JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 49.36.209.173

49.36.209.173 was found in our database!

This IP was reported 88 times. Confidence of Abuse is 21%: ?

21%

ISP	Reliance Jio Infocomm Limited
Usage Type	Fixed Line ISP
ASN	AS55836
Domain Name	jio.com
Country	🇮🇳 India
City	Lucknow, Uttar Pradesh

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 49.36.209.173

Whois 49.36.209.173

IP Abuse Reports for 49.36.209.173:

This IP address has been reported a total of 88 times from 50 distinct sources. 49.36.209.173 was first reported on September 4th 2021, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-04-27 22:38:21 (1 month ago)		Brute-Force Web App Attack
🇵🇱 lns.bz	2026-04-26 16:53:01 (1 month ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack
Anonymous	2026-04-25 04:44:34 (1 month ago)		Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-24 06:24:25 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 49.36.209.173 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 49.36.209.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 02:24:15.535371 2026] [security2:error] [pid 3598725:tid 3598725] [client 49.36.209.173:62300] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.36.209.173 (+1 hits since last alert)\|coolerboxes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "coolerboxes.com"] [uri "/xmlrpc.php"] [unique_id "aesMj3gK0NBBIXUsOWFLLgAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Kenshin869	2026-04-24 03:46:56 (1 month ago)	Wordpress unauthorized access attempt	Brute-Force
🇺🇸 TPI-Abuse	2026-04-24 02:47:07 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 49.36.209.173 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 49.36.209.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 22:46:57.103204 2026] [security2:error] [pid 27508:tid 27508] [client 49.36.209.173:51584] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.36.209.173 (+1 hits since last alert)\|waterjetsolutions.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "waterjetsolutions.com"] [uri "/xmlrpc.php"] [unique_id "aerZoVO91xkcgCIphxNdvAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-24 01:15:03 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 49.36.209.173 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 49.36.209.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 21:14:55.352645 2026] [security2:error] [pid 393:tid 423] [client 49.36.209.173:56162] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.36.209.173 (+1 hits since last alert)\|chaoticperception.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "chaoticperception.com"] [uri "/xmlrpc.php"] [unique_id "aerED9aYnaZh0W1KvgXjDQAAAFY"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-04-23 22:23:18 (1 month ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇫🇷 SpaceHost-Server	2026-04-23 16:25:02 (1 month ago)	49.36.209.173 - - [23/Apr/2026:18:24:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by W ... show more 49.36.209.173 - - [23/Apr/2026:18:24:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)" 49.36.209.173 - - [23/Apr/2026:18:24:51 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com" 49.36.209.173 - - [23/Apr/2026:18:25:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)" show less	Hacking Web App Attack
🇫🇷 SpaceHost-Server	2026-04-23 16:09:40 (1 month ago)	49.36.209.173 - - [23/Apr/2026:18:09:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/13.0 ... show more 49.36.209.173 - - [23/Apr/2026:18:09:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/13.0; WordPress/6.1; http://site26395295.com" 49.36.209.173 - - [23/Apr/2026:18:09:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "WordPress.com; https://wordpress.com" 49.36.209.173 - - [23/Apr/2026:18:09:40 +0200] "POST /xmlrpc.php HTTP/1.1" 200 430 "-" "Jetpack/12.5; WordPress/6.3; http://site79597179.com" show less	Hacking Web App Attack
🇳🇱 Site.eu	2026-04-17 17:13:35 (1 month ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-04-17 10:38:26 (1 month ago)	(wordpress) Failed wordpress login from 49.36.209.173 (IN/India/-)	Brute-Force
🇹🇷 rtbh.com.tr	2026-04-09 20:12:24 (1 month ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇹🇷 rtbh.com.tr	2026-04-08 20:12:23 (2 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇹🇷 rtbh.com.tr	2026-04-06 20:12:22 (2 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force

Showing 1 to 15 of 88 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇿 195.158.26.59

🇷🇺 178.178.194.134

🇧🇷 149.19.166.143

🇫🇮 147.185.133.114

🇮🇳 123.253.163.58

🇺🇸 103.221.234.171

🇷🇴 92.118.39.62

🇬🇧 46.101.9.245

🇩🇪 45.135.193.193

🇪🇬 41.65.118.172

🇧🇪 34.79.69.186

🇦🇺 27.124.111.122

🇺🇸 24.142.170.231

🇮🇳 203.192.211.180

🇧🇷 200.189.28.101

🇳🇱 193.176.31.215

🇸🇬 159.138.120.200

🇺🇸 143.198.163.29

🇩🇪 69.5.169.160

🇺🇸 64.62.156.175