JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 177.130.252.131

177.130.252.131 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 42%: ?

42%

ISP	Unifique Telecomunicações SA
Usage Type	Fixed Line ISP
ASN	AS28343
Hostname(s)	mail.snsvr.com.br
Domain Name	unifique.com.br
Country	🇧🇷 Brazil
City	Jaragua do Sul, Santa Catarina

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 177.130.252.131

Whois 177.130.252.131

IP Abuse Reports for 177.130.252.131:

This IP address has been reported a total of 18 times from 14 distinct sources. 177.130.252.131 was first reported on April 16th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-09 11:52:37 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the l ... show more (mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 07:52:33.195585 2026] [security2:error] [pid 25382:tid 25382] [client 177.130.252.131:44147] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.writebetweenthelines.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.writebetweenthelines.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aif-gXkOHml9XkF0Bf3MdAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 itsolon	2026-06-08 23:39:03 (2 weeks ago)	177.130.252.131 - - [09/Jun/2026:01:39:02 +0200] "POST /wp-login.php HTTP/2.0" 200 3481 "-" "Mozilla ... show more 177.130.252.131 - - [09/Jun/2026:01:39:02 +0200] "POST /wp-login.php HTTP/2.0" 200 3481 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" 177.130.252.131 - - [09/Jun/2026:01:39:02 +0200] "POST /wp-login.php HTTP/2.0" 200 3481 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0" 177.130.252.131 - - [09/Jun/2026:01:39:02 +0200] "POST /wp-login.php HTTP/2.0" 200 3481 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0" 177.130.252.131 - - [09/Jun/2026:01:39:02 +0200] "POST /wp-login.php HTTP/2.0" 200 3481 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0" 177.130.252.131 - - [09/Jun/2026:01:39:03 +0200] "POST /wp-login.php HTTP/2.0" 200 3481 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" ... show less	Brute-Force Web App Attack
🇳🇱 Mangelot Hosting	2026-06-08 23:35:23 (2 weeks ago)	(wp_login_try) srv101 WP Login Attempt 177.130.252.131 (BR/Brazil/mail.snsvr.com.br): 10 in the last ... show more (wp_login_try) srv101 WP Login Attempt 177.130.252.131 (BR/Brazil/mail.snsvr.com.br): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 05:21:50 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the l ... show more (mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 01:21:44.636775 2026] [security2:error] [pid 515:tid 515] [client 177.130.252.131:1169] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|kdgsf.xyz\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kdgsf.xyz"] [uri "/wp-json/wp/v2/users"] [unique_id "aiZRaP1Fcci-B4XHr8IrTAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Dolphi	2026-06-08 03:00:04 (2 weeks ago)	Excessive POST /xmlrpc.php requests	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 22:41:57 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the l ... show more (mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:41:54.058314 2026] [security2:error] [pid 12184:tid 12184] [client 177.130.252.131:51972] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.csm-dtc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csm-dtc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiXzshRdiMZtn5B9z7uFewAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 16:47:02 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the l ... show more (mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 12:46:53.541765 2026] [security2:error] [pid 28116:tid 28116] [client 177.130.252.131:4767] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lahamradio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lahamradio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiWgfaZINitdRNDeBkbdaAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-07 16:08:43 (2 weeks ago)	Multiple WAF Violations	Web App Attack
🇩🇪 rh24	2026-06-07 10:26:57 (2 weeks ago)	(wordpress-user-enum) Failed wordpress-user-enum trigger from 177.130.252.131 (BR/Brazil/mail.snsvr. ... show more (wordpress-user-enum) Failed wordpress-user-enum trigger from 177.130.252.131 (BR/Brazil/mail.snsvr.com.br): (CF_ENABLE) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-07 02:49:19 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the l ... show more (mod_security) mod_security (id:225170) triggered by 177.130.252.131 (mail.snsvr.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 22:49:12.497185 2026] [security2:error] [pid 32084:tid 32105] [client 177.130.252.131:53187] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|conservativelabor.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "conservativelabor.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiTcKGUNIaGV1sjp1AKSHQAAAJI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-06 15:46:09 (2 weeks ago)	(wordpress) Failed wordpress login from 177.130.252.131 (BR/Brazil/mail.snsvr.com.br)	Brute-Force
Anonymous	2026-06-06 09:30:25 (2 weeks ago)	177.130.252.131 - - [06/Jun/2026:11:30:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 206 "-" "Mozilla/5. ... show more 177.130.252.131 - - [06/Jun/2026:11:30:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 206 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" 177.130.252.131 - - [06/Jun/2026:11:30:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 420 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" 177.130.252.131 - - [06/Jun/2026:11:30:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 206 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:41.0) Gecko/20100101 Firefox/41.0" 177.130.252.131 - - [06/Jun/2026:11:30:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 420 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:41.0) Gecko/20100101 Firefox/41.0" 177.130.252.131 - - [06/Jun/2026:11:30:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 420 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-06 07:00:13 (2 weeks ago)	\| [Dangerous/Brazil] Aggressive IP 177.130.252.131 (~30 hits). Type: DoS Defender- Web server 400 er ... show more \| [Dangerous/Brazil] Aggressive IP 177.130.252.131 (~30 hits). Type: DoS Defender- Web server 400 error code show less	Web App Attack Hacking SQL Injection
Anonymous	2026-04-18 11:06:04 (2 months ago)	Trying to access config files	Web App Attack
🇩🇪 F242	2026-04-18 03:47:37 (2 months ago)	Wordpress Login or XMLRPC abuse	Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.155.84.194

🇲🇽 189.215.123.173

🇺🇸 172.104.210.105

🇺🇸 162.216.149.216

🇸🇬 152.42.254.55

🇱🇻 81.30.98.44

🇭🇰 45.142.154.91

🇺🇸 45.33.40.18

🇧🇷 187.109.193.118

🇦🇷 186.148.224.83

🇬🇧 185.247.137.236

🇩🇪 157.230.125.40

🇻🇳 113.160.234.35

🇫🇷 91.196.152.215

🇿🇲 41.63.63.211

🇺🇸 20.65.195.38

🇰🇷 14.63.196.175

🇭🇰 199.45.154.191

🇮🇳 163.223.244.3

🇮🇩 103.154.231.122