JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 49.13.27.107

49.13.27.107 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.107.27.13.49.clients.your-server.de
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 49.13.27.107

Whois 49.13.27.107

IP Abuse Reports for 49.13.27.107:

This IP address has been reported a total of 12 times from 6 distinct sources. 49.13.27.107 was first reported on July 17th 2024, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2024-07-22 02:07:59 (1 year ago)		Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-21 20:57:50 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your- ... show more (mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 21 16:57:44.826456 2024] [security2:error] [pid 1822:tid 1822] [client 49.13.27.107:58058] [client 49.13.27.107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.13.27.107 (+1 hits since last alert)\|www.localpetsitters.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.localpetsitters.com"] [uri "/xmlrpc.php"] [unique_id "Zp12SJdWfhc27Gpcxv5_RwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 neo72	2024-07-21 08:31:03 (1 year ago)	Spam	Email Spam
🇺🇸 TPI-Abuse	2024-07-21 04:27:57 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your- ... show more (mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 21 00:27:50.220877 2024] [security2:error] [pid 18575:tid 18575] [client 49.13.27.107:36956] [client 49.13.27.107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.13.27.107 (+1 hits since last alert)\|www.hodlmoser.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.hodlmoser.com"] [uri "/xmlrpc.php"] [unique_id "ZpyORrAZC4PLu__WijzHdAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-07-21 01:41:38 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2024-07-20 16:22:32 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your- ... show more (mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 20 12:22:25.604818 2024] [security2:error] [pid 19251:tid 19251] [client 49.13.27.107:33220] [client 49.13.27.107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.13.27.107 (+1 hits since last alert)\|grandmaloutunes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "grandmaloutunes.com"] [uri "/xmlrpc.php"] [unique_id "ZpvkQSXN79w88jmtKI0WgQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 bittiguru.fi	2024-07-20 15:26:04 (1 year ago)	49.13.27.107 - [20/Jul/2024:18:26:02 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 (Ma ... show more 49.13.27.107 - [20/Jul/2024:18:26:02 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" "1.86" 49.13.27.107 - [20/Jul/2024:18:26:04 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" "1.86" ... show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-07-20 12:15:03 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your- ... show more (mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 20 08:14:56.145563 2024] [security2:error] [pid 23555:tid 23555] [client 49.13.27.107:60092] [client 49.13.27.107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.13.27.107 (+1 hits since last alert)\|www.bestlawnsohio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.bestlawnsohio.com"] [uri "/xmlrpc.php"] [unique_id "ZpuqQIDVPluQ4TMFHYyOhQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-20 08:01:47 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your- ... show more (mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 20 04:01:41.141396 2024] [security2:error] [pid 7333:tid 7333] [client 49.13.27.107:44850] [client 49.13.27.107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.13.27.107 (+1 hits since last alert)\|www.badgerkelley.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.badgerkelley.com"] [uri "/xmlrpc.php"] [unique_id "Zptu5Zb72xZFfH7KG__8PwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-20 06:26:57 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your- ... show more (mod_security) mod_security (id:240335) triggered by 49.13.27.107 (static.107.27.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 20 02:26:49.881911 2024] [security2:error] [pid 19078:tid 19078] [client 49.13.27.107:33720] [client 49.13.27.107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.13.27.107 (+1 hits since last alert)\|localbakebrew.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "localbakebrew.com"] [uri "/xmlrpc.php"] [unique_id "ZptYqU0phalXva9dlsFwtAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-07-20 03:02:36 (1 year ago)	Unauthorized login attempts [ wordpress-xmlrpc, wordpress]	Brute-Force Web App Attack
Anonymous	2024-07-17 11:08:05 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.25.89.208

🇭🇺 195.199.210.194

🇨🇳 115.190.54.120

🇨🇳 112.86.225.219

🇮🇳 103.164.246.101

🇩🇪 213.209.159.11

🇪🇬 196.155.14.247

🇨🇳 150.255.53.56

🇱🇹 81.30.98.158

🇺🇸 66.132.195.49

🇺🇸 216.25.89.90

🇲🇽 187.148.94.153

🇹🇭 117.121.214.50

🇺🇸 52.44.94.57

🇮🇩 43.157.240.204

🇬🇧 217.146.80.122

🇩🇪 207.154.230.149

🇿🇦 102.129.57.220

🇭🇰 91.208.73.57

🇳🇱 91.92.40.5