JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 170.168.242.39

170.168.242.39 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 27%: ?

27%

ISP	Fine Group Servers Solutions LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 170.168.242.39

Whois 170.168.242.39

IP Abuse Reports for 170.168.242.39:

This IP address has been reported a total of 18 times from 9 distinct sources. 170.168.242.39 was first reported on December 16th 2025, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-25 02:46:50 (7 hours ago)	(mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 22:46:44.129192 2026] [security2:error] [pid 26651:tid 26651] [client 170.168.242.39:37261] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|itre.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "itre.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajyWlOULiSGRgyoywovVTgAAAAA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 huginet	2026-06-15 07:28:04 (1 week ago)	170.168.242.39 - - [15/Jun/2026:09:28:02 +0200] "GET /wp-login.php HTTP/1.1" 301 240 "-" "Mozilla/5. ... show more 170.168.242.39 - - [15/Jun/2026:09:28:02 +0200] "GET /wp-login.php HTTP/1.1" 301 240 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10" 170.168.242.39 - - [15/Jun/2026:09:28:03 +0200] "GET /wp-login.php HTTP/1.1" 200 10815 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10" ... show less	Web Spam Blog Spam Hacking Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-06-05 12:43:02 (2 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇺🇸 TPI-Abuse	2026-05-02 01:40:13 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 01 21:40:06.214438 2026] [security2:error] [pid 20067:tid 20067] [client 170.168.242.39:62895] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|televisonic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "televisonic.com"] [uri "/wp-json/wp/v2/users"] [unique_id "afVV9nJvt2IGOLME3H5VgQAAAAs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-04-30 20:35:58 (1 month ago)	Try to access /.aws/credentials	Web App Attack
🇺🇸 TPI-Abuse	2026-04-29 06:13:21 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 02:13:16.271941 2026] [security2:error] [pid 8366:tid 8366] [client 170.168.242.39:56355] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.ardath.net\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ardath.net"] [uri "/s3cmd.ini"] [unique_id "afGhfFDV4JBM-EnJ8wCvGwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-04-28 20:58:45 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1248	Exploited Host Web App Attack
🇫🇷 masterguru	2026-04-27 15:17:02 (1 month ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 170.168.242.39 (NL/The Netherlands/-) ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 170.168.242.39 (NL/The Netherlands/-): 2 in the last 3600 secs (0-196) show less	Hacking
🇺🇸 TPI-Abuse	2026-04-27 06:30:33 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 02:30:28.862733 2026] [security2:error] [pid 14574:tid 14574] [client 170.168.242.39:35057] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.caribbeantanz.postermodelsworldwideinc.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.caribbeantanz.postermodelsworldwideinc.com"] [uri "/s3cmd.ini"] [unique_id "ae8ChG0FXdxFzlGTvZ1Y8wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-31 15:27:47 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 31 11:27:43.529876 2026] [security2:error] [pid 24955:tid 24955] [client 170.168.242.39:32505] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|norinpaco.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "norinpaco.com"] [uri "/wp-json/wp/v2/users"] [unique_id "acvn78OCH2PpGG0S-3flAwAAAAw"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-28 10:00:20 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 28 06:00:06.282748 2026] [security2:error] [pid 24921:tid 24921] [client 170.168.242.39:33933] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|cgautomatizacion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cgautomatizacion.com"] [uri "/wp-json/wp/v2/users"] [unique_id "acempqRRCdAH453x50PWYwAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇷🇴 INTEQ	2026-03-26 23:05:51 (2 months ago)	Web attack from 170.168.242.39	Web App Attack
🇺🇸 TPI-Abuse	2026-03-16 10:22:51 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 170.168.242.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 16 06:22:46.764999 2026] [security2:error] [pid 1669:tid 1669] [client 170.168.242.39:29047] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ibcnu.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ibcnu.com"] [uri "/wp-json/wp/v2/users"] [unique_id "abfZ9kCITx0xhjW2olKkPgAAAA0"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-01-07 08:22:46 (5 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 10-22.170.168.242.39.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 10-22.170.168.242.39.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇵🇱 sefinek.net	2025-12-27 14:11:02 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from FI. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from FI. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.100

🇰🇷 58.229.180.107

🇺🇸 212.102.41.22

🇧🇷 207.248.19.151

🇫🇮 178.20.210.152

🇺🇸 152.32.183.22

🇨🇳 112.46.207.141

🇨🇳 111.55.120.61

🇨🇳 106.117.117.61

🇸🇬 103.250.11.176

🇺🇸 35.166.36.159

🇮🇪 4.210.68.162

🇧🇷 190.115.84.25

🇦🇷 181.209.76.203

🇫🇷 151.247.193.247

🇺🇸 66.132.186.246

🇸🇬 43.160.251.13

🇧🇷 35.215.238.15

🇹🇳 197.5.145.102

🇭🇺 194.180.16.131