JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 170.247.239.220

170.247.239.220 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 22%: ?

22%

ISP	IPNET TELECOMUNICACOES LTDA
Usage Type	Fixed Line ISP
ASN	AS61792
Hostname(s)	cust-170-247-239-220.ipnettelecom.com.br
Domain Name	ipnettelecom.com.br
Country	🇧🇷 Brazil
City	Salto de Pirapora, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 170.247.239.220

Whois 170.247.239.220

IP Abuse Reports for 170.247.239.220:

This IP address has been reported a total of 12 times from 6 distinct sources. 170.247.239.220 was first reported on April 22nd 2024, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-06-11 21:40:28 (15 hours ago)	[Fri Jun 12 04:40:23.885806 2026] [security2:error] [pid 2001751:tid 139768313026240] [client 170.24 ... show more [Fri Jun 12 04:40:23.885806 2026] [security2:error] [pid 2001751:tid 139768313026240] [client 170.247.239.220:21781] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bmkg.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bmkg.go.id found within REQUEST_HEADERS:Referer: https://www.bmkg.go.id/ request_line = GET /index.php/informasi-iklim/infografis-iklim/infografis-dasarian/infografis-dasarian-iklim HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/informasi-iklim/infografis-iklim/infografis-dasarian/infografis-dasarian-iklim"] [unique_id "aisrR6cx038iEOKcPkAMQwAAgRg"], referer https://www.bmkg.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[2001788] [Gy4bNcHCZZU] [aisrR6cx038iEOKcPkAMQwAAgRg] keep_alive=[1] [2026-06-12 04:40:23.885811] [R:aisrR6cx038iEOKcPkAMQwAAgRg ... show less	Email Spam Hacking
🇺🇸 TPI-Abuse	2026-06-07 18:31:36 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 170.247.239.220 (cust-170-247-239-220.ipnettele ... show more (mod_security) mod_security (id:210730) triggered by 170.247.239.220 (cust-170-247-239-220.ipnettelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 14:31:29.576634 2026] [security2:error] [pid 18956:tid 18956] [client 170.247.239.220:9706] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|phantomkennels.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "phantomkennels.com"] [uri "/[email protected]"] [unique_id "aiW5AeRAWBLxab2-RBrFlgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 polycoda	2026-05-30 11:37:47 (1 week ago)	🥶 Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27	DDoS Attack
🇮🇩 hermawan	2026-04-16 08:00:58 (1 month ago)	04/16/2026-14:59:40.643252 [Drop] [] [1:3100000595:0] Suricata match TLS JA3 scan Uniq Zeek no 59 ... show more 04/16/2026-14:59:40.643252 [Drop] [] [1:3100000595:0] Suricata match TLS JA3 scan Uniq Zeek no 595 with hash_304734bb1c086c3453b387400cf83f11 [**] [Classification: (null)] [Priority: 3] {TCP} 170.247.239.220:51366 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇨🇦 polycoda	2026-02-15 13:58:41 (3 months ago)	📄 Probes for tons of inexistent files and PHP scripts	Hacking Web App Attack
Anonymous	2025-11-25 20:09:52 (6 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-20 05:42:41 (6 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-16 14:07:47 (6 months ago)	scanning http requests from known botnet	Web App Attack
🇳🇱 exxos	2025-08-29 01:05:34 (9 months ago)	Attacks with Bad user agents	Hacking
🇳🇱 exxos	2025-07-27 22:29:56 (10 months ago)	web exploit attacks	Web App Attack
🇳🇱 exxos	2025-06-28 14:11:51 (11 months ago)	web exploit attacks	Web App Attack
Anonymous	2024-04-22 02:10:08 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 207.244.202.65

🇨🇳 202.107.96.28

🇨🇳 42.52.167.138

🇩🇪 213.209.159.227

🇨🇭 176.65.144.128

🇺🇸 167.99.54.222

🇺🇸 103.143.10.79

🇨🇦 51.161.37.204

🇨🇳 49.234.192.248

🇺🇸 45.8.19.40

🇺🇸 44.32.208.253

🇨🇱 181.43.242.98

🇳🇬 152.32.141.2

🇨🇭 85.203.45.234

🇳🇱 45.156.128.157

🇺🇸 44.68.91.15

🇦🇺 20.227.130.11

🇨🇭 209.99.190.113

🇩🇪 195.179.230.95

🇺🇸 162.216.150.154