JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 220.250.48.249

220.250.48.249 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 0%: ?

ISP	Fuzhou city, fujian provincial network of CNCGROUP
Usage Type	Fixed Line ISP
ASN	AS4837
Domain Name	wo.com.cn
Country	🇨🇳 China
City	Xiamen, Fujian

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 220.250.48.249

Whois 220.250.48.249

IP Abuse Reports for 220.250.48.249:

This IP address has been reported a total of 32 times from 14 distinct sources. 220.250.48.249 was first reported on November 7th 2023, and the most recent report was 2 years ago.

Old Reports: The most recent abuse report for this IP address is from 2 years ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 EGP Abuse Dept	2023-11-22 11:25:12 (2 years ago)	SQL injection attack	SQL Injection
🇺🇸 TPI-Abuse	2023-11-22 02:12:04 (2 years ago)	(mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 21 21:12:00.869392 2023] [security2:error] [pid 2108] [client 220.250.48.249:43040] [client 220.250.48.249] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sqlmap" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|concertosupport.com\|F\|2"] [data "sqlmap/1.6.4#stable (https://sqlmap.org)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "concertosupport.com"] [uri "/login.aspx"] [unique_id "ZV1jcMWrTpH05_OWl3kPZwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2023-11-21 08:20:59 (2 years ago)	(mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 21 03:20:54.574908 2023] [security2:error] [pid 29286:tid 47932564432640] [client 220.250.48.249:59758] [client 220.250.48.249] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sqlmap" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|aaacoinandstamp.com\|F\|2"] [data "sqlmap/1.6.4#stable (https://sqlmap.org)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "aaacoinandstamp.com"] [uri "/"] [unique_id "ZVxoZpfCP8kaOrJHgh3GcwAAAEA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Savvii	2023-11-20 21:50:32 (2 years ago)	20 attempts against mh-misbehave-ban on float	Brute-Force Bad Web Bot Web App Attack
🇨🇭 zynex	2023-11-20 18:59:32 (2 years ago)	SQL Injection in QueryString parameter: 1 AND EXTRACTVALUE(6635,CONCAT(0x5c,0x716a627171,(SELECT (EL ... show more SQL Injection in QueryString parameter: 1 AND EXTRACTVALUE(6635,CONCAT(0x5c,0x716a627171,(SELECT (ELT(6635=6635,1))),0x7176707171)) show less	SQL Injection
🇬🇧 Aetherweb Ark	2023-11-20 13:47:59 (2 years ago)	(mod_security) mod_security (id:210801) triggered by 220.250.48.249 (CN/China/-): N in the last X se ... show more (mod_security) mod_security (id:210801) triggered by 220.250.48.249 (CN/China/-): N in the last X secs show less	Web App Attack
🇨🇭 zynex	2023-11-19 10:38:34 (2 years ago)	SQL Injection in QueryString parameter: 59 AND 8735=CAST((CHR(113)\|\|CHR(118)\|\|CHR(106)\|\|CHR(106)\|\|CH ... show more SQL Injection in QueryString parameter: 59 AND 8735=CAST((CHR(113)\|\|CHR(118)\|\|CHR(106)\|\|CHR(106)\|\|CHR(113))\|\|(SELECT (CASE WHEN (8735=8735) THEN 1 ELSE 0 END))::text\|\|(CHR(113)\|\|CHR(106)\|\|CHR(120)\|\|CHR(98)\|\|CHR(113)) AS NUMERIC) show less	SQL Injection
🇺🇸 TPI-Abuse	2023-11-19 05:45:17 (2 years ago)	(mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 19 00:45:10.165381 2023] [security2:error] [pid 15355] [client 220.250.48.249:49414] [client 220.250.48.249] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sqlmap" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|www.laboquimia.es\|F\|2"] [data "sqlmap/1.6.4#stable (https://sqlmap.org)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "www.laboquimia.es"] [uri "/catalogo/producto.php"] [unique_id "ZVmg5gLMpnH0t0G2SZC--wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2023-11-19 03:30:05 (2 years ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
