JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 130.49.79.174

130.49.79.174 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 12%: ?

12%

ISP	Fine Group Servers Solutions LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS35830
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 130.49.79.174

Whois 130.49.79.174

IP Abuse Reports for 130.49.79.174:

This IP address has been reported a total of 10 times from 6 distinct sources. 130.49.79.174 was first reported on December 28th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 17:22:22 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 130.49.79.174 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 130.49.79.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 13:22:18.860150 2026] [security2:error] [pid 9815:tid 9815] [client 130.49.79.174:23583] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|tduniverse.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tduniverse.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajV6yhGLAtSBFXmYKxnfoQAAAAc"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 tilellit.pro	2026-05-21 15:27:43 (1 month ago)	Fail2Ban banned 130.49.79.174 for security violations in jail wp-armour. Log: 2026/05/21 15:27:42 [e ... show more Fail2Ban banned 130.49.79.174 for security violations in jail wp-armour. Log: 2026/05/21 15:27:42 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 130.49.79.174 \| Target: wplogin" , client: 130.49.79.174, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇫🇷 tilellit.pro	2026-05-06 18:25:49 (1 month ago)	Fail2Ban banned 130.49.79.174 for security violations in jail wp-armour. Log: 2026/05/06 18:25:49 [e ... show more Fail2Ban banned 130.49.79.174 for security violations in jail wp-armour. Log: 2026/05/06 18:25:49 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 130.49.79.174 \| Target: wplogin" , client: 130.49.79.174, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 TPI-Abuse	2026-04-30 23:14:45 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 130.49.79.174 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 130.49.79.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 19:14:40.934474 2026] [security2:error] [pid 8680:tid 8680] [client 130.49.79.174:35565] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|amoriotech.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "amoriotech.com"] [uri "/wp-json/wp/v2/users"] [unique_id "afPiYK3yrPhwmmnxzicrmAAAAAs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 17:00:12 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 130.49.79.174 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 130.49.79.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 13:00:04.733216 2026] [security2:error] [pid 22396:tid 22396] [client 130.49.79.174:62563] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|cgautomatizacion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cgautomatizacion.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ae-WFJonaZ680HSABhKMlAAAABQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mind5t0rm	2026-03-27 12:48:01 (2 months ago)	(XMLRPC,WPLOGIN) Login failure/trigger from 130.49.79.174 (-): 3 in the last 3600 secs; Ports: ; Di ... show more (XMLRPC,WPLOGIN) Login failure/trigger from 130.49.79.174 (-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 130.49.79.174 - - [27/Mar/2026:19:47:59 +0700] "POST /xmlrpc.php HTTP/1.1" 500 574 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" 130.49.79.174 - - [27/Mar/2026:19:47:59 +0700] "GET /wp-login.php HTTP/1.1" 500 574 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 130.49.79.174 - - [27/Mar/2026:19:48:00 +0700] "GET /wp-login.php HTTP/1.1" 500 574 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" show less	Port Scan
🇧🇪 voormedia	2026-03-17 08:06:39 (3 months ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇪🇸 10dencehispahard SL	2026-01-26 08:12:34 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-01-01 13:49:16 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 130.49.79.174 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 130.49.79.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 01 08:49:08.465442 2026] [security2:error] [pid 24073:tid 24073] [client 130.49.79.174:52771] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|bernsteinip.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bernsteinip.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aVZ7VIJkYnnGofBuzl8YBQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 smithclass.net	2025-12-28 02:53:25 (5 months ago)	Dec 28 02:53:25 gravy wordpress(smithclass.net)[623900]: Authentication attempt for unknown user msm ... show more Dec 28 02:53:25 gravy wordpress(smithclass.net)[623900]: Authentication attempt for unknown user msmith from 130.49.79.174 ... show less	Hacking Brute-Force

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 101.206.107.245

🇭🇰 193.176.211.154

🇺🇸 172.56.84.242

🇭🇰 152.32.213.86

🇮🇩 110.239.95.16

🇷🇺 85.93.49.140

🇱🇹 81.30.98.62

🇬🇧 62.60.130.234

🇧🇷 45.5.222.112

🇧🇷 20.226.45.125

🇧🇬 185.253.160.7

🇳🇱 176.65.139.181

🇺🇸 172.215.144.32

🇮🇳 124.123.78.185

🇺🇸 35.168.20.210

🇵🇱 20.215.211.246

🇭🇰 199.45.155.74

🇧🇷 177.174.0.3

🇺🇸 141.11.88.18

🇰🇷 119.203.251.187