JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 95.203.1.49

95.203.1.49 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 59%: ?

59%

ISP	Telia Network Services
Usage Type	Mobile ISP
ASN	AS3301
Hostname(s)	host-95-203-1-49.mobileonline.telia.com
Domain Name	telia.net
Country	🇸🇪 Sweden
City	Malmo, Skane

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 95.203.1.49

Whois 95.203.1.49

IP Abuse Reports for 95.203.1.49:

This IP address has been reported a total of 18 times from 9 distinct sources. 95.203.1.49 was first reported on June 18th 2026, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 YF	2026-06-22 05:00:47 (3 hours ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
🇩🇪 rh24	2026-06-21 22:10:29 (10 hours ago)	(wordpress) Failed wordpress login from 95.203.1.49 (SE/Sweden/host-95-203-1-49.mobileonline.telia.c ... show more (wordpress) Failed wordpress login from 95.203.1.49 (SE/Sweden/host-95-203-1-49.mobileonline.telia.com): (CF_ENABLE) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-21 16:17:25 (16 hours ago)	(mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.teli ... show more (mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.telia.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 12:17:21.198196 2026] [security2:error] [pid 8674:tid 8689] [client 95.203.1.49:19802] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 95.203.1.49 (+1 hits since last alert)\|pilargarciamanzanares.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pilargarciamanzanares.com"] [uri "/xmlrpc.php"] [unique_id "ajgOkWQqwgHKSIa4t2AFDQAAAM0"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-21 15:27:31 (17 hours ago)	Blocked by CSF 13 firewall - Rule: XMLRPC SE/Sweden/host-95-203-1-49.mobileonline.telia.com	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 13:43:12 (18 hours ago)	(mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.teli ... show more (mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.telia.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 09:43:09.169312 2026] [security2:error] [pid 29398:tid 29398] [client 95.203.1.49:22428] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 95.203.1.49 (+1 hits since last alert)\|agworldmissions.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "agworldmissions.org"] [uri "/xmlrpc.php"] [unique_id "ajfqbTN4CdgD-AuGjOpXYQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-21 09:18:09 (23 hours ago)	Attac	Brute-Force
🇫🇷 dynamix	2026-06-21 05:40:52 (1 day ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇩🇪 BlueWire Hosting	2026-06-20 23:14:01 (1 day ago)	Probing websites for vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 20:05:29 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.teli ... show more (mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.telia.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 16:05:25.336743 2026] [security2:error] [pid 10953:tid 10953] [client 95.203.1.49:55891] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 95.203.1.49 (+1 hits since last alert)\|edgebiopharma.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "edgebiopharma.com"] [uri "/xmlrpc.php"] [unique_id "ajbyhRBix6UN3EoFZGrNKgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Kenshin869	2026-06-20 15:55:42 (1 day ago)	Wordpress unauthorized access attempt	Brute-Force
🇺🇸 TPI-Abuse	2026-06-20 15:14:40 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.teli ... show more (mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.telia.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 11:14:35.426679 2026] [security2:error] [pid 18960:tid 18960] [client 95.203.1.49:12274] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 95.203.1.49 (+1 hits since last alert)\|my-spec.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "my-spec.com"] [uri "/xmlrpc.php"] [unique_id "ajauW9RCA6x61LcvPQK8NQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 01:29:34 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.teli ... show more (mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.telia.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 21:29:25.962477 2026] [security2:error] [pid 18730:tid 18730] [client 95.203.1.49:36828] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 95.203.1.49 (+1 hits since last alert)\|richmondrents.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "richmondrents.com"] [uri "/xmlrpc.php"] [unique_id "ajXs9T1ryvK02RHrxF6KWQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-19 23:22:22 (2 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 19:24:40 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.teli ... show more (mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.telia.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 15:24:35.968825 2026] [security2:error] [pid 7475:tid 7475] [client 95.203.1.49:60284] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 95.203.1.49 (+1 hits since last alert)\|convtek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "convtek.com"] [uri "/xmlrpc.php"] [unique_id "ajWXc23syXOGDqG_7I45CQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 17:42:45 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.teli ... show more (mod_security) mod_security (id:240335) triggered by 95.203.1.49 (host-95-203-1-49.mobileonline.telia.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 13:42:39.467200 2026] [security2:error] [pid 1911:tid 1972] [client 95.203.1.49:60218] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 95.203.1.49 (+1 hits since last alert)\|busybeerestaurant.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "busybeerestaurant.com"] [uri "/xmlrpc.php"] [unique_id "ajV_j2LD0y_Vl0AEarjvnwAAAVQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.61

🇷🇺 176.32.39.21

🇿🇲 45.215.251.194

🇪🇬 41.33.58.148

🇺🇸 23.229.54.178

🇺🇸 2a04:c300:400::1d0

🇺🇸 2001:470:2cc:1:95f0:8b0b:6697:af28

🇧🇷 201.77.170.65

🇩🇪 167.94.145.27

🇧🇷 118.26.105.52

🇺🇸 91.230.168.183

🇨🇦 85.217.149.39

🇺🇸 40.124.175.201

🇬🇧 2a06:4880:6000::71

🇩🇪 213.209.159.231

🇵🇱 172.253.255.56

🇸🇬 103.250.11.63

🇺🇸 34.138.49.31

🇳🇱 31.14.32.6

🇹🇷 213.128.70.19