JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.130.81.25

45.130.81.25 was found in our database!

This IP was reported 125 times. Confidence of Abuse is 27%: ?

27%

ISP	VPN Consumer Kiev, Ukraine
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇺🇦 Ukraine
City	Kyiv, Kyiv City

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.130.81.25

Whois 45.130.81.25

IP Abuse Reports for 45.130.81.25:

This IP address has been reported a total of 125 times from 36 distinct sources. 45.130.81.25 was first reported on May 10th 2022, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 demonsword	2026-06-03 10:37:19 (2 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.ipvanish.com:443 show less	Open Proxy Port Scan
🇫🇷 SpaceHost-Server	2026-06-02 22:34:17 (2 weeks ago)		Brute-Force Web App Attack
Anonymous	2026-06-02 13:03:19 (2 weeks ago)	Fail2Ban triggered	Web App Attack
🇫🇮 as211431.net	2026-06-02 04:12:10 (2 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from UA. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from UA. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /archivarix.cms.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇱🇻 garmtech.com	2026-05-26 00:54:10 (3 weeks ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 03-54.45.130.81.25.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 03-54.45.130.81.25.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇺🇸 cybsecaoccol	2026-04-27 18:10:02 (1 month ago)	Brute Force SASL Attack	Hacking Brute-Force Web App Attack
🇺🇸 threatintelligence_bvc	2026-04-16 18:38:00 (2 months ago)		Brute-Force
🇺🇸 threatintelligence_bvc	2026-04-06 01:10:47 (2 months ago)		Brute-Force
🇫🇷 sprmario	2026-04-02 19:58:04 (2 months ago)	Rule : RDP UserAccount : administrator S-1-0-0 - - 0x0 S-1-0-0 administrator - 0xc000006d %#13 0xc0 ... show more Rule : RDP UserAccount : administrator S-1-0-0 - - 0x0 S-1-0-0 administrator - 0xc000006d %#13 0xc000006a 3 NtLmSsp NTLM workstation - - 0 0x0 - 45.130.81.25 0 show less	SSH Brute-Force
🇺🇸 threatintelligence_bvc	2026-04-02 08:41:18 (2 months ago)		Brute-Force
🇺🇸 threatintelligence_bvc	2026-04-01 04:07:06 (2 months ago)		Brute-Force
🇺🇸 Penny Packer	2026-03-12 11:30:32 (3 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2026-03-02 14:56:45 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 45.130.81.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.130.81.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 02 09:56:39.883406 2026] [security2:error] [pid 6001:tid 6001] [client 45.130.81.25:59563] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|brazilianbikinis.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "brazilianbikinis.com"] [uri "/backups/dump.sql"] [unique_id "aaWlJ5jz-matICFfpe4moQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 filstal.org	2026-01-27 02:41:38 (4 months ago)	Vulnerability scan activity detected by Fail2Ban	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-01-12 20:48:02 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 45.130.81.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.130.81.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 12 15:47:55.204755 2026] [security2:error] [pid 15441:tid 15441] [client 45.130.81.25:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kryptonome.com\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kryptonome.com"] [uri "/backups/wallet.dat"] [unique_id "aWVd-_LKSUaJKE5D8Z8IAAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 125 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 116.229.106.4

🇺🇸 195.184.76.82

🇺🇸 167.148.85.88

🇺🇸 162.216.149.54

🇮🇩 103.4.76.244

🇧🇬 94.155.124.98

🇺🇸 74.207.252.4

🇺🇸 20.168.0.47

🇷🇴 141.98.83.48

🇪🇸 81.36.95.164

🇫🇷 62.210.142.177

🇬🇧 35.203.210.200

🇬🇧 35.203.210.130

🇺🇸 172.235.138.70

🇺🇸 162.216.150.235

🇮🇳 136.232.11.10

🇺🇸 104.247.197.186

🇳🇱 93.123.72.183

🇧🇪 34.14.12.52

🇳🇱 195.178.110.26