JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 58.27.243.6

58.27.243.6 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 83%: ?

83%

ISP	National Wimax/IMS environment
Usage Type	Fixed Line ISP
ASN	AS38264
Hostname(s)	58-27-243-6.wateen.net
Domain Name	wateen.com
Country	🇵🇰 Pakistan
City	Lahore, Punjab

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 58.27.243.6

Whois 58.27.243.6

IP Abuse Reports for 58.27.243.6:

This IP address has been reported a total of 41 times from 18 distinct sources. 58.27.243.6 was first reported on April 8th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 14:49:43 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 10:49:37.433285 2026] [security2:error] [pid 15080:tid 15080] [client 58.27.243.6:32461] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 58.27.243.6 (+1 hits since last alert)\|zabyte.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "zabyte.net"] [uri "/xmlrpc.php"] [unique_id "aiwcgWMq1OuHohWfQae4tQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 vaia.cloud	2026-06-11 23:18:03 (2 days ago)	trying wp-login.php/xmlrpc.php 30 times in 1 minutes	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 22:28:38 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 18:28:34.784905 2026] [security2:error] [pid 27975:tid 27986] [client 58.27.243.6:44421] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 58.27.243.6 (+1 hits since last alert)\|georgementz.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "georgementz.org"] [uri "/xmlrpc.php"] [unique_id "ais2kqVMPrW36SIlJvwUywAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-11 20:50:03 (2 days ago)	(xmlrpc_405) XMLRPC-Bot 405 58.27.243.6 (PK/Pakistan/58-27-243-6.wateen.net)	Hacking
🇺🇸 factor1	2026-06-11 19:48:12 (2 days ago)	Fail2ban at saturn Reports Abuse.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 23:22:43 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 19:22:39.725173 2026] [security2:error] [pid 13618:tid 13638] [client 58.27.243.6:47257] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 58.27.243.6 (+1 hits since last alert)\|koalacogs.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "koalacogs.com"] [uri "/xmlrpc.php"] [unique_id "ainxvzGkk9OeHpz5vE4oUgAAAVI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-10 16:08:46 (4 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-10 16:00:14 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 12:00:10.064549 2026] [security2:error] [pid 15052:tid 15052] [client 58.27.243.6:36045] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 58.27.243.6 (+1 hits since last alert)\|coyotebytes.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "coyotebytes.net"] [uri "/xmlrpc.php"] [unique_id "aimKCrUC6IzH8AWDg98HhwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 15:00:21 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 11:00:15.230452 2026] [security2:error] [pid 23222:tid 23222] [client 58.27.243.6:28048] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 58.27.243.6 (+1 hits since last alert)\|campos.tv\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "campos.tv"] [uri "/xmlrpc.php"] [unique_id "ail7__8VVoqty9qt3mcmGAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-09 21:38:04 (4 days ago)	(wordpress) Failed wordpress login from 58.27.243.6 (PK/Pakistan/58-27-243-6.wateen.net): (CF_ENABL ... show more (wordpress) Failed wordpress login from 58.27.243.6 (PK/Pakistan/58-27-243-6.wateen.net): (CF_ENABLE) show less	Brute-Force
🇺🇸 integrantservices.com	2026-06-09 19:02:29 (4 days ago)	(wordpress) Failed wordpress login from 58.27.243.6 (PK/Pakistan/58-27-243-6.wateen.net)	Brute-Force
Anonymous	2026-06-09 16:46:41 (5 days ago)	58.27.243.6 - - [09/Jun/2026:18:46:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by Wor ... show more 58.27.243.6 - - [09/Jun/2026:18:46:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)" 58.27.243.6 - - [09/Jun/2026:18:46:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.3)" 58.27.243.6 - - [09/Jun/2026:18:46:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com" 58.27.243.6 - - [09/Jun/2026:18:46:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 58.27.243.6 - - [09/Jun/2026:18:46:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" ... show less	Brute-Force Web App Attack
🇱🇻 garmtech.com	2026-06-09 16:09:09 (5 days ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 18:26:19 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 58.27.243.6 (58-27-243-6.wateen.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 14:26:13.183443 2026] [security2:error] [pid 5407:tid 5407] [client 58.27.243.6:42651] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 58.27.243.6 (+1 hits since last alert)\|rdhtrucking.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rdhtrucking.com"] [uri "/xmlrpc.php"] [unique_id "aicJReDVMkweUNmDDaS6uQAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 17:17:03 (6 days ago)	[redacted] 58.27.243.6 - - [08/Jun/2026:19:15:48 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jet ... show more [redacted] 58.27.243.6 - - [08/Jun/2026:19:15:48 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" [redacted] 58.27.243.6 - - [08/Jun/2026:19:15:59 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 58.27.243.6 - - [08/Jun/2026:19:16:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 58.27.243.6 - - [08/Jun/2026:19:16:53 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 58.27.243.6 - - [08/Jun/2026:19:17:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 206.189.198.17

🇺🇸 148.153.139.119

🇺🇸 47.251.106.132

🇸🇬 43.173.176.185

🇸🇬 43.172.195.233

🇳🇱 213.177.179.12

🇬🇧 213.166.84.46

🇨🇳 119.96.223.148

🇺🇸 104.237.240.112

🇺🇸 44.203.167.161

🇻🇳 171.237.176.209

🇱🇹 141.98.10.170

🇩🇪 130.61.152.179

🇰🇷 118.37.214.187

🇨🇦 85.217.149.19

🇨🇳 58.144.223.66

🇶🇦 34.18.202.49

🇺🇸 20.64.104.70

🇺🇸 2600:1f18:3120:f505:c019:136f:8aab:fe54

🇹🇿 154.66.226.207