JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 81.16.33.42

81.16.33.42 was found in our database!

This IP was reported 717 times. Confidence of Abuse is 60%: ?

60%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Streams Telecommunicationsservices GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13022
Hostname(s)	www.tor-exitnode-read-this-html.epizy.com
Domain Name	streams.at
Country	🇦🇹 Austria
City	Vienna, State of Vienna

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 81.16.33.42

Whois 81.16.33.42

IP Abuse Reports for 81.16.33.42:

This IP address has been reported a total of 717 times from 181 distinct sources. 81.16.33.42 was first reported on January 30th 2022, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-05 11:54:45 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 81.16.33.42 (www.tor-exitnode-read-this-html.ep ... show more (mod_security) mod_security (id:210492) triggered by 81.16.33.42 (www.tor-exitnode-read-this-html.epizy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 07:54:37.146161 2026] [security2:error] [pid 30145:tid 30145] [client 81.16.33.42:42357] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "markrikey.com"] [uri "/.git/config/"] [unique_id "aiK4_QdZbF7UYQ0ESSdvnAAAABE"], referer: https://ipv6.markrikey.com/.git/config show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Ba-Yu	2026-06-01 22:32:16 (5 days ago)	WordPress bruteforce	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 mnsf	2026-05-31 22:05:26 (6 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 15:22:30 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 81.16.33.42 (www.tor-exitnode-read-this-html.ep ... show more (mod_security) mod_security (id:210730) triggered by 81.16.33.42 (www.tor-exitnode-read-this-html.epizy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 11:22:25.285601 2026] [security2:error] [pid 22111:tid 22111] [client 81.16.33.42:56355] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|hawarcenter.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hawarcenter.com"] [uri "/dump.sql"] [unique_id "ahxSMdCdBkQwMYRd6Pd6ggAAABY"], referer: hawarcenter.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 06:05:31 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 81.16.33.42 (www.tor-exitnode-read-this-html.ep ... show more (mod_security) mod_security (id:210730) triggered by 81.16.33.42 (www.tor-exitnode-read-this-html.epizy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 02:05:25.274583 2026] [security2:error] [pid 23295:tid 23295] [client 81.16.33.42:64291] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|natashahenry.co.uk\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "natashahenry.co.uk"] [uri "/dump.sql"] [unique_id "ahfbJZswSZ84dC0qqRtpdAAAAAA"], referer: natashahenry.co.uk/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-05-27 13:00:04 (1 week ago)	Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk- ... show more Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk-login jail show less	Brute-Force Web App Attack
🇩🇪 FeG Deutschland	2026-05-27 07:05:24 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack
🇩🇪 big-cloud.nl	2026-05-27 03:35:05 (1 week ago)	Try to access /xmlrpc.php	Web App Attack
Anonymous	2026-05-26 01:50:03 (1 week ago)	Web App Attack, Hacking	Hacking Web App Attack
🇨🇦 leithzz	2026-05-23 04:43:55 (2 weeks ago)	Report by Cloudflare.Time: 2026-05-23T04:42:18Z	DDoS Attack
🇧🇪 cmbplf	2026-05-16 00:31:41 (3 weeks ago)	868 limiting connections by zone (3h15m59s)	DDoS Attack
🇧🇷 ICS Labs	2026-05-15 15:04:28 (3 weeks ago)	ICS Labs identified 81.16.33.42 as a malicious indicator from threat intelligence.	Hacking
🇺🇸 TPI-Abuse	2026-05-09 05:19:57 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 81.16.33.42 (www.tor-exitnode-read-this-html.ep ... show more (mod_security) mod_security (id:210492) triggered by 81.16.33.42 (www.tor-exitnode-read-this-html.epizy.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 01:19:49.871637 2026] [security2:error] [pid 30061:tid 30061] [client 81.16.33.42:34433] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mrepoch.art"] [uri "/.env"] [unique_id "af7D9fQnxyG_uiEoJWgZRQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Smel	2026-05-07 06:04:30 (1 month ago)	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	Email Spam Hacking Brute-Force
🇦🇺 oncord	2026-05-05 03:25:21 (1 month ago)	Form spam	Web Spam

Showing 1 to 15 of 717 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 189.50.142.78

🇨🇳 171.120.31.185

🇨🇳 114.106.136.189

🇺🇸 184.83.177.177

🇨🇴 181.234.29.66

🇰🇷 115.178.75.242

🇳🇱 45.142.164.7

🇬🇧 213.166.84.36

🇧🇷 200.216.154.254

🇳🇱 176.65.148.132

🇵🇭 120.28.144.161

🇨🇳 82.157.205.185

🇺🇸 66.132.172.244

🇺🇸 64.225.11.235

🇺🇸 64.23.224.198

🇮🇳 31.97.205.119

🇺🇸 2607:f8b0:4001:c1c::126

🇩🇪 209.38.237.48

🇺🇸 206.221.176.152

🇩🇪 139.59.208.49