AbuseIPDB » 49.206.196.117

49.206.196.117 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 75%: ?

75%

ISP	Beam Telecom Pvt Ltd
Usage Type	Fixed Line ISP
ASN	AS55577
Hostname(s)	49.206.196.117.actcorp.in
Domain Name	beamtele.com
Country	India
City	Hyderabad, Telangana

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 49.206.196.117

Whois 49.206.196.117

IP Abuse Reports for 49.206.196.117:

This IP address has been reported a total of 30 times from 23 distinct sources. 49.206.196.117 was first reported on May 8th 2025, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Study Bitcoin 🤗	2025-06-23 17:58:28 (5 hours ago)	3 port probes: 3x tcp/3389 (rdp) [srv128,srv126,srv130]	Port Scan Brute-Force
JuicyJ	2025-06-23 14:59:36 (8 hours ago)	Excessive crawling/scraping	Web App Attack
Information Security	2025-06-19 22:12:46 (4 days ago)	Web App Attack	Web App Attack
Anonymous	2025-06-19 03:46:00 (4 days ago)	srsltid="><script>alert(String.fromCharCode(88,83,83))</script>	Hacking Web App Attack
TPI-Abuse	2025-06-18 23:07:07 (4 days ago)	(mod_security) mod_security (id:212620) triggered by 49.206.196.117 (49.206.196.117.actcorp.in): 1 i ... show more(mod_security) mod_security (id:212620) triggered by 49.206.196.117 (49.206.196.117.actcorp.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 18 19:06:57.171718 2025] [security2:error] [pid 3612219:tid 3612219] [client 49.206.196.117:49793] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||old.renju.net|F|2"] [data "Matched Data: <script found within REQUEST_URI: /media/gamecomments.php?gameid=143&order=\\x22><script>alert(string.fromcharcode(88,83,83))</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "old.renju.net"] [uri "/media/gamecomments.php"] [unique_id "aFNGkZVaB0p2A8gza_XJEgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
dynamix	2025-06-18 07:20:36 (5 days ago)	Multiple WAF Violations	Web App Attack
Anonymous	2025-06-18 01:34:58 (5 days ago)	XSS Attempt	Hacking
Anonymous	2025-06-18 01:00:08 (5 days ago)	Fail2ban block	Brute-Force Exploited Host Web App Attack
fortypoundhead	2025-06-16 21:31:02 (1 week ago)	SQL Injection Attempt	SQL Injection Web App Attack
RoboSOC	2025-06-16 18:38:40 (1 week ago)	HTTP Cross Site Scripting Vulnerability , PTR: 49.206.196.117.actcorp.in.	Web App Attack
TPI-Abuse	2025-06-15 20:16:42 (1 week ago)	(mod_security) mod_security (id:212620) triggered by 49.206.196.117 (49.206.196.117.actcorp.in): 1 i ... show more(mod_security) mod_security (id:212620) triggered by 49.206.196.117 (49.206.196.117.actcorp.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 15 16:16:36.207135 2025] [security2:error] [pid 2834474:tid 2834474] [client 49.206.196.117:53216] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "3"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||kountz.org|F|2"] [data "Matched Data: <script found within REQUEST_URI: /showsource.php?sourceid=\\x22><script>alert(string.fromcharcode(88,83,83))</script>&tree=kountz&sitever=standard"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kountz.org"] [uri "/showsource.php"] [unique_id "aE8qJIg6_JGj3DxVo3mEfgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
Sklurk	2025-06-15 18:38:46 (1 week ago)	Web App Attack	Web App Attack
TPI-Abuse	2025-06-15 18:31:19 (1 week ago)	(mod_security) mod_security (id:212620) triggered by 49.206.196.117 (49.206.196.117.actcorp.in): 1 i ... show more(mod_security) mod_security (id:212620) triggered by 49.206.196.117 (49.206.196.117.actcorp.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 15 14:31:14.349244 2025] [security2:error] [pid 1464855:tid 1464870] [client 49.206.196.117:52853] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.seips.org|F|2"] [data "Matched Data: <script found within REQUEST_URI: /login.php?return=\\x22><script>alert(string.fromcharcode(88,83,83))</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.seips.org"] [uri "/login.php"] [unique_id "aE8RcodVbAAD2jxXk3l0pAAAAM0"] show less	Brute-Force Bad Web Bot Web App Attack
webbfabriken	2025-06-14 13:33:13 (1 week ago)	spam or other hacking activities reported by webbfabriken security servers Attack reported by ... show morespam or other hacking activities reported by webbfabriken security servers Attack reported by Webbfabriken Security API - WFSecAPI show less	Web Spam
polycoda	2025-06-11 18:24:12 (1 week ago)	💉 URL GET parameter and/or SQL injection attempts trying to pass quotes, backslashes, %20AND%201= ... show more💉 URL GET parameter and/or SQL injection attempts trying to pass quotes, backslashes, %20AND%201=1%20OR%20, etc... show less	Hacking SQL Injection Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