JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 81.161.236.111

81.161.236.111 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 80%: ?

80%

ISP	Serverbike LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS197715
Hostname(s)	81-161-236-111.serverbike.com
Domain Name	serverbike.com
Country	🇹🇷 Turkey
City	Istanbul, Istanbul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 81.161.236.111

Whois 81.161.236.111

IP Abuse Reports for 81.161.236.111:

This IP address has been reported a total of 28 times from 16 distinct sources. 81.161.236.111 was first reported on June 9th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 21:11:45 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): ... show more (mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 17:11:40.687344 2026] [security2:error] [pid 30610:tid 30610] [client 81.161.236.111:59971] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lemoulinavent.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lemoulinavent.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWwjH6UjZ4OFJy6Ff6AdQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-19 21:06:41 (4 days ago)	[FriJun1923:06:35.8989472026][security2:error][pid750498:tid751429][client81.161.236.111:0]ModSecuri ... show more [FriJun1923:06:35.8989472026][security2:error][pid750498:tid751429][client81.161.236.111:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"lemox.ch\"][uri\"/xmlrpc.php\"][unique_id\"ajWvW9GzHc1K9LpY1s0O6wAAAQs\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 18:35:15 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): ... show more (mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:35:10.361364 2026] [security2:error] [pid 9456:tid 9456] [client 81.161.236.111:55833] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|hawaiireservations.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hawaiireservations.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWL3hkdRqQafbDBORxnQAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-19 17:48:56 (4 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇳🇱 wlt-blocker	2026-06-19 06:40:41 (4 days ago)	Unauthorized access to webpage admin	Web App Attack
Anonymous	2026-06-19 03:40:10 (5 days ago)	Attac	Brute-Force
🇩🇪 findlab	2026-06-18 15:20:02 (5 days ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
Anonymous	2026-06-18 15:06:05 (5 days ago)	Trying to access config files	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 13:59:48 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): ... show more (mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 09:59:43.265417 2026] [security2:error] [pid 13189:tid 13189] [client 81.161.236.111:60759] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|riccardiagency.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riccardiagency.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajP5z85rc4IvjPOKZEiFzQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ✨	2026-06-18 02:29:16 (6 days ago)	Domain : associatedstonegroup.co.uk Rule : xmlrpc 2026-06-18 02:27:34 *hidden-privacy* GET /xmlr ... show more Domain : associatedstonegroup.co.uk Rule : xmlrpc 2026-06-18 02:27:34 *hidden-privacy* GET /xmlrpc.php - 443 - 81.161.236.111 HTTP/1.1 Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/10.0.0.0 Safari/537.36 - www.associatedstonegroup.co.uk 404 0 0 14497 243 133 - - show less	Web App Attack
🇮🇩 origrata	2026-06-17 16:04:22 (6 days ago)	[OGWAF] crs_932 attack blocked \| severity: high \| POST /xmlrpc.php \| UA: Mozilla/5.0 (Windows NT 6.2 ... show more [OGWAF] crs_932 attack blocked \| severity: high \| POST /xmlrpc.php \| UA: Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.0.0 Safari/537. \| payload: Remote code execution (shell metachar) show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 09:18:36 (6 days ago)	(mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): ... show more (mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 05:18:32.243143 2026] [security2:error] [pid 12681:tid 12681] [client 81.161.236.111:62467] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|camasmarket.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "camasmarket.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajJmaA3dpLhgKoEp3dxxHgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 01:11:10 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): ... show more (mod_security) mod_security (id:225170) triggered by 81.161.236.111 (81-161-236-111.serverbike.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 21:11:06.732034 2026] [security2:error] [pid 27685:tid 27685] [client 81.161.236.111:60754] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rambleandprose.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rambleandprose.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajH0KoPHQBb114X8epPxkgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-06-16 18:10:03 (1 week ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 Penny Packer	2026-06-16 14:14:41 (1 week ago)	Fail2Ban apache-tripwires	Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇱 190.102.240.48

🇺🇸 162.216.150.202

🇺🇸 162.216.149.28

🇮🇳 139.59.59.165

🇬🇧 92.27.101.99

🇮🇳 92.4.76.12

🇺🇸 71.6.134.231

🇬🇧 45.82.76.114

🇰🇷 39.115.195.164

🇺🇸 3.143.162.210

🇺🇸 3.143.111.48

🇧🇷 192.141.106.32

🇩🇪 167.94.146.71

🇺🇸 142.248.80.35

🇺🇸 65.49.20.101

🇮🇶 37.236.0.12

🇺🇸 216.25.89.79

🇩🇪 193.124.20.226

🇬🇧 188.122.39.33

🇨🇱 170.82.129.8