JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.115.49.226

154.115.49.226 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 72%: ?

72%

ISP	TENET (The UNINET Project)
Usage Type	University/College/School
ASN	AS2018
Domain Name	tenet.ac.za
Country	🇿🇦 South Africa
City	Mthatha, Eastern Cape

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.115.49.226

Whois 154.115.49.226

IP Abuse Reports for 154.115.49.226:

This IP address has been reported a total of 20 times from 12 distinct sources. 154.115.49.226 was first reported on June 19th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-25 21:49:01 (2 hours ago)	(mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 17:48:53.411943 2026] [security2:error] [pid 30087:tid 30087] [client 154.115.49.226:63171] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.115.49.226 (+1 hits since last alert)\|dynamic-therapy-mn.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dynamic-therapy-mn.com"] [uri "/xmlrpc.php"] [unique_id "aj2iRdz6UmAAYeMrMqLYlgAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-25 17:55:09 (6 hours ago)	Attac	Brute-Force
🇳🇱 Site.eu	2026-06-25 11:50:02 (12 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇫🇷 dynamix	2026-06-24 21:02:43 (1 day ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-24 19:40:00 (1 day ago)	154.115.49.226 - - [24/Jun/2026:21:39:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by ... show more 154.115.49.226 - - [24/Jun/2026:21:39:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" 154.115.49.226 - - [24/Jun/2026:21:39:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" 154.115.49.226 - - [24/Jun/2026:21:39:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)" 154.115.49.226 - - [24/Jun/2026:21:39:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)" 154.115.49.226 - - [24/Jun/2026:21:39:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 18:41:29 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 14:41:21.483901 2026] [security2:error] [pid 15337:tid 15337] [client 154.115.49.226:57160] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.115.49.226 (+1 hits since last alert)\|smoothiessoupssalads.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "smoothiessoupssalads.com"] [uri "/xmlrpc.php"] [unique_id "ajwk0QLuG7R2_Rq6975S4QAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 15:35:55 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 11:35:48.502104 2026] [security2:error] [pid 4370:tid 4379] [client 154.115.49.226:61876] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.115.49.226 (+1 hits since last alert)\|planmytrust.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "planmytrust.com"] [uri "/xmlrpc.php"] [unique_id "ajv5VOJUN8iXbxwSnWH8FwAAAUc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 YF	2026-06-23 23:00:23 (2 days ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
Anonymous	2026-06-23 19:23:13 (2 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-23 19:04:13 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 15:04:05.349278 2026] [security2:error] [pid 6756:tid 6756] [client 154.115.49.226:60662] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.115.49.226 (+1 hits since last alert)\|answeringilliana.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "answeringilliana.com"] [uri "/xmlrpc.php"] [unique_id "ajrYpdmiNOzFb8_-DpXfzAAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇾 Rizzy	2026-06-23 16:51:29 (2 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 16:28:22 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 154.115.49.226 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 12:28:13.996848 2026] [security2:error] [pid 28893:tid 28893] [client 154.115.49.226:61696] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.115.49.226 (+1 hits since last alert)\|rajabarber.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rajabarber.com"] [uri "/xmlrpc.php"] [unique_id "ajq0HWu-g0gbifRrWglsSQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-23 03:24:58 (2 days ago)	7.477 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
Anonymous	2026-06-23 02:45:46 (2 days ago)	[redacted] 154.115.49.226 - - [23/Jun/2026:04:45:00 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 154.115.49.226 - - [23/Jun/2026:04:45:00 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)" [redacted] 154.115.49.226 - - [23/Jun/2026:04:45:11 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)" [redacted] 154.115.49.226 - - [23/Jun/2026:04:45:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" [redacted] 154.115.49.226 - - [23/Jun/2026:04:45:32 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 154.115.49.226 - - [23/Jun/2026:04:45:43 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" ... show less	Hacking Web App Attack
Anonymous	2026-06-21 03:35:31 (4 days ago)	(wordpress) Failed wordpress login from 154.115.49.226 (-)	Brute-Force

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 43.162.112.238

🇩🇪 194.88.98.124

🇭🇰 152.32.215.224

🇭🇰 119.28.49.103

🇷🇺 91.149.103.72

🇸🇬 68.178.172.205

🇺🇸 44.110.178.30

🇩🇪 43.165.3.187

🇫🇮 34.88.145.118

🇩🇪 3.78.181.109

🇷🇴 2.57.121.25

🇨🇳 218.13.26.42

🇧🇷 205.210.31.243

🇪🇹 196.190.220.199

🇺🇸 185.198.240.172

🇻🇳 171.231.180.58

🇺🇸 170.106.174.205

🇺🇸 162.216.149.26

🇪🇬 156.214.232.161

🇳🇱 145.90.8.9