] [client 213.202.222.81:47737] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|teenybikini.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "teenybikini.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aP7Fnxelb6dz2uWiBQBx2QAAAAE"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-26 22:59:45 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosti ... show more (mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosting.expert): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 26 18:59:40.658489 2025] [security2:error] [pid 28820:tid 28820] [client 213.202.222.81:49323] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|al-bukhari.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "al-bukhari.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aP6n3FFevGPxf2V3jSrJBwAAABA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-26 20:23:36 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosti ... show more (mod_security) mod_security (id:225170) triggered by 213.202.222.81 (srv30403.dus7.dedi.server-hosting.expert): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 26 16:23:30.726348 2025] [security2:error] [pid 15195:tid 15195] [client 213.202.222.81:42641] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|wplusw.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "wplusw.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aP6DQkQh-Mu2znCSJ7xvhgAAAAw"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 91.196.152.109

🇨🇦 85.217.149.71

🇺🇸 40.76.250.51

🇺🇸 194.187.179.183

🇳🇱 192.42.116.13

🇮🇩 182.253.131.35

🇨🇳 101.126.130.208

🇨🇳 101.126.89.144

🇫🇷 91.231.89.202

🇳🇱 77.83.39.241

🇫🇷 62.210.90.215

🇺🇸 43.153.13.30

🇭🇰 42.98.204.161

🇩🇿 41.102.182.208

🇳🇱 176.65.139.56

🇨🇳 112.66.13.225

🇺🇸 17.241.75.159

🇨🇳 223.109.252.253

🇩🇪 194.88.98.122

🇲🇽 187.211.120.115