JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 49.70.172.161

49.70.172.161 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 0%: ?

ISP	CHINANET jiangsu province network
Usage Type	Fixed Line ISP
ASN	AS4134
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Nanjing, Jiangsu

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 49.70.172.161

Whois 49.70.172.161

IP Abuse Reports for 49.70.172.161:

This IP address has been reported a total of 6 times from 5 distinct sources. 49.70.172.161 was first reported on September 10th 2024, and the most recent report was 11 months ago.

Old Reports: The most recent abuse report for this IP address is from 11 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2025-06-24 01:26:28 (11 months ago)	Ports: 25,465,587; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇧🇪 cmbplf	2025-04-29 12:24:03 (1 year ago)	131 requests with url.path */wp-comments-post.php	Brute-Force Bad Web Bot
🇫🇷 uhlhosting	2025-04-23 21:29:26 (1 year ago)	www.zaflora.cz 49.70.172.161 - - [23/Apr/2025:23:29:20.840896 +0200] "POST /wp-comments-post.php HTT ... show more www.zaflora.cz 49.70.172.161 - - [23/Apr/2025:23:29:20.840896 +0200] "POST /wp-comments-post.php HTTP/1.1" 403 2581 "-" "-" aAlbsKea27wtowYSE8tQywAAAUw "-" /apache/20250423/20250423-2329/20250423-232920-aAlbsKea27wtowYSE8tQywAAAUw 0 1552 md5:025dfa53045a70e5e827d1ef9a78fd52 www.zaflora.cz 49.70.172.161 - - [23/Apr/2025:23:29:22.293614 +0200] "POST /wp-comments-post.php HTTP/1.1" 403 2581 "-" "-" aAlbsqea27wtowYSE8tQzAAAAUE "-" /apache/20250423/20250423-2329/20250423-232922-aAlbsqea27wtowYSE8tQzAAAAUE 0 1551 md5:d1f4a12f7cdb08e90820d2cd24116152 www.zaflora.cz 49.70.172.161 - - [23/Apr/2025:23:29:23.770256 +0200] "POST /wp-comments-post.php HTTP/1.1" 403 2581 "-" "-" aAlbs-6D-SpJE2E8uB5ltQAAAA0 "-" /apache/20250423/20250423-2329/20250423-232923-aAlbs-6D-SpJE2E8uB5ltQAAAA0 0 1547 md5:3cf01999b34bf3e117460bda707ec59b www.zaflora.cz 49.70.172.161 - - [23/Apr/2025:23:29:25.224746 +0200] "POST /wp-comments-post.php HTTP/1.1" 403 2581 "-" "-" aAlbte6D-SpJE2E8uB5ltgAAAAo "-" /apache/20250423 ... show less	DDoS Attack Brute-Force
🇺🇸 TPI-Abuse	2024-09-17 21:16:52 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 49.70.172.161 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 49.70.172.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 17:16:46.100435 2024] [security2:error] [pid 26535:tid 26535] [client 49.70.172.161:55344] [client 49.70.172.161] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.70.172.161 (+1 hits since last alert)\|procigar.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "procigar.com"] [uri "/xmlrpc.php"] [unique_id "ZunxvjXooQlZGO3EFH05mQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-17 20:09:40 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 49.70.172.161 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 49.70.172.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 16:09:32.535461 2024] [security2:error] [pid 23560:tid 23560] [client 49.70.172.161:39368] [client 49.70.172.161] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 49.70.172.161 (+1 hits since last alert)\|www.goldcountrygermanamericanclub.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.goldcountrygermanamericanclub.org"] [uri "/xmlrpc.php"] [unique_id "Zunh_MLTbZ95rVY-4U6HRAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SpaceHost-Server	2024-09-10 08:54:56 (1 year ago)	49.70.172.161 - - [10/Sep/2024:10:54:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1112 "-" "Mozilla/5.0 ... show more 49.70.172.161 - - [10/Sep/2024:10:54:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1112 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" 49.70.172.161 - - [10/Sep/2024:10:54:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1112 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" 49.70.172.161 - - [10/Sep/2024:10:54:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1112 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" show less	Hacking Web App Attack

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 220.92.117.221

🇪🇹 196.189.124.218

🇨🇳 116.179.37.119

🇺🇸 107.172.120.70

🇺🇸 107.150.100.72

🇺🇸 104.168.124.0

🇷🇺 79.134.194.250

🇺🇸 64.62.156.207

🇱🇹 45.227.254.170

🇨🇳 220.167.53.20

🇯🇵 212.135.208.32

🇨🇲 195.24.207.184

🇬🇪 194.31.8.12

🇳🇱 172.94.9.32

🇮🇩 103.183.98.250

🇪🇸 92.191.96.70

🇳🇱 45.148.10.152

🇰🇪 41.60.237.250

🇸🇬 194.164.107.4

🇺🇸 192.210.193.219