JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 223.109.252.240

223.109.252.240 was found in our database!

This IP was reported 267 times. Confidence of Abuse is 63%: ?

63%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56046
Hostname(s)	sogouspider-223-109-252-240.crawl.sogou.com
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Nanjing, Jiangsu

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 223.109.252.240

Whois 223.109.252.240

IP Abuse Reports for 223.109.252.240:

This IP address has been reported a total of 267 times from 38 distinct sources. 223.109.252.240 was first reported on June 9th 2024, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-20 10:03:16 (4 hours ago)	Session Crossing	Hacking
🇨🇦 1gz	2026-06-20 02:03:00 (12 hours ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /lajme/alfred-lela/ UA: Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2026-06-19 09:59:53 (1 day ago)	Session Crossing	Hacking
🇺🇸 nodepile	2026-06-19 04:51:13 (1 day ago)	Requests denied due to active blacklist hits (tenant=82 method=GET path=/headlights-projectors/fog-l ... show more Requests denied due to active blacklist hits (tenant=82 method=GET path=/headlights-projectors/fog-lights-51/vw-fog-lights.html ua='Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)') show less	Web App Attack Exploited Host
🇨🇦 1gz	2026-06-19 04:35:14 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /showbiz/situata-eshte-ende-e-nxehte-luana-i-hedh-publikisht-thumba-arbanes-video/171348/ UA: Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇫🇷 Sklurk	2026-06-19 02:58:11 (1 day ago)	Web App Attack	Web App Attack
Anonymous	2026-06-18 03:57:10 (2 days ago)	Session Crossing	Hacking
🇮🇩 soc-yk	2026-06-17 07:18:13 (3 days ago)	Type: suspicious_network_activity Risk: 69 Events: 4380 Evidence: - Persistent suspicious network a ... show more Type: suspicious_network_activity Risk: 69 Events: 4380 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified show less	Port Scan Hacking
🇨🇦 1gz	2026-06-17 03:16:45 (3 days ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /lajme/automjeti-del-nga-rruga-ne-aksin-fier-levan-dhe-perplaset-me-shtyllen-elektrike-perfundon-ne-spital-shoferi/813480/ UA: Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2026-06-16 21:31:41 (3 days ago)	Session Crossing	Hacking
🇺🇸 nodepile	2026-06-16 13:23:37 (4 days ago)	Requests denied due to active blacklist hits (tenant=82 method=GET path=/browse-by-car-model/mercede ... show more Requests denied due to active blacklist hits (tenant=82 method=GET path=/browse-by-car-model/mercedes-benz/mercedes-benz-c250/mercedes-benz-c250-57.html ua='Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)') show less	Web App Attack Exploited Host
🇮🇩 soc-yk	2026-06-16 05:09:29 (4 days ago)	Type: suspicious_network_activity Risk: 66 Events: 2560 Evidence: - Persistent suspicious network a ... show more Type: suspicious_network_activity Risk: 66 Events: 2560 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified show less	Port Scan Hacking
🇨🇦 1gz	2026-06-16 03:25:26 (4 days ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /kerko.php UA: Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 DocNetzwerk	2026-06-16 00:31:29 (4 days ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted] from 223.109.252.240 (CN/ ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 223.109.252.240 (CN/China/sogouspider-223-109-252-240.crawl.sogou.com) show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-14 16:01:54 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 223.109.252.240 (sogouspider-223-109-252-240.cr ... show more (mod_security) mod_security (id:210730) triggered by 223.109.252.240 (sogouspider-223-109-252-240.crawl.sogou.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 12:01:47.635147 2026] [security2:error] [pid 11483:tid 11483] [client 223.109.252.240:36818] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.bentonflybox.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.bentonflybox.com"] [uri "/streamers/photothumb.db"] [unique_id "ai7QazFWCLdw8p2O1YzmWQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 267 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.82.86.2

🇺🇸 83.142.54.225

🇺🇸 20.163.63.244

🇻🇳 171.231.180.113

🇫🇷 91.196.152.109

🇳🇱 89.124.124.95

🇪🇸 87.235.58.217

🇩🇪 82.115.21.249

🇷🇺 51.250.86.201

🇸🇬 43.98.180.90

🇳🇱 5.61.209.224

🇺🇸 2602:80d:1007::33

🇲🇾 175.144.82.179

🇺🇸 147.185.132.226

🇺🇸 95.134.34.2

🇵🇱 87.251.64.144

🇨🇳 219.153.106.29

🇨🇦 85.217.149.68

🇫🇷 85.217.140.25

🇷🇴 80.94.92.165