JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 179.43.158.4

179.43.158.4 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 24%: ?

24%

ISP	PRIVATE LAYER INC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51852
Hostname(s)	hostedby.privatelayer.com
Domain Name	privatelayer.com
Country	🇨🇭 Switzerland
City	Bellinzona, Ticino

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 179.43.158.4

Whois 179.43.158.4

IP Abuse Reports for 179.43.158.4:

This IP address has been reported a total of 17 times from 11 distinct sources. 179.43.158.4 was first reported on March 19th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 10:06:32 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 06:06:28.684670 2026] [security2:error] [pid 23041:tid 23041] [client 179.43.158.4:50249] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|genevainvestors.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "genevainvestors.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ah1ZpNoI-NB9DVEinifYugAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 08:05:06 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 04:05:00.950410 2026] [security2:error] [pid 2303:tid 2303] [client 179.43.158.4:61371] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 179.43.158.4 (+1 hits since last alert)\|churchbehindthewalls.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "churchbehindthewalls.com"] [uri "/xmlrpc.php"] [unique_id "ah09LNDjXz_hpkeFsgEDEQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-31 21:20:10 (2 weeks ago)	Attac	Brute-Force
🇲🇾 Rizzy	2026-05-31 20:48:34 (2 weeks ago)	Multiple WAF Violations	Brute-Force Web App Attack
Anonymous	2026-05-28 14:42:21 (2 weeks ago)	Attac	Brute-Force
🇧🇪 luxsat	2026-05-25 06:57:00 (3 weeks ago)	sex spam	Web Spam Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-23 03:00:10 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 23:00:00.943256 2026] [security2:error] [pid 1242090:tid 1242090] [client 179.43.158.4:58293] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 179.43.158.4 (+1 hits since last alert)\|psychiatryabuse.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "psychiatryabuse.com"] [uri "/xmlrpc.php"] [unique_id "aemLMMHWp2bIRJr2lZ7fdQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 13:57:57 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 09:57:49.430779 2026] [security2:error] [pid 2940255:tid 2940255] [client 179.43.158.4:65220] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 179.43.158.4 (+1 hits since last alert)\|ssion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ssion.com"] [uri "/xmlrpc.php"] [unique_id "aeON3Roepmo9OoiZ_nFMvAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-18 11:50:22 (1 month ago)	[redacted] 179.43.158.4 - - [18/Apr/2026:13:49:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Wo ... show more [redacted] 179.43.158.4 - - [18/Apr/2026:13:49:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 179.43.158.4 - - [18/Apr/2026:13:49:49 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 179.43.158.4 - - [18/Apr/2026:13:50:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 179.43.158.4 - - [18/Apr/2026:13:50:11 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 179.43.158.4 - - [18/Apr/2026:13:50:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-04-13 23:20:14 (2 months ago)	(mod_security) mod_security (id:240335) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 13 19:20:08.059645 2026] [security2:error] [pid 3039305:tid 3039305] [client 179.43.158.4:61328] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 179.43.158.4 (+1 hits since last alert)\|stalbansparish.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stalbansparish.org"] [uri "/xmlrpc.php"] [unique_id "ad16KPoORlNeesTredkqjwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 SOC [GOLINE SA]	2026-04-08 14:18:35 (2 months ago)	RoutePulse SOC — ml c2 detected by AS202032 (GOLINE SA). Host: hostedby.privatelayer.com · AS51852 P ... show more RoutePulse SOC — ml c2 detected by AS202032 (GOLINE SA). Host: hostedby.privatelayer.com · AS51852 Private Layer INC · Switzerland. internal threat score 0/100. Event: severity warning, 1 distinct targets, 1 distinct ports, 243026 flows, 190.7 MB, rule "Beaconing Pattern", direction outbound. Detection: real-time sFlow/IPFIX flow analysis + ML ensemble (10 models) + threat intel correlation show less	Hacking
🇺🇸 octageeks.com	2026-03-20 04:06:44 (2 months ago)	Wordpress malicious attack:[octaxmlrpc]	Web App Attack
🇺🇸 myagent.site	2026-03-19 15:28:37 (2 months ago)	Blocking for trying to access an exploit file: /xmlrpc.php	Hacking
🇺🇸 TPI-Abuse	2026-03-19 09:28:32 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 179.43.158.4 (hostedby.privatelayer.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 19 05:28:27.889163 2026] [security2:error] [pid 1270491:tid 1270491] [client 179.43.158.4:52864] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|joebankx.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "joebankx.com"] [uri "/wp-json/wp/v2/users"] [unique_id "abvBuxkElCmhO6ARGDWVEgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dbmwebdesign	2026-03-19 08:30:10 (2 months ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 186.219.184.142

🇺🇸 20.169.106.77

🇺🇸 173.239.214.134

🇰🇿 93.95.241.150

🇳🇱 80.79.5.134

🇮🇳 74.125.178.152

🇺🇸 45.8.19.59

🇺🇸 35.212.204.23

🇳🇱 45.148.10.141

🇮🇳 38.183.45.208

🇩🇪 34.40.70.139

🇩🇪 217.154.144.111

🇨🇭 209.99.189.174

🇺🇸 172.96.182.111

🇹🇷 91.151.88.168

🇫🇷 82.102.18.190

🇺🇸 37.19.221.146

🇺🇸 2607:f8b0:400e:c0c::120

🇮🇩 203.175.125.130

🇧🇩 118.179.100.38