JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 49.234.166.220

49.234.166.220 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 18%: ?

18%

ISP	Tencent cloud computing (Beijing) Co., Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS45090
Domain Name	tencentcloud.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 49.234.166.220

Whois 49.234.166.220

IP Abuse Reports for 49.234.166.220:

This IP address has been reported a total of 12 times from 8 distinct sources. 49.234.166.220 was first reported on May 24th 2024, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 ghostwarriors	2026-06-09 11:50:15 (4 days ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇧🇷 ICS Labs	2026-05-23 13:51:12 (3 weeks ago)	ICS Labs identified 49.234.166.220 as a malicious indicator from threat intelligence.	DDoS Attack Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-05-11 11:41:48 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 49.234.166.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 49.234.166.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 07:41:40.029027 2026] [security2:error] [pid 28412:tid 28412] [client 49.234.166.220:43392] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|williamfitzsimmons.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "williamfitzsimmons.com"] [uri "/thestateroom.com"] [unique_id "agHAdApRxg8YkZ16GJwrhgAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-20 12:55:21 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 49.234.166.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 49.234.166.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 20 08:55:16.730432 2026] [security2:error] [pid 1366587:tid 1366587] [client 49.234.166.220:20167] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.raintechgutters.com\|F\|2"] [data ".raintechgutters.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.raintechgutters.com"] [uri "/professional-gutter-cleaning-orlando/www.raintechgutters.com"] [unique_id "aeYiNCh2iSD1X-RmgnOBPQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Sklurk	2026-02-04 09:34:29 (4 months ago)	Web App Attack	Web App Attack
🇮🇩 securejdprop	2026-01-19 02:17:34 (4 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing. crowdsecurity/http-probing	Hacking Web App Attack
🇮🇩 securejdprop	2026-01-17 17:38:17 (4 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing. crowdsecurity/http-probing	Hacking Web App Attack
🇩🇪 itsolon	2026-01-13 15:32:14 (5 months ago)	Fail2Ban plesk-modsecurity ban	Web App Attack SSH
🇩🇪 london2038.com	2025-12-19 13:03:35 (5 months ago)	Connection atttempts against closed TCP ports Dec 19 13:30:54 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x ... show more Connection atttempts against closed TCP ports Dec 19 13:30:54 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=20435 DF PROTO=TCP SPT=34504 DPT=443 WINDOW=0 RES=0x00 RST Dec 19 14:03:31 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=31623 DF PROTO=TCP SPT=22863 DPT=443 WINDOW=0 RES=0x00 RST Dec 19 14:03:32 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=29172 DF PROTO=TCP SPT=22863 DPT=443 WINDOW=0 RES=0x00 RST show less	Port Scan
🇩🇪 london2038.com	2025-12-19 00:00:56 (5 months ago)	Connection atttempts against closed TCP ports Dec 19 01:00:53 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x ... show more Connection atttempts against closed TCP ports Dec 19 01:00:53 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=64018 DF PROTO=TCP SPT=42216 DPT=443 WINDOW=0 RES=0x00 RST Dec 19 01:00:54 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=21406 DF PROTO=TCP SPT=42216 DPT=443 WINDOW=0 RES=0x00 RST Dec 19 01:00:55 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=13291 DF PROTO=TCP SPT=42216 DPT=443 WINDOW=0 RES=0x00 RST show less	Port Scan
🇩🇪 london2038.com	2025-12-18 02:40:00 (5 months ago)	Connection atttempts against closed TCP ports Dec 18 03:39:56 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x ... show more Connection atttempts against closed TCP ports Dec 18 03:39:56 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=6220 DF PROTO=TCP SPT=47339 DPT=443 WINDOW=0 RES=0x00 RST Dec 18 03:39:57 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=63199 DF PROTO=TCP SPT=47339 DPT=443 WINDOW=0 RES=0x00 RST Dec 18 03:39:59 BLOCK SRC=49.234.166.220 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=20506 DF PROTO=TCP SPT=47339 DPT=443 WINDOW=0 RES=0x00 RST show less	Port Scan
🇦🇺 clapper	2024-05-24 04:14:45 (2 years ago)	(mod_security) mod_security (id:980001) triggered by 49.234.166.220 (CN/China/-): 5 in the last 3600 ... show more (mod_security) mod_security (id:980001) triggered by 49.234.166.220 (CN/China/-): 5 in the last 3600 secs; ID: rub show less	Brute-Force Bad Web Bot

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 219.140.5.203

🇹🇼 211.21.127.69

🇮🇳 202.164.145.243

🇧🇪 198.235.24.239

🇨🇳 182.51.86.109

🇩🇪 167.94.146.35

🇮🇳 122.168.123.73

🇮🇳 61.95.199.54

🇺🇸 45.79.134.107

🇸🇬 2406:da18:125:f101:8202:7d2a:6aff:42b5

🇺🇸 162.216.150.163

🇨🇳 117.14.51.58

🇵🇰 110.38.247.198

🇺🇸 107.173.173.98

🇰🇷 49.247.36.49

🇳🇱 45.156.128.124

🇺🇸 20.169.105.105

🇺🇸 2620:18c:0:192::e0:186

🇧🇪 198.235.24.163

🇷🇴 193.46.255.86