JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 149.71.36.135

149.71.36.135 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 61%: ?

61%

ISP	Cogent Communications, LLC
Usage Type	Fixed Line ISP
ASN	AS138655
Domain Name	cogentco.com
Country	🇵🇰 Pakistan
City	Lahore, Punjab

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 149.71.36.135

Whois 149.71.36.135

IP Abuse Reports for 149.71.36.135:

This IP address has been reported a total of 12 times from 12 distinct sources. 149.71.36.135 was first reported on May 29th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 cwytech	2026-06-03 16:34:40 (5 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wordpress-geofence-sus.	Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-03 14:51:06 (6 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC US/United States/-	Web App Attack
Anonymous	2026-06-03 12:37:03 (6 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-05-31 15:12:54 (1 week ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 WellSpring	2026-05-31 13:03:11 (1 week ago)	xmlrpc exploit on 502.today/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 09:59:21 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 149.71.36.135 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 149.71.36.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 05:59:13.178924 2026] [security2:error] [pid 10663:tid 10663] [client 149.71.36.135:36438] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|vrevgaming.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vrevgaming.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ahwGcVRZdsHRRFHJR-9uqwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 spamverify.com	2026-05-31 02:18:37 (1 week ago)	Honeypot Hit: xmlrpc.php	Web Spam Blog Spam Bad Web Bot Web App Attack
🇫🇮 stinpriza	2026-05-31 00:56:14 (1 week ago)	Web App Attack	Web App Attack
🇩🇪 findlab	2026-05-30 06:35:01 (1 week ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇳🇿 Tripwire	2026-05-29 08:56:23 (1 week ago)	Probing for Wordpress - /xmlrpc.php	Brute-Force Web App Attack
🇩🇪 4server	2026-05-29 07:36:12 (1 week ago)	[FriMay2909:36:09.1196472026][security2:error][pid1867820:tid1867969][client149.71.36.135:0]ModSecur ... show more [FriMay2909:36:09.1196472026][security2:error][pid1867820:tid1867969][client149.71.36.135:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"formet.ch\"][uri\"/xmlrpc.php\"][unique_id\"ahlB6cW1AzTXkAyUOuXsDgAAAI4\"] show less	Port Scan Brute-Force Web App Attack
🇨🇦 electronico	2026-05-29 04:22:10 (1 week ago)	149.71.36.135 - - [29/May/2026:15:22:09 +1100] "POST /xmlrpc.php HTTP/1.1" 503 23187 "-" "Mozilla/5. ... show more 149.71.36.135 - - [29/May/2026:15:22:09 +1100] "POST /xmlrpc.php HTTP/1.1" 503 23187 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.0.0 Safari/537.36" ... show less	Brute-Force Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 210.183.21.53

🇬🇧 81.19.219.223

🇩🇪 69.5.169.109

🇺🇸 68.83.44.242

🇺🇸 65.49.1.202

🇺🇸 34.26.47.95

🇨🇳 218.59.201.12

🇮🇶 212.23.217.3

🇺🇸 209.85.160.200

🇬🇧 193.176.29.7

🇺🇸 172.253.214.16

🇮🇳 157.50.14.211

🇨🇳 123.158.48.51

🇩🇪 69.5.169.133

🇺🇸 66.132.195.29

🇳🇱 45.148.10.151

🇺🇸 34.174.86.79

🇺🇸 34.11.100.130

🇨🇳 218.4.91.162

🇰🇷 211.105.129.57