JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 49.13.57.248

49.13.57.248 was found in our database!

This IP was reported 71 times. Confidence of Abuse is 63%: ?

63%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.248.57.13.49.clients.your-server.de
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 49.13.57.248

Whois 49.13.57.248

IP Abuse Reports for 49.13.57.248:

This IP address has been reported a total of 71 times from 28 distinct sources. 49.13.57.248 was first reported on April 1st 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 22:35:28 (2 hours ago)	(mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your- ... show more (mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 18:35:21.781896 2026] [security2:error] [pid 27161:tid 27161] [client 49.13.57.248:47088] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|market1st.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "market1st.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajMhKUqu8Ru-d7SmcK455AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 21:22:13 (4 hours ago)	(mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your- ... show more (mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 17:22:08.298846 2026] [security2:error] [pid 5130:tid 5130] [client 49.13.57.248:37928] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.disio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.disio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajMQACzFzujbO55eShS3jAAAAF8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-17 20:48:20 (4 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-17 08:55:35 (16 hours ago)	[redacted] 49.13.57.248 - - [17/Jun/2026:10:55:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mo ... show more [redacted] 49.13.57.248 - - [17/Jun/2026:10:55:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0" [redacted] 49.13.57.248 - - [17/Jun/2026:10:55:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" [redacted] 49.13.57.248 - - [17/Jun/2026:10:55:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0" [redacted] 49.13.57.248 - - [17/Jun/2026:10:55:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0" [redacted] 49.13.57.248 - - [17/Jun/2026:10:55:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0" [redacted] 49.13.57.248 - - [17/Jun/2026:10:55:34 +0200] "POST /xmlrp ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 08:05:15 (17 hours ago)	(mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your- ... show more (mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 04:05:12.188012 2026] [security2:error] [pid 9559:tid 9559] [client 49.13.57.248:53336] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.comicpreservation.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.comicpreservation.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajJVOC8oH7kxwSGLx_OL9QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ✨	2026-06-17 01:50:16 (23 hours ago)	Domain : rathbonepartnership.co.uk Rule : xmlrpc 2026-06-17 01:48:48 *hidden-privacy* POST /xmlr ... show more Domain : rathbonepartnership.co.uk Rule : xmlrpc 2026-06-17 01:48:48 *hidden-privacy* POST /xmlrpc.php - 443 - 49.13.57.248 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:46.0) Gecko/20100101 Firefox/46.0 - rathbonepartnership.co.uk 404 5 0 1484 398 32 - - show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 00:27:45 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your- ... show more (mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 20:27:38.439513 2026] [security2:error] [pid 14282:tid 14282] [client 49.13.57.248:45010] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.hawaiireservations.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.hawaiireservations.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajHp-jA8Gc6VEab6Z6h0XQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 14:19:22 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your- ... show more (mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 10:19:13.708619 2026] [security2:error] [pid 18587:tid 18587] [client 49.13.57.248:58332] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|solarfarms.info\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "solarfarms.info"] [uri "/wp-json/wp/v2/users"] [unique_id "ajFbYS0hBgtGnJl5eUPCngAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 04:02:18 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your- ... show more (mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 00:02:11.773293 2026] [security2:error] [pid 5717:tid 5717] [client 49.13.57.248:50082] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|vintageamptubes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vintageamptubes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajDKw8ikCyJBaiGjixkqvgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:09:32 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your- ... show more (mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:09:25.978636 2026] [security2:error] [pid 1234:tid 1234] [client 49.13.57.248:60524] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.greensandbeans.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.greensandbeans.us"] [uri "/wp-json/wp/v2/users"] [unique_id "ajAjtdbKuD6uwGiULHr52gAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 ycoskun41	2026-06-15 13:10:57 (2 days ago)	fail2ban: plesk-modsecurity jail on genckocaeli.com	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 09:02:39 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your- ... show more (mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 05:02:34.817995 2026] [security2:error] [pid 7480:tid 7480] [client 49.13.57.248:60636] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.midway-island.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.midway-island.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai-_qvGr-udPs5_3FGFYXgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 03:43:50 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your- ... show more (mod_security) mod_security (id:225170) triggered by 49.13.57.248 (static.248.57.13.49.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 23:43:44.041098 2026] [security2:error] [pid 28460:tid 28483] [client 49.13.57.248:43352] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.pwihatah.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.pwihatah.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai908FgbpcM_Rwq_WyvlSQAAAVU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-14 22:31:24 (3 days ago)		Brute-Force Web App Attack
Anonymous	2026-06-14 15:47:20 (3 days ago)	[redacted] 49.13.57.248 - - [14/Jun/2026:17:47:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mo ... show more [redacted] 49.13.57.248 - - [14/Jun/2026:17:47:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0" [redacted] 49.13.57.248 - - [14/Jun/2026:17:47:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0" [redacted] 49.13.57.248 - - [14/Jun/2026:17:47:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0" [redacted] 49.13.57.248 - - [14/Jun/2026:17:47:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0" [redacted] 49.13.57.248 - - [14/Jun/2026:17:47:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0" apollonia-barba ... show less	Hacking Web App Attack

Showing 1 to 15 of 71 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇭 202.29.230.5

🇺🇸 40.83.182.122

🇩🇪 8.209.119.143

🇨🇳 218.75.165.74

🇬🇧 195.206.182.218

🇺🇸 184.105.139.108

🇺🇸 216.169.141.40

🇪🇬 197.134.250.5

🇸🇬 185.200.116.73

🇺🇸 140.235.2.208

🇳🇱 91.92.40.7

🇺🇸 172.253.240.120

🇸🇬 103.250.11.63

🇸🇬 68.183.178.130

🇺🇸 64.62.197.230

🇸🇬 47.79.10.251

🇰🇷 39.115.137.14

🇨🇳 183.142.171.185

🇦🇪 145.241.123.102

🇫🇷 91.231.89.147