JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 130.49.78.140

130.49.78.140 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 22%: ?

22%

ISP	Fine Group Servers Solutions LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS35830
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 130.49.78.140

Whois 130.49.78.140

IP Abuse Reports for 130.49.78.140:

This IP address has been reported a total of 10 times from 7 distinct sources. 130.49.78.140 was first reported on November 15th 2025, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 big-cloud.nl	2026-06-17 21:26:23 (6 days ago)	Try to access /xmlrpc.php	Web App Attack
🇩🇪 stinpriza	2026-06-03 21:27:02 (2 weeks ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 17:24:43 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 130.49.78.140 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 130.49.78.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 13:24:35.994667 2026] [security2:error] [pid 766:tid 766] [client 130.49.78.140:28837] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gonzalez.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gonzalez.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agIQ0xcXypKy6OscW-uULwAAAAo"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 13:33:51 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 130.49.78.140 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 130.49.78.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 09:33:46.041937 2026] [security2:error] [pid 3069:tid 3069] [client 130.49.78.140:30981] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|geceindia.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "geceindia.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agHauvyDlNWlEhe3rNnxXwAAAAM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ambor	2026-05-11 05:04:18 (1 month ago)	Honeypot triggered on tcpdata.com - Attempted to access /wp-login.php (wordpress_login). User-Agent: ... show more Honeypot triggered on tcpdata.com - Attempted to access /wp-login.php (wordpress_login). User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 show less	Web App Attack
Anonymous	2026-05-08 13:11:06 (1 month ago)	[redacted] 130.49.78.140 - - [08/May/2026:15:10:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "A ... show more [redacted] 130.49.78.140 - - [08/May/2026:15:10:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" [redacted] 130.49.78.140 - - [08/May/2026:15:11:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" [redacted] 130.49.78.140 - - [08/May/2026:15:11:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" [redacted] 130.49.78.140 - - [08/May/2026:15:11:04 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" [redacted] 130.49.78.140 - - [08/May/2026:15:11:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-04-15 03:14:10 (2 months ago)	(mod_security) mod_security (id:210350) triggered by 130.49.78.140 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 130.49.78.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 14 23:14:06.969670 2026] [security2:error] [pid 1991609:tid 1991631] [client 130.49.78.140:50855] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|rockabyecotons.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "rockabyecotons.com"] [uri "/cheers/contact-us/"] [unique_id "ad8CfnOyZCG6ZcEU1J39ewAAAJU"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 SilverZippo	2026-04-11 11:55:43 (2 months ago)	Web App Attack	Web App Attack
🇨🇭 backslash	2026-04-09 00:06:00 (2 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-15 17:29:21 (7 months ago)	(mod_security) mod_security (id:210350) triggered by 130.49.78.140 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 130.49.78.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 15 12:29:13.886215 2025] [security2:error] [pid 9895:tid 9895] [client 130.49.78.140:33735] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|parkgrant.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "parkgrant.com"] [uri "/"] [unique_id "aRi4aQ99o6QpwRzfJ8l0rgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.203.149.63

🇧🇬 162.158.210.11

🇵🇰 160.187.180.175

🇲🇾 120.140.9.123

🇨🇳 106.37.72.234

🇨🇴 45.167.250.45

🇨🇳 221.131.2.6

🇧🇷 205.210.31.222

🇺🇸 205.210.31.60

🇫🇷 185.177.72.11

🇳🇱 160.119.69.16

🇸🇬 103.7.11.134

🇺🇸 100.29.192.58

🇸🇪 83.254.146.150

🇺🇸 65.49.1.176

🇮🇪 54.73.64.155

🇳🇱 45.198.224.148

🇺🇸 44.112.194.43

🇸🇬 43.102.198.101

🇺🇸 40.80.203.87