JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.130.202.27

45.130.202.27 was found in our database!

This IP was reported 203 times. Confidence of Abuse is 92%: ?

92%

ISP	Legaco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS137409
Domain Name	legaconetworks.nl
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.130.202.27

Whois 45.130.202.27

IP Abuse Reports for 45.130.202.27:

This IP address has been reported a total of 203 times from 79 distinct sources. 45.130.202.27 was first reported on December 28th 2022, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TAY	2026-06-14 17:01:14 (3 days ago)	45.130.202.27 - - [15/Jun/2026:00:55:25 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5874 "-" "Jetpack by ... show more 45.130.202.27 - - [15/Jun/2026:00:55:25 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5874 "-" "Jetpack by WordPress.com" 45.130.202.27 - - [15/Jun/2026:00:59:39 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5874 "-" "Jetpack by WordPress.com" 45.130.202.27 - - [15/Jun/2026:01:01:14 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5874 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" ... show less	Brute-Force
🇺🇸 integrantservices.com	2026-06-14 16:17:07 (3 days ago)	(wordpress) Failed wordpress login from 45.130.202.27 (TR/Türkiye/-)	Brute-Force
🇪🇸 robotstxt	2026-06-12 14:58:37 (5 days ago)	45.130.202.27 - - [12/Jun/2026:14:57:50 +0000] "GET /cgi-bin/bypass.php HTTP/1.1" 404 548 "-" "Mozil ... show more 45.130.202.27 - - [12/Jun/2026:14:57:50 +0000] "GET /cgi-bin/bypass.php HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" "-" 45.130.202.27 - - [12/Jun/2026:14:57:52 +0000] "GET /wp-signup.php HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0" "-" 45.130.202.27 - - [12/Jun/2026:14:58:23 +0000] "GET /cgi-bin/class.api.php HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" "-" 45.130.202.27 - - [12/Jun/2026:14:58:28 +0000] "GET /cgi-bin/autoload_classmap.php HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "-" 45.130.202.27 - - [12/Jun/2026:14:58:37 +0000] "GET /cgi-bin/index.php HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.3 ... show less	Bad Web Bot
🇬🇧 consul.to	2026-06-12 13:08:30 (5 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 08:53:42 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 45.130.202.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 45.130.202.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 04:53:37.040061 2026] [security2:error] [pid 2397:tid 2397] [client 45.130.202.27:62773] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rgnexcore.com.elpaco.net"] [uri "/.git/HEAD"] [unique_id "aivJEXe1L8A_32677p5HgAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 YF	2026-06-12 05:00:18 (6 days ago)	Git HEAD exposure probe	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 04:53:28 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 45.130.202.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 45.130.202.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 00:53:24.770900 2026] [security2:error] [pid 11321:tid 11321] [client 45.130.202.27:21193] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.aticom.es"] [uri "/.env"] [unique_id "aiuQxAXtO-4aesiDVkL62QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-12 00:53:01 (6 days ago)	Excessive multi-domain requests	Brute-Force
🇧🇷 Halux	2026-06-11 17:51:53 (6 days ago)	45.130.202.27 Probing protected path or service	Web App Attack
🇩🇪 Progetto1	2026-06-11 04:20:02 (1 week ago)	Detected via HAProxyScanner at 2026-06-11 04:20:02 UTC on destination port WEB (80/443). Repeated sc ... show more Detected via HAProxyScanner at 2026-06-11 04:20:02 UTC on destination port WEB (80/443). Repeated scan / connection. show less	Port Scan Hacking Brute-Force
🇫🇮 inlink.ltd	2026-06-11 01:14:11 (1 week ago)	dot file probe	Web App Attack
🇬🇧 AvonleaConsulting	2026-06-10 22:58:40 (1 week ago)	Attempts to probe web pages for vulnerable PHP or other applications	Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-10 21:59:23 (1 week ago)	Auto-ban: >3000 req/min op 2026-06-10	Web App Attack SSH Hacking
🇫🇷 dynamix	2026-06-10 13:27:18 (1 week ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 08:48:56 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 45.130.202.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 45.130.202.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 04:48:51.123424 2026] [security2:error] [pid 5749:tid 5817] [client 45.130.202.27:46619] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.totalservicesandmorellc.com"] [uri "/.git/HEAD"] [unique_id "aikk80bIXS1YHRaU9vBvuAAAAEE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 203 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 173.230.155.151

🇳🇱 162.159.113.80

🇫🇷 158.220.125.127

🇧🇷 200.175.201.167

🇭🇰 185.227.153.56

🇮🇹 151.40.153.89

🇺🇸 107.150.97.228

🇬🇧 86.140.1.71

🇺🇸 75.119.208.70

🇺🇸 74.87.117.149

🇺🇸 40.121.200.75

🇳🇱 20.229.115.183

🇺🇸 20.14.88.150

🇮🇳 223.228.14.83

🇰🇷 221.149.119.65

🇭🇰 199.45.155.96

🇲🇽 187.171.231.227

🇦🇷 181.23.84.240

🇺🇸 162.216.150.79

🇺🇸 152.32.205.7