JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.0.101.42

192.0.101.42 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 0%: ?

ISP	Automattic, Inc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS2635
Hostname(s)	wordpress.com
Domain Name	automattic.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.0.101.42

Whois 192.0.101.42

IP Abuse Reports for 192.0.101.42:

This IP address has been reported a total of 30 times from 11 distinct sources. 192.0.101.42 was first reported on January 28th 2021, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-01-24 23:45:28 (4 months ago)	Malicious activity	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-21 13:29:03 (10 months ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 21 09:28:56.826121 2025] [security2:error] [pid 20648:tid 20648] [client 192.0.101.42:37470] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.42 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "aKcfGCgDR15OYxClot4McAAAAAU"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1755782936&nonce=Nd7YbF1XzG&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=EseAP2kIDAvlXYyTnAJhNauDA0M%3D show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-11-03 03:43:51 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 02 23:43:47.793692 2024] [security2:error] [pid 2584933:tid 2584933] [client 192.0.101.42:37254] [client 192.0.101.42] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.42 (+1 hits since last alert)\|solarizelouisville.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "solarizelouisville.com"] [uri "/xmlrpc.php"] [unique_id "Zybxc3pKiPwPa30psjJeXwAAAAc"], referer: https://solarizelouisville.com/xmlrpc.php?for=jetpack&token=N3%2AGP42Z1%21gz%2ARmJa%40lJr5I1FNi%26vC%21Y%3A1%3A0&timestamp=1730605427&nonce=hvsS29pyl7&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=eRSaBYVvRfIOOvQ8JiqjCFWVmNY%3D show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Ba-Yu	2024-10-03 06:08:33 (1 year ago)	WordPress hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2024-09-28 12:21:57 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 28 08:21:49.755857 2024] [security2:error] [pid 28951:tid 28951] [client 192.0.101.42:47572] [client 192.0.101.42] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.42 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "Zvf03W95xJg5Ms8Di59C7gAAAAI"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1727526109&nonce=a6qvQOHVgS&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=lUOZsDO5YaemhMs%2BPYXqYedCbwk%3D show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-04-29 03:24:45 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-26 11:45:41 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-22 04:16:27 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-19 01:02:11 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-08 10:13:13 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2024-03-23 13:18:34 (2 years ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 23 09:18:29.158196 2024] [security2:error] [pid 1929] [client 192.0.101.42:17974] [client 192.0.101.42] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.42 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "Zf7WpTehLEHYQnxhqLk29gAAABE"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1711199909&nonce=9Vpe1y2T2m&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=zYzcXztWw3QiUQpV9PykL%2Fl8mqM%3D show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-02-02 03:51:32 (2 years ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.42 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 01 22:51:25.546025 2024] [security2:error] [pid 9831] [client 192.0.101.42:32812] [client 192.0.101.42] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.42 (+1 hits since last alert)\|solarizelouisville.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "solarizelouisville.com"] [uri "/xmlrpc.php"] [unique_id "ZbxmvcA3UZImRt3uqr72IwAAACc"], referer: https://solarizelouisville.com/xmlrpc.php?for=jetpack&token=N3%2AGP42Z1%21gz%2ARmJa%40lJr5I1FNi%26vC%21Y%3A1%3A0&timestamp=1706845885&nonce=owGgeXIZ6N&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=%2FHbQndnlI9LMlaV%2FnaZI3P%2Bb95w%3D show less	Brute-Force Bad Web Bot Web App Attack
🇩🇰 wnbhosting.dk	2022-08-10 12:43:50 (3 years ago)	WP xmlrpc [2022-08-10T14:43:50+02:00]	Hacking Web App Attack
🇩🇪 OiledAmoeba	2022-07-10 18:03:08 (3 years ago)	192.0.101.42 - - [11/Jul/2022:00:03:07 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php?for=jetpack&token ... show more 192.0.101.42 - - [11/Jul/2022:00:03:07 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php?for=jetpack&token=yI%23s%25wmqLKwF%21%251wV%2Awt2sUbDMmapK%288%3A1%3A1&timestamp=1657490586&nonce=dRnq7SQsIf&body-hash=zM6wtlIR3F15tOMR6hYdh1YDU3A%3D&signature=9ey9Cqy%2BGEnhFJO6zbtkzrZF10Q%3D HTTP/1.1" 500 0 "https://www.ruhnke.cloud/xmlrpc.php?for=jetpack&token=yI%23s%25wmqLKwF%21%251wV%2Awt2sUbDMmapK%288%3A1%3A1&timestamp=1657490586&nonce=dRnq7SQsIf&body-hash=zM6wtlIR3F15tOMR6hYdh1YDU3A%3D&signature=9ey9Cqy%2BGEnhFJO6zbtkzrZF10Q%3D" "Jetpack by WordPress.com" "-" 0.809 "-" ... show less	Brute-Force
🇩🇪 OiledAmoeba	2022-07-10 15:52:01 (3 years ago)	192.0.101.42 - - [10/Jul/2022:21:52:00 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php?for=jetpack&token ... show more 192.0.101.42 - - [10/Jul/2022:21:52:00 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php?for=jetpack&token=yI%23s%25wmqLKwF%21%251wV%2Awt2sUbDMmapK%288%3A1%3A1&timestamp=1657482719&nonce=rqXDanoAXH&body-hash=zM6wtlIR3F15tOMR6hYdh1YDU3A%3D&signature=bI3uEc3jIERur0froDecMuz8%2BE4%3D HTTP/1.1" 500 0 "https://www.ruhnke.cloud/xmlrpc.php?for=jetpack&token=yI%23s%25wmqLKwF%21%251wV%2Awt2sUbDMmapK%288%3A1%3A1&timestamp=1657482719&nonce=rqXDanoAXH&body-hash=zM6wtlIR3F15tOMR6hYdh1YDU3A%3D&signature=bI3uEc3jIERur0froDecMuz8%2BE4%3D" "Jetpack by WordPress.com" "-" 0.475 "-" ... show less	Brute-Force

Showing 1 to 15 of 30 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 143.42.164.182

🇺🇸 47.223.212.176

🇺🇸 2607:f8b0:4001:c12::121

🇭🇰 199.45.154.121

🇧🇴 181.115.171.217

🇩🇪 139.59.208.49

🇨🇳 59.53.133.180

🇨🇦 52.139.41.31

🇳🇱 45.148.10.151

🇸🇬 43.172.197.126

🇰🇿 2.135.146.53

🇮🇩 2406:da19:776:6e01:f069:7fe4:47a9:952a

🇺🇸 178.156.227.115

🇩🇪 148.153.140.89

🇸🇬 114.119.159.233

🇨🇳 106.46.30.125

🇨🇳 101.96.195.253

🇫🇷 84.235.233.122

🇳🇱 45.148.10.240

🇨🇳 42.179.170.247