Anonymous	2023-11-18 11:29:57 (2 years ago)	SQL injection, multiple attempts.	SQL Injection
Anonymous	2023-11-18 02:41:43 (2 years ago)	(mod_security) mod_security triggered on hostname [redacted] 220.250.48.249 (CN/China/-)	SQL Injection
🇺🇸 TPI-Abuse	2023-11-17 03:59:52 (2 years ago)	(mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 16 22:59:47.993406 2023] [security2:error] [pid 14016] [client 220.250.48.249:60918] [client 220.250.48.249] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sqlmap" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|aquasolar.us\|F\|2"] [data "sqlmap/1.6.4#stable (https://sqlmap.org)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "aquasolar.us"] [uri "/index.php"] [unique_id "ZVblM_O1BCEr7H_CEkhU1AAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2023-11-16 22:53:33 (2 years ago)	(mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 16 17:53:29.762907 2023] [security2:error] [pid 22033:tid 47333981820672] [client 220.250.48.249:43170] [client 220.250.48.249] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sqlmap" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|www.aafm.us\|F\|2"] [data "sqlmap/1.6.4#stable (https://sqlmap.org)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "www.aafm.us"] [uri "/publications489b.html"] [unique_id "ZVadaZYrQeDObMwYeD5FxgAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2023-11-16 15:46:43 (2 years ago)	220.250.48.249 - - [16/Nov/2023:16:40:17 +0100] "GET /index.php?id=434&L=0&tx_solr%5Bq%5D=&tx_solr%5 ... show more 220.250.48.249 - - [16/Nov/2023:16:40:17 +0100] "GET /index.php?id=434&L=0&tx_solr%5Bq%5D=&tx_solr%5Bfilter%5D%5B0%5D=category%3AMulti-vitaminen%20en%20mineralencomplexen&NZYx=4959%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23 HTTP/1.1" 200 19209 "-" "sqlmap/1.6.4#stable (https://sqlmap.org)" 220.250.48.249 - - [16/Nov/2023:16:41:12 +0100] "GET /index.php?id=%28SELECT%20CONCAT%28CONCAT%28%27qqbzq%27%2C%28CASE%20WHEN%20%286777%3D6777%29%20THEN%20%271%27%20ELSE%20%270%27%20END%29%29%2C%27qxvjq%27%29%29&L=0&tx_solr%5Bq%5D=&tx_solr%5Bfilter%5D%5B0%5D=category%3AMulti-vitaminen%20en%20mineralencomplexen HTTP/1.1" 200 23921 "-" "sqlmap/1.6.4#stable (https://sqlmap.org)" 220.250.48.249 - - [16/Nov/2023:16:42:56 +0100] "GET /index.php?id=434&L=%28SELECT%20CONCAT%28CONCAT%28%27qqbzq%27%2C%2 ... show less	Bad Web Bot
🇺🇸 TPI-Abuse	2023-11-15 14:37:47 (2 years ago)	(mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 220.250.48.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 15 09:37:40.793837 2023] [security2:error] [pid 6730] [client 220.250.48.249:37970] [client 220.250.48.249] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sqlmap" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|www.compassionfatigue.org\|F\|2"] [data "sqlmap/1.6.4#stable (https://sqlmap.org)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "www.compassionfatigue.org"] [uri "/pages/healthprogress.pdf"] [unique_id "ZVTXtBH1zI6LnIKjGTZHLAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.161

🇳🇱 91.92.40.25

🇺🇸 2607:f8b0:4001:c5a::129

🇺🇸 216.73.216.172

🇺🇸 195.184.76.39

🇳🇱 185.136.15.11

🇩🇪 178.142.71.152

🇭🇰 177.4.8.2

🇺🇸 167.99.148.102

🇺🇸 162.142.125.3

🇫🇮 157.180.51.9

🇩🇪 139.19.117.197

🇳🇱 91.92.40.4

🇺🇸 74.48.105.66

🇺🇸 64.62.197.124

🇺🇸 64.62.156.152

🇨🇳 61.145.190.218

🇲🇾 47.254.243.215

🇺🇸 216.73.216.158

🇪🇹 196.188.180.106