JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 49.244.174.166

49.244.174.166 was found in our database!

This IP was reported 3 times. Confidence of Abuse is 3%: ?

ISP	Nepal Telecommunications Corporation
Usage Type	Fixed Line ISP
ASN	AS23752
Domain Name	ntc.net.np
Country	🇳🇵 Nepal
City	Kathmandu, Bagmati Province

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 49.244.174.166

Whois 49.244.174.166

IP Abuse Reports for 49.244.174.166:

This IP address has been reported a total of 3 times from 2 distinct sources. 49.244.174.166 was first reported on October 2nd 2022, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-15 11:38:42 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 49.244.174.166 (166-ftth.ntc.net.np): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 49.244.174.166 (166-ftth.ntc.net.np): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 07:38:27.606057 2026] [security2:error] [pid 17020:tid 17020] [client 49.244.174.166:54420] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.244.174.166 (+1 hits since last alert)\|lawrencehale.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lawrencehale.com"] [uri "/xmlrpc.php"] [unique_id "ai_kM9qHmCrwiMW0ZS4fUwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 06:37:39 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 49.244.174.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 49.244.174.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 02:37:26.066395 2026] [security2:error] [pid 24776:tid 24776] [client 49.244.174.166:53710] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.244.174.166 (+1 hits since last alert)\|desertautoworks.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "desertautoworks.com"] [uri "/xmlrpc.php"] [unique_id "ai-dptRke5q7Akl4Z_kILwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 IPV4Guard.com (AS215051)	2022-10-02 11:55:59 (3 years ago)	firewall,info SSH_ToMK input: in:ether1_WAN1 out:(unknown 0), connection-state:new src-mac 00:5d:73: ... show more firewall,info SSH_ToMK input: in:ether1_WAN1 out:(unknown 0), connection-state:new src-mac 00:5d:73:b9:5b:4d, proto TCP (SYN), 49.244.174.166:59921->149.56.206.104:22, len 52 show less	Brute-Force SSH

Showing 1 to 3 of 3 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 160.119.69.14

🇿🇦 105.216.107.93

🇪🇸 85.251.51.122

🇰🇷 211.253.10.61

🇮🇶 204.154.201.108

🇵🇦 200.115.141.58

🇲🇽 186.96.158.180

🇨🇴 181.51.34.153

🇳🇱 176.65.148.144

🇮🇩 175.184.236.68

🇵🇰 139.135.44.123

🇵🇭 136.158.29.48

🇨🇳 111.31.165.51

🇿🇦 105.209.145.73

🇲🇦 105.188.81.181

🇮🇳 103.55.89.5

🇸🇬 20.212.226.51

🇺🇸 18.116.101.220

🇺🇸 3.133.55.150

🇰🇷 211.223.107.86