JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.130.81.49

45.130.81.49 was found in our database!

This IP was reported 118 times. Confidence of Abuse is 35%: ?

35%

ISP	VPN Consumer Kiev, Ukraine
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇺🇦 Ukraine
City	Kyiv, Kyiv City

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.130.81.49

Whois 45.130.81.49

IP Abuse Reports for 45.130.81.49:

This IP address has been reported a total of 118 times from 34 distinct sources. 45.130.81.49 was first reported on June 5th 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-06-12 14:51:34 (1 week ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 17-51.45.130.81.49.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 17-51.45.130.81.49.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 12:38:09 (2 weeks ago)	(mod_security) mod_security (id:210350) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 08:38:02.511748 2026] [security2:error] [pid 18818:tid 18818] [client 45.130.81.49:23473] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.67ronin.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.67ronin.com"] [uri "/archivarix.cms.php"] [unique_id "ah7OquqpPD33p3JrA5UU9AAAAAY"], referer: https://67ronin.com/archivarix.cms.php show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Shadymint	2026-06-02 08:14:51 (2 weeks ago)	url probing	Web App Attack
🇩🇪 ghostwarriors	2026-06-01 19:50:04 (2 weeks ago)	Attempts against non-existent wp-login	Brute-Force Web App Attack
Anonymous	2026-06-01 19:33:59 (2 weeks ago)	Fail2Ban triggered	Web App Attack
🇦🇺 screwlooseit.com.au	2026-05-28 14:20:01 (3 weeks ago)	Blocked by CSF 13 firewall - Rule: XMLRPC NL/Netherlands/-	Web App Attack
🇯🇵 SentinalX by uzumaru	2026-05-28 00:52:08 (3 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: netiptv.eu:80 show less	Open Proxy Port Scan
🇺🇸 TPI-Abuse	2026-05-12 16:25:05 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 12:24:55.821841 2026] [security2:error] [pid 10392:tid 10392] [client 45.130.81.49:32957] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|1954topresent.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "1954topresent.com"] [uri "/archivarix.cms.php"] [unique_id "agNUVy__gQIwHrHvWLEZZQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-11 20:44:00 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 11 16:43:52.625834 2026] [security2:error] [pid 15050:tid 15071] [client 45.130.81.49:47299] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|magazineofwallstreet.com\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "magazineofwallstreet.com"] [uri "/wallet.dat"] [unique_id "abHUCD3pwJM656JJSQwc_wAAARI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-10 11:33:48 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 07:33:41.894648 2026] [security2:error] [pid 3226:tid 3234] [client 45.130.81.49:32917] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|siestakeybch.com\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "siestakeybch.com"] [uri "/bak/wallet.dat"] [unique_id "abABlRomag8OVa5dvSyRywAAAUY"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 pinguin	2026-03-03 14:07:07 (3 months ago)	Triggered Cloudflare WAF (firewallManaged) from UA. Action taken: LOG Protocol: HTTP/2 (HEAD method) ... show more Triggered Cloudflare WAF (firewallManaged) from UA. Action taken: LOG Protocol: HTTP/2 (HEAD method) Endpoint: /www.tar UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-25 23:46:10 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 18:46:04.520068 2026] [security2:error] [pid 17753:tid 17753] [client 45.130.81.49:30507] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|highstakeslearning.com\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "highstakeslearning.com"] [uri "/old/wallet.dat"] [unique_id "aZ-JvF4n3sNjDYYzqUlN6AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2026-02-20 01:22:31 (4 months ago)	Fail2Ban apache-tripwires	Web App Attack
Anonymous	2026-02-12 01:10:04 (4 months ago)	\| [Dangerous/Ukraine] Agressive IP 45.130.81.49 (~30 hits). Type: DoS Defender- Web server 400 error ... show more \| [Dangerous/Ukraine] Agressive IP 45.130.81.49 (~30 hits). Type: DoS Defender- Web server 400 error code show less	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 20:25:46 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.130.81.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 15:25:39.420529 2026] [security2:error] [pid 30699:tid 30699] [client 45.130.81.49:42455] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kwtlaw.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kwtlaw.com"] [uri "/back/backup.sql"] [unique_id "aYpCw2P6-Ur7ouyr7B7yaAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 118 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.95

🇳🇱 91.92.40.4

🇺🇸 65.49.1.132

🇭🇰 199.45.155.73

🇬🇧 195.140.214.19

🇷🇺 188.225.56.112

🇺🇸 174.35.25.179

🇩🇪 167.71.59.163

🇺🇸 162.216.150.228

🇺🇸 162.216.150.218

🇸🇬 152.42.201.102

🇺🇸 147.185.132.166

🇺🇸 147.185.132.39

🇧🇪 146.148.13.38

🇨🇭 144.2.91.96

🇨🇳 120.235.191.166

🇨🇳 101.20.79.128

🇺🇸 100.29.192.14

🇹🇷 78.189.138.9

🇺🇸 65.49.1.142