JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 80.250.47.1

80.250.47.1 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 58%: ?

58%

ISP	Cimecom - Nortis
Usage Type	Fixed Line ISP
ASN	AS29286
Domain Name	nortis.ma
Country	🇲🇦 Morocco
City	Casablanca, Casablanca-Settat

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 80.250.47.1

Whois 80.250.47.1

IP Abuse Reports for 80.250.47.1:

This IP address has been reported a total of 29 times from 13 distinct sources. 80.250.47.1 was first reported on May 5th 2026, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 screwlooseit.com.au	2026-06-04 15:20:17 (12 hours ago)	Blocked by CSF 13 firewall - Rule: XMLRPC MA/Morocco/-	Web App Attack
Anonymous	2026-06-03 12:20:03 (1 day ago)	Web App Attack, Hacking	Hacking Web App Attack
🇺🇸 lostswordfish.com	2026-06-03 10:50:08 (1 day ago)	Wordfence waf block on lostswordfish	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 10:22:20 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 80.250.47.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 80.250.47.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 06:22:13.578140 2026] [security2:error] [pid 3842:tid 3842] [client 80.250.47.1:58371] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 80.250.47.1 (+1 hits since last alert)\|shannonraevocalstudio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "shannonraevocalstudio.com"] [uri "/xmlrpc.php"] [unique_id "aiAAVWqsqGHSlEsT_OiQbAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 10:26:11 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 80.250.47.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 80.250.47.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 06:26:04.049396 2026] [security2:error] [pid 9798:tid 9798] [client 80.250.47.1:63687] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|angelaknightmusic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "angelaknightmusic.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ah6vvP58dtMk0qySzBPrjwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 15:22:32 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 80.250.47.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 80.250.47.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 11:22:28.331217 2026] [security2:error] [pid 14178:tid 14178] [client 80.250.47.1:64131] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 80.250.47.1 (+1 hits since last alert)\|doreenkimura.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "doreenkimura.com"] [uri "/xmlrpc.php"] [unique_id "ahRpNBQkmK9BDj055Ib4wwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-25 13:18:48 (1 week ago)	Attac	Brute-Force
Anonymous	2026-05-22 08:42:10 (1 week ago)	Attac	Brute-Force
🇬🇧 Apache	2026-05-20 16:20:04 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 80.250.47.1 (MA/Morocco/-): 5 in the last 300 s ... show more (mod_security) mod_security (id:240335) triggered by 80.250.47.1 (MA/Morocco/-): 5 in the last 300 secs show less	Brute-Force Web App Attack
Anonymous	2026-05-20 16:17:10 (2 weeks ago)	Attac	Brute-Force
🇩🇪 ger-stg-sifi1	2026-05-20 15:13:04 (2 weeks ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇫🇷 applemooz	2026-05-18 16:46:48 (2 weeks ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
Anonymous	2026-05-18 09:16:18 (2 weeks ago)	Attac	Brute-Force
Anonymous	2026-05-15 14:17:11 (2 weeks ago)	Attac	Brute-Force
🇺🇸 lostswordfish.com	2026-05-14 11:48:05 (3 weeks ago)	Wordfence waf block on floridaactioncommittee	Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 2409:40e4:1300:f57b:21a3:7192:1bf5:a378

🇯🇵 205.234.196.7

🇭🇰 182.239.80.7

🇧🇩 182.54.154.19

🇺🇸 149.19.250.77

🇵🇱 87.251.64.158

🇵🇱 51.38.158.205

🇺🇸 216.25.89.143

🇬🇧 195.96.139.146

🇩🇪 178.16.52.62

🇬🇷 172.68.62.150

🇺🇸 162.216.149.171

🇨🇳 123.184.59.71

🇨🇳 118.186.7.10

🇺🇸 104.23.248.136

🇧🇷 45.205.1.64

🇧🇪 34.14.37.231

🇮🇩 27.112.79.213

🇳🇱 217.60.195.25

🇮🇳 182.95.152.142