JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 49.145.10.58

49.145.10.58 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 62%: ?

62%

ISP	HOME_DSL
Usage Type	Fixed Line ISP
ASN	AS9299
Hostname(s)	dsl.49.145.10.58.pldt.net
Domain Name	pldthome.com
Country	🇵🇭 Philippines
City	Lucena, Calabarzon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 49.145.10.58

Whois 49.145.10.58

IP Abuse Reports for 49.145.10.58:

This IP address has been reported a total of 36 times from 17 distinct sources. 49.145.10.58 was first reported on April 14th 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-08 10:35:45 (6 hours ago)	(mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 06:35:40.821617 2026] [security2:error] [pid 4557:tid 4557] [client 49.145.10.58:19710] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.145.10.58 (+1 hits since last alert)\|versallis.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "versallis.com"] [uri "/xmlrpc.php"] [unique_id "aiaa_M7CpMG9UMZlTFWlZgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-06-08 09:49:12 (6 hours ago)	Known malicious PHP file or CMS probe	Web App Attack
🇩🇪 rh24	2026-06-08 09:17:35 (7 hours ago)	(xmlrpc_405) XMLRPC-Bot 405 49.145.10.58 (PH/Philippines/dsl.49.145.10.58.pldt.net)	Hacking
🇺🇸 TPI-Abuse	2026-06-07 04:23:42 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 00:23:39.125617 2026] [security2:error] [pid 28648:tid 28648] [client 49.145.10.58:17914] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.145.10.58 (+1 hits since last alert)\|oakglenhouse.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "oakglenhouse.com"] [uri "/xmlrpc.php"] [unique_id "aiTyS-b5Cwgo6ofe_yU_eAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 03:10:33 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 23:10:29.383408 2026] [security2:error] [pid 2195:tid 2195] [client 49.145.10.58:20011] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.145.10.58 (+1 hits since last alert)\|haverhillhouse.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "haverhillhouse.com"] [uri "/xmlrpc.php"] [unique_id "aiThJRVbMs2hO8dIGFDqhQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Marc	2026-06-03 22:27:57 (4 days ago)	49.145.10.58 - - [04/Jun/2026:00:27:35 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3219 "-" "Jetpack by W ... show more 49.145.10.58 - - [04/Jun/2026:00:27:35 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3219 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" 49.145.10.58 - - [04/Jun/2026:00:27:45 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3220 "-" "Jetpack by WordPress.com" 49.145.10.58 - - [04/Jun/2026:00:27:55 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3220 "-" "Jetpack/13.0; WordPress/6.2; http://site62807174.com" show less	Brute-Force Web App Attack
Anonymous	2026-06-02 10:50:40 (6 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-01 11:05:10 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 07:05:04.419910 2026] [security2:error] [pid 3918:tid 3918] [client 49.145.10.58:19408] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.145.10.58 (+1 hits since last alert)\|drwolberg.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drwolberg.com"] [uri "/xmlrpc.php"] [unique_id "ah1nYF2yDSZFEkg0HpwwXQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Jason Howell	2026-05-31 12:06:20 (1 week ago)	49.145.10.58 - - [31/May/2026:06:57:20 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3367 "-" "WordPress.co ... show more 49.145.10.58 - - [31/May/2026:06:57:20 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3367 "-" "WordPress.com; https://wordpress.com" 49.145.10.58 - - [31/May/2026:06:59:55 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3367 "-" "WordPress.com; https://wordpress.com" 49.145.10.58 - - [31/May/2026:07:02:04 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3368 "-" "Jetpack by WordPress.com" 49.145.10.58 - - [31/May/2026:07:04:11 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3367 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)" 49.145.10.58 - - [31/May/2026:07:06:19 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3369 "-" "WordPress.com; https://wordpress.com" ... show less	Web App Attack
Anonymous	2026-05-31 11:29:10 (1 week ago)	Attac	Brute-Force
🇫🇷 dynamix	2026-05-31 10:55:10 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-05-26 04:17:16 (1 week ago)	Attac	Brute-Force
🇩🇪 LRob.fr	2026-05-24 13:45:08 (2 weeks ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2026-05-24 13:06:04 (2 weeks ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (84/60 min)'; Requests=84	Port Scan
🇺🇸 TPI-Abuse	2026-05-22 04:18:57 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 49.145.10.58 (dsl.49.145.10.58.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 00:18:52.153952 2026] [security2:error] [pid 1687:tid 1687] [client 49.145.10.58:20019] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.145.10.58 (+1 hits since last alert)\|matt-bechtel.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "matt-bechtel.com"] [uri "/xmlrpc.php"] [unique_id "ag_ZLH1rrOTUCWZWc1Vc5gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.90

🇳🇱 195.26.87.217

🇮🇳 117.200.91.125

🇨🇳 114.217.53.40

🇨🇳 111.228.36.44

🇺🇸 91.230.168.142

🇧🇷 186.209.134.191

🇩🇪 185.242.3.173

🇭🇰 152.32.174.186

🇫🇷 143.244.57.88

🇮🇩 103.63.25.203

🇷🇺 37.128.240.47

🇨🇳 1.85.14.122

🇮🇷 188.0.240.22

🇫🇷 185.177.72.69

🇭🇰 103.230.240.59

🇧🇩 103.29.181.2

🇫🇮 83.97.118.145

🇧🇬 79.124.62.230

🇱🇹 62.60.130.14