JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 49.48.51.76

49.48.51.76 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 80%: ?

80%

ISP	Triple T Broadband Public Company Limited
Usage Type	Fixed Line ISP
ASN	AS45758
Hostname(s)	mx-ll-49.48.51-76.dynamic.3bb.in.th
Domain Name	ais.th
Country	🇹🇭 Thailand
City	Bang Lamung, Chon Buri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 49.48.51.76

Whois 49.48.51.76

IP Abuse Reports for 49.48.51.76:

This IP address has been reported a total of 23 times from 15 distinct sources. 49.48.51.76 was first reported on May 27th 2026, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-03 17:04:20 (5 hours ago)	(mod_security) mod_security (id:240335) triggered by 49.48.51.76 (mx-ll-49.48.51-76.dynamic.3bb.co.t ... show more (mod_security) mod_security (id:240335) triggered by 49.48.51.76 (mx-ll-49.48.51-76.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 13:04:15.294417 2026] [security2:error] [pid 32058:tid 32062] [client 49.48.51.76:50513] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.48.51.76 (+1 hits since last alert)\|thestoryofmyvoice.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thestoryofmyvoice.com"] [uri "/xmlrpc.php"] [unique_id "aiBejwlx2ShTVHCfHKZNkgAAAQI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 11:59:52 (10 hours ago)	(mod_security) mod_security (id:240335) triggered by 49.48.51.76 (mx-ll-49.48.51-76.dynamic.3bb.co.t ... show more (mod_security) mod_security (id:240335) triggered by 49.48.51.76 (mx-ll-49.48.51-76.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 07:59:47.692979 2026] [security2:error] [pid 13502:tid 13502] [client 49.48.51.76:57738] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.48.51.76 (+1 hits since last alert)\|aroilcontrolsystem.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "aroilcontrolsystem.com"] [uri "/xmlrpc.php"] [unique_id "aiAXM3ywmkT12_wP534RugAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 11:32:11 (11 hours ago)	Attac	Brute-Force
🇫🇷 stefaniak41500	2026-06-03 10:54:00 (11 hours ago)	Shield Guard: AbuseIPDB: 78% (suspect) \| Scanner: wordpress.com (+55) \| Chemin suspect: /xmlrpc.php	Web App Attack Port Scan
🇳🇱 ConsulHosting	2026-06-02 13:54:57 (1 day ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 12:04:15 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 49.48.51.76 (mx-ll-49.48.51-76.dynamic.3bb.co.t ... show more (mod_security) mod_security (id:240335) triggered by 49.48.51.76 (mx-ll-49.48.51-76.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 08:04:07.883059 2026] [security2:error] [pid 26844:tid 26844] [client 49.48.51.76:57683] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.48.51.76 (+1 hits since last alert)\|warpedweed.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "warpedweed.com"] [uri "/xmlrpc.php"] [unique_id "ah11N2m00KwLAM7nRwX-1wAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-06-01 11:11:42 (2 days ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS	Web App Attack
🇱🇻 garmtech.com	2026-06-01 11:08:40 (2 days ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)	Web App Attack
🇳🇱 Site.eu	2026-05-31 08:22:15 (3 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-05-31 08:22:05 (3 days ago)		Bad Web Bot Web App Attack
Anonymous	2026-05-31 08:00:04 (3 days ago)	Web App Attack, Hacking	Hacking Web App Attack
🇧🇪 cmbplf	2026-05-31 07:29:19 (3 days ago)	2.864 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
Anonymous	2026-05-30 11:15:11 (4 days ago)	Attac	Brute-Force
🇺🇸 WeekendWeb	2026-05-30 07:10:02 (4 days ago)	Wordpress Vunerability attack	Web App Attack
Anonymous	2026-05-30 06:39:04 (4 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.176.29.18

🇧🇷 179.185.69.43

🇨🇳 125.105.238.142

🇲🇾 49.124.153.11

🇬🇧 2a02:4780:a:2127:0:275a:9629:1

🇺🇸 216.244.66.239

🇳🇱 213.177.179.144

🇺🇸 205.210.31.78

🇳🇱 192.142.24.39

🇻🇳 180.93.43.225

🇧🇷 177.85.67.158

🇨🇳 157.18.35.208

🇺🇸 131.106.52.221

🇻🇳 116.110.7.37

🇨🇳 113.222.224.195

🇲🇦 102.50.249.95

🇧🇷 45.174.162.68

🇧🇪 34.78.29.97

🇺🇸 20.119.95.16

🇧🇷 205.210.31.146