JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.248.49.203

197.248.49.203 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 87%: ?

87%

ISP	Safaricom Limited
Usage Type	Fixed Line ISP
ASN	AS37061
Hostname(s)	197-248-49-203.safaricombusiness.co.ke
Domain Name	safaricom.co.ke
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.248.49.203

Whois 197.248.49.203

IP Abuse Reports for 197.248.49.203:

This IP address has been reported a total of 24 times from 17 distinct sources. 197.248.49.203 was first reported on May 29th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 wlt-blocker	2026-06-12 09:34:32 (2 days ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 08:41:54 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 197.248.49.203 (197-248-49-203.safaricombusines ... show more (mod_security) mod_security (id:240335) triggered by 197.248.49.203 (197-248-49-203.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 04:41:51.337985 2026] [security2:error] [pid 4227:tid 4227] [client 197.248.49.203:55978] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.49.203 (+1 hits since last alert)\|webuydinwiddiehouses.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "webuydinwiddiehouses.com"] [uri "/xmlrpc.php"] [unique_id "aip0z5pRo2ZeUCmhZnjEvwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-11 07:09:45 (4 days ago)	2026-06-11T09:09:43.723624+02:00 aion wordpress[1638271]: XML-RPC authentication attempt for unknown ... show more 2026-06-11T09:09:43.723624+02:00 aion wordpress[1638271]: XML-RPC authentication attempt for unknown user nanosrvr from 197.248.49.203 ... show less	Hacking Brute-Force
🇲🇾 Rizzy	2026-06-11 06:37:38 (4 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-10 09:43:51 (4 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 integrantservices.com	2026-06-10 09:37:23 (4 days ago)	(wordpress) Failed wordpress login from 197.248.49.203 (KE/Kenya/197-248-49-203.safaricombusiness.co ... show more (wordpress) Failed wordpress login from 197.248.49.203 (KE/Kenya/197-248-49-203.safaricombusiness.co.ke) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-10 08:29:41 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 197.248.49.203 (197-248-49-203.safaricombusines ... show more (mod_security) mod_security (id:240335) triggered by 197.248.49.203 (197-248-49-203.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 04:29:35.044341 2026] [security2:error] [pid 19755:tid 19761] [client 197.248.49.203:65454] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.49.203 (+1 hits since last alert)\|theyogicat.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theyogicat.com"] [uri "/xmlrpc.php"] [unique_id "aikgb1c65etjgJJorHcVnAAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 07:45:10 (5 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-10 06:13:21 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 197.248.49.203 (197-248-49-203.safaricombusines ... show more (mod_security) mod_security (id:240335) triggered by 197.248.49.203 (197-248-49-203.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 02:13:14.620746 2026] [security2:error] [pid 17334:tid 17334] [client 197.248.49.203:56041] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.49.203 (+1 hits since last alert)\|ashleycroft.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ashleycroft.com"] [uri "/xmlrpc.php"] [unique_id "aikAeiBsja7ucl96gAsGRwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 11:19:09 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 197.248.49.203 (197-248-49-203.safaricombusines ... show more (mod_security) mod_security (id:240335) triggered by 197.248.49.203 (197-248-49-203.safaricombusiness.co.ke): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 07:19:00.538362 2026] [security2:error] [pid 1714:tid 1714] [client 197.248.49.203:56441] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.248.49.203 (+1 hits since last alert)\|celltechs.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "celltechs.net"] [uri "/xmlrpc.php"] [unique_id "aif2pNd8KElgsIsQ9pfhbwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 QT	2026-06-09 09:27:06 (5 days ago)	Unauthorised WordPress admin login attempted at 2026-06-09 19:27:05 +1000	Web App Attack
🇩🇪 LRob.fr	2026-06-09 08:45:06 (5 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-09 08:11:49 (5 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TAY	2026-06-08 13:34:16 (6 days ago)	197.248.49.203 - - [08/Jun/2026:21:33:55 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4398 "-" "WordPress. ... show more 197.248.49.203 - - [08/Jun/2026:21:33:55 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4398 "-" "WordPress.com; https://wordpress.com" 197.248.49.203 - - [08/Jun/2026:21:34:05 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4398 "-" "WordPress.com; https://wordpress.com" 197.248.49.203 - - [08/Jun/2026:21:34:16 +0800] "POST /xmlrpc.php HTTP/1.1" 200 4398 "-" "Jetpack by WordPress.com" ... show less	Brute-Force
🇫🇮 YF	2026-06-08 13:00:31 (6 days ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 222.212.162.116

🇨🇳 220.197.85.236

🇺🇸 191.102.162.86

🇮🇷 109.201.15.47

🇫🇷 85.217.140.52

🇵🇰 39.48.200.58

🇨🇳 2408:8214:1120:1850:3d4f:aa50:f376:eee7

🇨🇳 223.83.114.88

🇩🇪 217.154.144.111

🇺🇸 204.48.25.122

🇧🇷 200.108.174.4

🇳🇱 192.178.118.155

🇺🇸 191.102.162.174

🇺🇸 191.102.159.17

🇨🇳 183.165.226.139

🇩🇪 138.246.253.135

🇷🇸 109.245.34.49

🇨🇳 101.126.22.12

🇺🇸 91.230.168.214

🇺🇸 64.23.153.168