JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 36.50.148.84

36.50.148.84 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 37%: ?

37%

ISP	Sahaj Network Pvt. Ltd.
Usage Type	Fixed Line ISP
ASN	AS152178
Domain Name	sahaj.com.np
Country	🇳🇵 Nepal
City	Kathmandu, Bagmati Province

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 36.50.148.84

Whois 36.50.148.84

IP Abuse Reports for 36.50.148.84:

This IP address has been reported a total of 18 times from 13 distinct sources. 36.50.148.84 was first reported on March 17th 2026, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-29 07:16:38 (13 hours ago)	(mod_security) mod_security (id:240335) triggered by 36.50.148.84 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 36.50.148.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 03:16:34.662134 2026] [security2:error] [pid 18024:tid 18024] [client 36.50.148.84:59053] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 36.50.148.84 (+1 hits since last alert)\|telecompros.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "telecompros.net"] [uri "/xmlrpc.php"] [unique_id "akIb0mse0yZZN9bl2mCMvAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-25 08:36:56 (4 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TPI-Abuse	2026-06-17 06:43:02 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 36.50.148.84 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 36.50.148.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 02:42:54.776014 2026] [security2:error] [pid 4680:tid 4680] [client 36.50.148.84:64161] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 36.50.148.84 (+1 hits since last alert)\|randymcelroy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "randymcelroy.com"] [uri "/xmlrpc.php"] [unique_id "ajJB7uIOgX5aXV3611cGfgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-16 03:48:26 (1 week ago)	[redacted] 36.50.148.84 - - [16/Jun/2026:05:47:43 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Je ... show more [redacted] 36.50.148.84 - - [16/Jun/2026:05:47:43 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" [redacted] 36.50.148.84 - - [16/Jun/2026:05:47:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 36.50.148.84 - - [16/Jun/2026:05:48:04 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)" [redacted] 36.50.148.84 - - [16/Jun/2026:05:48:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)" [redacted] 36.50.148.84 - - [16/Jun/2026:05:48:25 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)" ... show less	Hacking Web App Attack
Anonymous	2026-06-10 06:19:16 (2 weeks ago)	Attac	Brute-Force
Anonymous	2026-06-04 08:15:07 (3 weeks ago)	Remote Code Execution - HTTP (Request) - Variant 2	Hacking
🇦🇺 screwlooseit.com.au	2026-05-27 09:58:17 (1 month ago)	Blocked by CSF 13 firewall - Rule: XMLRPC -	Web App Attack
Anonymous	2026-05-21 11:04:23 (1 month ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-05-21 08:21:28 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 36.50.148.84 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 36.50.148.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 04:21:24.236864 2026] [security2:error] [pid 30706:tid 30706] [client 36.50.148.84:60511] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 36.50.148.84 (+1 hits since last alert)\|pattenden.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pattenden.com"] [uri "/xmlrpc.php"] [unique_id "ag7AhLUzE9FytMY3R8W4CwAAACM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-20 05:05:34 (1 month ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (149/60 min)'; Requests=149	Port Scan
Anonymous	2026-05-15 10:15:22 (1 month ago)	[redacted] 36.50.148.84 - - [15/May/2026:12:14:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Je ... show more [redacted] 36.50.148.84 - - [15/May/2026:12:14:39 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" [redacted] 36.50.148.84 - - [15/May/2026:12:14:48 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site84115232.com" [redacted] 36.50.148.84 - - [15/May/2026:12:14:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" [redacted] 36.50.148.84 - - [15/May/2026:12:15:09 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site10913105.com" [redacted] 36.50.148.84 - - [15/May/2026:12:15:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" ... show less	Hacking Web App Attack
🇺🇸 lostswordfish.com	2026-05-11 10:26:04 (1 month ago)	Wordfence waf block on baystatereentrynetwork	Web App Attack
Anonymous	2026-04-27 08:15:58 (2 months ago)		Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-04-22 03:47:16 (2 months ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-04-08 08:11:25 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 36.50.148.84 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 36.50.148.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 04:11:19.580725 2026] [security2:error] [pid 2481663:tid 2481663] [client 36.50.148.84:49549] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|adona.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "adona.org"] [uri "/wp-json/wp/v2/users"] [unique_id "adYNp6AqqIBmZXsHmAm-tAAAABw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2604:a880:2:d1:0:1:51e6:8001

🇲🇽 200.68.173.60

🇷🇴 193.46.255.86

🇨🇱 172.253.219.19

🇨🇱 172.253.219.16

🇧🇪 172.253.215.17

🇻🇳 160.191.244.158

🇰🇷 112.168.171.175

🇺🇸 47.88.26.14

🇭🇰 47.86.85.77

🇯🇵 8.216.6.107

🇷🇺 5.165.150.11

🇩🇪 213.209.159.226

🇧🇷 179.125.175.74

🇨🇴 179.32.33.161

🇺🇸 172.245.106.111

🇺🇸 172.239.71.245

🇸🇬 172.217.44.221

🇸🇬 172.217.44.219

🇺🇸 172.217.39.210