JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 130.49.8.94

130.49.8.94 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 26%: ?

26%

ISP	Fine Group Servers Solutions LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 130.49.8.94

Whois 130.49.8.94

IP Abuse Reports for 130.49.8.94:

This IP address has been reported a total of 18 times from 12 distinct sources. 130.49.8.94 was first reported on October 28th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-15 12:10:32 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 08:10:24.128640 2026] [security2:error] [pid 488:tid 488] [client 130.49.8.94:46365] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|paintriver.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "paintriver.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai_rsHgWtSNOAJTFDryHHQAAADA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nationaleventpros.com	2026-06-14 20:29:56 (2 days ago)	WordPress login attempt	Brute-Force
🇺🇸 TPI-Abuse	2026-06-14 08:21:34 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 04:21:28.108318 2026] [security2:error] [pid 31112:tid 31213] [client 130.49.8.94:42201] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rosendalsateri.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rosendalsateri.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai5kiIWJIASSC6w0RvYmBwAAAMg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 09:45:41 (3 days ago)	(mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 05:45:34.160819 2026] [security2:error] [pid 1313:tid 1313] [client 130.49.8.94:57997] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|stormwlf.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stormwlf.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai0mvleO-5QlgrnBbNLW5gAAAAA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Major Hostility	2026-06-07 22:12:50 (1 week ago)	"POST /xmlrpc.php HTTP/1.1" 403 "GET /wp-login.php HTTP/1.1" 404 "GET /wp-login.php HTTP/1.1" 404 "G ... show more "POST /xmlrpc.php HTTP/1.1" 403 "GET /wp-login.php HTTP/1.1" 404 "GET /wp-login.php HTTP/1.1" 404 "GET /wp-admin.php HTTP/1.1" 404 "GET /wp-json/wp/v2/users HTTP/1.1" 404 "POST /xmlrpc.php HTTP/1.1" 403 "GET /wp-login.php HTTP/1.1" 404 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 00:12:34 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 20:12:26.805533 2026] [security2:error] [pid 25862:tid 25862] [client 130.49.8.94:34429] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|wizind.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "wizind.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahOT6s-KbSYrCdOeBYqZVgAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 17:36:45 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 130.49.8.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 13:36:39.994411 2026] [security2:error] [pid 31234:tid 31234] [client 130.49.8.94:60695] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|idodat.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "idodat.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ag9Cpw78zqEG_EYdAf1ikQAAAAM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-21 01:03:22 (3 weeks ago)	PARMACOM WEBEXPLOIT 130.49.8.94 (130.49.8.94)	Web App Attack
🇮🇩 Burayot	2026-02-13 11:01:53 (4 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 130.49.8.94 (-): 1 in the last 3600 ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 130.49.8.94 (-): 1 in the last 3600 secs show less	Web App Attack
🇨🇦 SSH-Admin	2026-02-07 17:12:28 (4 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇫🇷 masterguru	2026-01-19 14:58:58 (4 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 130.49.8.94 (ES/Spain/-): 1 in the last 3600 s ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 130.49.8.94 (ES/Spain/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇫🇷 masterguru	2026-01-07 18:49:31 (5 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 130.49.8.94 (ES/Spain/-): 1 in the last 3600 s ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 130.49.8.94 (ES/Spain/-): 1 in the last 3600 secs (0-195) show less	Hacking
Anonymous	2025-12-16 02:34:58 (6 months ago)	2025-12-16T04:34:58.765063+02:00 zanati wp(www.sahpa.co.za)[978041]: Blocked authentication attempt ... show more 2025-12-16T04:34:58.765063+02:00 zanati wp(www.sahpa.co.za)[978041]: Blocked authentication attempt for admin from 130.49.8.94 ... show less	Web App Attack
🇨🇦 SSH-Admin	2025-12-01 02:33:03 (6 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇪🇸 10dencehispahard SL	2025-11-21 07:18:24 (6 months ago)	WP probing for vulnerabilities	Hacking Exploited Host

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 142.171.57.153

🇦🇺 123.209.75.112

🇺🇸 73.213.236.66

🇸🇬 47.79.10.8

🇨🇳 218.64.60.100

🇺🇬 196.0.117.2

🇺🇸 147.185.132.52

🇮🇪 108.129.89.242

🇺🇸 107.170.247.81

🇨🇳 106.117.188.237

🇮🇳 103.248.94.44

🇫🇷 85.217.140.35

🇺🇸 70.88.108.12

🇺🇸 66.132.186.137

🇸🇬 45.43.63.68

🇩🇿 41.108.175.238

🇹🇼 36.231.175.68

🇬🇧 31.48.23.93

🇳🇱 193.39.208.26

🇮🇶 169.224.62.209