JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 130.49.112.85

130.49.112.85 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 12%: ?

12%

ISP	Fine Group Servers Solutions LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS35830
Domain Name	finegroupservers.com
Country	🇹🇷 Turkey
City	Igdir, Igdir

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 130.49.112.85

Whois 130.49.112.85

IP Abuse Reports for 130.49.112.85:

This IP address has been reported a total of 6 times from 4 distinct sources. 130.49.112.85 was first reported on November 14th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-03 00:22:01 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 130.49.112.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 130.49.112.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 20:21:53.403191 2026] [security2:error] [pid 28181:tid 28181] [client 130.49.112.85:32889] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|srtmanagementservices.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "srtmanagementservices.com"] [uri "/wp-json/wp/v2/users"] [unique_id "afaVIZrZRcJzJ_8OtwH6UgAAAAg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-02 22:43:31 (1 month ago)	[redacted] 130.49.112.85 - - [03/May/2026:00:43:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "A ... show more [redacted] 130.49.112.85 - - [03/May/2026:00:43:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" [redacted] 130.49.112.85 - - [03/May/2026:00:43:28 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" [redacted] 130.49.112.85 - - [03/May/2026:00:43:28 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" [redacted] 130.49.112.85 - - [03/May/2026:00:43:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" [redacted] 130.49.112.85 - - [03/May/2026:00:43:30 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" ... show less	Hacking Web App Attack
🇺🇸 octageeks.com	2026-04-20 04:08:35 (1 month ago)	Wordpress malicious attack:[octaxmlrpc]	Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 23:51:00 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 130.49.112.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 130.49.112.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 19 19:50:54.191936 2026] [security2:error] [pid 593609:tid 593609] [client 130.49.112.85:64833] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|varalla.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "varalla.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aeVqXvJdz-skr3QSMtT8OAAAAAo"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-17 17:22:59 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 130.49.112.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 130.49.112.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 17 13:22:52.451714 2026] [security2:error] [pid 2298454:tid 2298454] [client 130.49.112.85:58501] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|eastbrooktech.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "eastbrooktech.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aeJsbCkz8DxN7dGd_leafgAAAAA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nationaleventpros.com	2025-11-14 00:15:31 (6 months ago)	WordPress login attempt	Brute-Force

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 116.255.197.111

🇫🇷 91.196.152.215

🇺🇸 208.84.100.28

🇭🇰 119.12.161.127

🇬🇧 77.68.112.87

🇧🇪 35.187.172.41

🇷🇸 178.221.128.189

🇳🇱 176.65.149.203

🇨🇳 119.249.100.241

🇺🇸 43.135.135.17

🇺🇸 20.168.12.53

🇮🇩 180.244.187.139

🇬🇧 152.32.198.215

🇺🇸 136.118.217.161

🇲🇾 124.82.172.78

🇻🇳 116.98.104.138

🇱🇹 81.30.98.142

🇺🇸 72.240.125.133

🇺🇸 68.169.41.107

🇳🇱 45.148.10.157