JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 130.195.240.18

130.195.240.18 was found in our database!

This IP was reported 98 times. Confidence of Abuse is 94%: ?

94%

ISP	M247 Europe Chisinau Infrastructure
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	m247global.com
Country	🇷🇴 Romania
City	Bucharest, Bucharest

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 130.195.240.18

Whois 130.195.240.18

IP Abuse Reports for 130.195.240.18:

This IP address has been reported a total of 98 times from 40 distinct sources. 130.195.240.18 was first reported on March 8th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 taivas.nl	2026-06-16 04:32:50 (4 days ago)	Many_bad_calls	Web App Attack
🇺🇸 mnsf	2026-06-16 00:05:26 (4 days ago)	Too many Status 40X (55)	Brute-Force Web App Attack
🇨🇦 Dolphi	2026-06-15 21:10:03 (4 days ago)	POST //xmlrpc.php	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-15 21:00:05 (4 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-15 20:56:43 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 16:56:38.093546 2026] [security2:error] [pid 30524:tid 30524] [client 130.195.240.18:18138] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.lockdownclaim.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.lockdownclaim.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajBnBjLEczD87XtCTRV16AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 20:20:15 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 16:20:09.829793 2026] [security2:error] [pid 25469:tid 25469] [client 130.195.240.18:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|local639.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "local639.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajBeeWmXut-jLI9jratjjwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:25:42 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:25:35.219678 2026] [security2:error] [pid 24624:tid 24624] [client 130.195.240.18:45883] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|llew.life\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "llew.life"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajBRr6hAtvs0tSfzCWUriQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 18:27:11 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:27:07.319044 2026] [security2:error] [pid 14575:tid 14575] [client 130.195.240.18:33683] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.livingminimal.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.livingminimal.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajBD-4PGwBIiGjzyCaGNHQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Victor López	2026-06-15 18:19:02 (4 days ago)	livingbalance.earth 130.195.240.18 - - [15/Jun/2026:13:18:57 -0500] "GET //xmlrpc.php?rsd HTTP/1.1" ... show more livingbalance.earth 130.195.240.18 - - [15/Jun/2026:13:18:57 -0500] "GET //xmlrpc.php?rsd HTTP/1.1" 200 3246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" livingbalance.earth 130.195.240.18 - - [15/Jun/2026:13:19:01 -0500] "POST //xmlrpc.php HTTP/1.1" 405 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" livingbalance.earth 130.195.240.18 - - [15/Jun/2026:13:19:01 -0500] "POST //xmlrpc.php HTTP/1.1" 405 552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ... show less	Hacking Web App Attack
🇧🇪 taivas.nl	2026-06-15 17:02:11 (4 days ago)	Bad_requests	Bad Web Bot
🇺🇸 TAY	2026-06-15 16:57:47 (4 days ago)	130.195.240.18 - - [16/Jun/2026:00:57:45 +0800] "POST //xmlrpc.php HTTP/1.1" 200 623 "-" "Mozilla/5. ... show more 130.195.240.18 - - [16/Jun/2026:00:57:45 +0800] "POST //xmlrpc.php HTTP/1.1" 200 623 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 130.195.240.18 - - [16/Jun/2026:00:57:46 +0800] "POST //xmlrpc.php HTTP/1.1" 200 4502 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 130.195.240.18 - - [16/Jun/2026:00:57:47 +0800] "POST //xmlrpc.php HTTP/1.1" 200 4502 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-15 16:40:08 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 130.195.240.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:39:59.073411 2026] [security2:error] [pid 29492:tid 29492] [client 130.195.240.18:9785] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.littlecreekrvranch.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.littlecreekrvranch.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajAq3wRMPqcjZ0wQH4qvyAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TAY	2026-06-15 15:32:14 (4 days ago)	130.195.240.18 - - [15/Jun/2026:23:32:12 +0800] "POST //xmlrpc.php HTTP/1.1" 200 623 "-" "Mozilla/5. ... show more 130.195.240.18 - - [15/Jun/2026:23:32:12 +0800] "POST //xmlrpc.php HTTP/1.1" 200 623 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 130.195.240.18 - - [15/Jun/2026:23:32:13 +0800] "POST //xmlrpc.php HTTP/1.1" 200 4485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 130.195.240.18 - - [15/Jun/2026:23:32:14 +0800] "POST //xmlrpc.php HTTP/1.1" 200 4485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ... show less	Brute-Force
🇳🇱 Site.eu	2026-06-15 14:06:48 (5 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 WeekendWeb	2026-06-15 13:44:21 (5 days ago)	Wordpress Vunerability attack	Web App Attack

Showing 1 to 15 of 98 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇬 162.158.210.206

🇨🇳 150.255.181.240

🇸🇬 103.253.27.133

🇳🇱 45.148.10.141

🇧🇴 190.181.27.27

🇳🇱 185.93.89.167

🇮🇷 176.65.240.242

🇺🇸 104.236.83.40

🇺🇸 92.204.128.6

🇳🇱 91.92.40.233

🇳🇱 91.92.40.27

🇩🇪 69.5.169.35

🇺🇸 172.185.162.185

🇺🇸 162.216.150.89

🇫🇮 147.185.133.8

🇨🇳 124.117.194.238

🇰🇷 118.33.246.155

🇬🇧 81.19.219.233

🇺🇸 65.55.210.92

🇺🇸 40.77.179.187