AbuseIPDB » 49.70.172.167
49.70.172.167
This IP was reported 6 times. Confidence of
Abuse
is 0% : ?
ISP
CHINANET jiangsu province network
Usage Type
Fixed Line ISP
ASN
AS4134
Domain Name
chinatelecom.cn
Country
๐จ๐ณ
China
City
Nanjing, Jiangsu
IP info including ISP, Usage Type, and Location provided
by IPInfo . Updated weekly.
IP Abuse Reports for 49.70.172.167 :
This IP address has been reported a total of
6
times from
4 distinct
sources.
49.70.172.167 was first reported on
September 4th 2024 , and the most recent report was
1 year ago
Old Reports:
The most recent abuse report for this IP address is from
1 year ago
Reporter
IoA Timestamp (UTC)
Comment
Categories
๐ฉ๐ช
Packets-Decreaser.NET
2025-04-29 21:29:00
(1 year ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
๐บ๐ธ
COMPLEX
2025-04-29 01:40:14
(1 year ago)
Triggered Cloudflare WAF (l7ddos) from CN.
Action taken: BLOCK
ASN: 4134 (CHINANET-BACKBONE No.31,Ji ...
show more
Triggered Cloudflare WAF (l7ddos) from CN.
Action taken: BLOCK
ASN: 4134 (CHINANET-BACKBONE No.31,Jin-rong Street)
Protocol: HTTP/2 (GET method)
Timestamp: 2025-04-29T01:36:28Z
show less
Bad Web Bot
๐ฉ๐ช
IllusionCloud
2024-11-15 00:03:19
(1 year ago)
ILShield Appliance Alert: The following IPv4 address has been identified with potential malicious ac ...
show more
ILShield Appliance Alert: The following IPv4 address has been identified with potential malicious activities, including Internet Scanning, Denial of Service (DoS) Attacks, Participation in Distributed Denial of Service (DDoS) Attacks, Transmission of Invalid Packets, Potential IP Spoofing.
show less
DNS Compromise
DNS Poisoning
DDoS Attack
FTP Brute-Force
Ping of Death
SQL Injection
Brute-Force
Exploited Host
Web App Attack
SSH
IoT Targeted
๐ฉ๐ช
Packets-Decreaser.NET
2024-09-21 22:32:31
(1 year ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
๐บ๐ธ
TPI-Abuse
2024-09-05 17:38:55
(1 year ago)
(mod_security) mod_security (id:240335) triggered by 49.70.172.167 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 49.70.172.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 05 13:38:47.935274 2024] [security2:error] [pid 23431:tid 23431] [client 49.70.172.167:50960] [client 49.70.172.167] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.70.172.167 (+1 hits since last alert)|www.navarrete.ws|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.navarrete.ws"] [uri "/xmlrpc.php"] [unique_id "Ztnsp8TP_uLOyFKsVA1fFQAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-09-04 03:32:05
(1 year ago)
(mod_security) mod_security (id:240335) triggered by 49.70.172.167 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 49.70.172.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 23:32:00.971552 2024] [security2:error] [pid 18330:tid 18330] [client 49.70.172.167:33418] [client 49.70.172.167] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 49.70.172.167 (+1 hits since last alert)|www.crescendostage.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.crescendostage.com"] [uri "/xmlrpc.php"] [unique_id "ZtfUsJONHohKZWfBx3rmygAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Showing 1 to
6
of 6 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ
Recently Reported IPs: