JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 49.228.41.222

49.228.41.222 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 86%: ?

86%

ISP	AIS Fibre
Usage Type	Fixed Line ISP
ASN	AS133481
Hostname(s)	49-228-41-0.24.nat.sila1-cgn02.myaisfibre.com
Domain Name	ais.th
Country	🇹🇭 Thailand
City	Warin Chamrap, Ubon Ratchathani

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 49.228.41.222

Whois 49.228.41.222

IP Abuse Reports for 49.228.41.222:

This IP address has been reported a total of 37 times from 20 distinct sources. 49.228.41.222 was first reported on March 17th 2021, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-20 04:28:57 (8 hours ago)	49.228.41.222 - - [20/Jun/2026:06:28:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by W ... show more 49.228.41.222 - - [20/Jun/2026:06:28:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" 49.228.41.222 - - [20/Jun/2026:06:28:25 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack/13.0; WordPress/6.2; http://site55994409.com" 49.228.41.222 - - [20/Jun/2026:06:28:36 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com" 49.228.41.222 - - [20/Jun/2026:06:28:46 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)" 49.228.41.222 - - [20/Jun/2026:06:28:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 767 "-" "Jetpack by WordPress.com" ... show less	Brute-Force Web App Attack
🇫🇷 bazter.pro	2026-06-20 03:29:16 (9 hours ago)	Fail2Ban: plesk-bot-aggressive - 15 failures	Port Scan Bad Web Bot Web App Attack
🇺🇸 Jason Howell	2026-06-20 02:06:52 (10 hours ago)	49.228.41.222 - - [19/Jun/2026:20:54:31 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4743 "-" "Jetpack by ... show more 49.228.41.222 - - [19/Jun/2026:20:54:31 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4743 "-" "Jetpack by WordPress.com" 49.228.41.222 - - [19/Jun/2026:20:56:38 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4743 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)" 49.228.41.222 - - [19/Jun/2026:20:58:44 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4744 "-" "WordPress.com; https://wordpress.com" 49.228.41.222 - - [19/Jun/2026:21:00:51 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4743 "-" "Jetpack by WordPress.com" 49.228.41.222 - - [19/Jun/2026:21:06:51 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4744 "-" "Jetpack/12.0; WordPress/6.4; http://site97896830.com" ... show less	Web App Attack
🇫🇷 dynamix	2026-06-20 00:53:51 (11 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-20 00:53:47 (11 hours ago)	[redacted] 49.228.41.222 - - [20/Jun/2026:02:53:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "W ... show more [redacted] 49.228.41.222 - - [20/Jun/2026:02:53:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 49.228.41.222 - - [20/Jun/2026:02:53:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 49.228.41.222 - - [20/Jun/2026:02:53:24 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)" [redacted] 49.228.41.222 - - [20/Jun/2026:02:53:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 49.228.41.222 - - [20/Jun/2026:02:53:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇩🇪 abdubhai	2026-06-20 00:53:45 (11 hours ago)	49.228.41.222 - - [20/Jun/2026:0 ...	Brute-Force
🇺🇸 TPI-Abuse	2026-06-19 23:54:53 (12 hours ago)	(mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.m ... show more (mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.myaisfibre.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 19:54:46.712425 2026] [security2:error] [pid 20824:tid 20824] [client 49.228.41.222:46661] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.228.41.222 (+1 hits since last alert)\|aseguratuauto.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "aseguratuauto.com"] [uri "/xmlrpc.php"] [unique_id "ajXWxn4ew9TxJ7dX3Fs1XwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-19 22:19:59 (14 hours ago)	Blocked by CSF 13 firewall - Rule: XMLRPC TH/Thailand/49-228-41-0.24.nat.sila1-cgn02.myaisfibre.com	Web App Attack
🇪🇸 masterguru	2026-06-19 18:17:29 (18 hours ago)	(xmlrpc) Failed xmlrpc access from 49.228.41.222 (TH/Thailand/49-228-41-0.24.nat.sila1-cgn02.myaisfi ... show more (xmlrpc) Failed xmlrpc access from 49.228.41.222 (TH/Thailand/49-228-41-0.24.nat.sila1-cgn02.myaisfibre.com): 5 in the last 3600 secs (0-122) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-19 15:17:31 (21 hours ago)	(mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.m ... show more (mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.myaisfibre.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 11:17:27.646763 2026] [security2:error] [pid 22263:tid 22263] [client 49.228.41.222:27721] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.228.41.222 (+1 hits since last alert)\|smilingorc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "smilingorc.com"] [uri "/xmlrpc.php"] [unique_id "ajVdhwInKxWGdeneQQeSMQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 06:26:22 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.m ... show more (mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.myaisfibre.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 02:26:19.037512 2026] [security2:error] [pid 12481:tid 12481] [client 49.228.41.222:47825] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.228.41.222 (+1 hits since last alert)\|gerrytolentino.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gerrytolentino.net"] [uri "/xmlrpc.php"] [unique_id "ajThCxW5NzfLpIChVEya0QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 05:42:28 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.m ... show more (mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.myaisfibre.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 01:42:24.113666 2026] [security2:error] [pid 25434:tid 25434] [client 49.228.41.222:18092] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.228.41.222 (+1 hits since last alert)\|alafiariverrendezvous.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "alafiariverrendezvous.org"] [uri "/xmlrpc.php"] [unique_id "ajTWwHvz3lJLldSiXSGaGwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 23:36:03 (1 day ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 integrantservices.com	2026-06-18 21:48:57 (1 day ago)	(wordpress) Failed wordpress login from 49.228.41.222 (TH/Thailand/49-228-41-0.24.nat.sila1-cgn02.my ... show more (wordpress) Failed wordpress login from 49.228.41.222 (TH/Thailand/49-228-41-0.24.nat.sila1-cgn02.myaisfibre.com) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-18 21:45:18 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.m ... show more (mod_security) mod_security (id:240335) triggered by 49.228.41.222 (49-228-41-0.24.nat.sila1-cgn02.myaisfibre.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:45:13.425276 2026] [security2:error] [pid 5022:tid 5043] [client 49.228.41.222:58024] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.228.41.222 (+1 hits since last alert)\|daraluz.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "daraluz.net"] [uri "/xmlrpc.php"] [unique_id "ajRm6XUkUTVHng4P1p3CEgAAARE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.185

🇨🇦 178.93.200.78

🇳🇱 145.223.57.233

🇳🇱 45.148.10.240

🇧🇷 186.215.245.175

🇸🇪 171.25.158.80

🇫🇮 147.185.133.217

🇺🇸 73.204.137.84

🇺🇸 64.62.156.98

🇺🇸 54.166.155.219

🇺🇸 40.77.167.130

🇬🇧 35.203.210.203

🇬🇧 35.203.210.130

🇺🇸 34.132.126.199

🇯🇵 20.243.208.191

🇺🇸 20.168.120.249

🇰🇷 221.161.235.168

🇺🇸 172.245.102.76

🇬🇧 87.236.176.174

🇩🇪 46.225.8.152