AbuseIPDB » 94.249.80.245
94.249.80.245 was found in our database!
This IP was reported 9 times. Confidence of
Abuse
is 24% : ?
ISP
Jordan Telecom Group (Orange)
Usage Type
Fixed Line ISP
ASN
AS8376
Hostname(s)
94.249.x.245.go.com.jo
Domain Name
go.com.jo
Country
๐ฏ๐ด
Jordan
City
Irbid, Irbid
IP info including ISP, Usage Type, and Location provided
by IPInfo . Updated weekly.
IP Abuse Reports for 94.249.80.245 :
This IP address has been reported a total of
9
times from
9 distinct
sources.
94.249.80.245 was first reported on
January 27th 2025 , and the most recent report was
15 hours ago .
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
๐ฉ๐ช
FeG Deutschland
2026-07-17 22:16:05
(15 hours ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 20:42:21
(4 days ago)
(mod_security) mod_security (id:210730) triggered by 94.249.80.245 (94.249.x.245.go.com.jo): 1 in th ...
show more
(mod_security) mod_security (id:210730) triggered by 94.249.80.245 (94.249.x.245.go.com.jo): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 16:42:16.421927 2026] [security2:error] [pid 24032:tid 24032] [client 94.249.80.245:11491] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.elcalamo.com|F|2"] [data ".pdb"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.elcalamo.com"] [uri "/pda/medina-azucarlimpio.PDB"] [unique_id "alVNqL6BEjLuElpb2COybwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐น๐ท
Threat.live
2026-06-16 20:20:14
(1 month ago)
Suspicious Connection Attempts
Brute-Force
๐ฉ๐ช
pltcldvlpr
2026-06-09 03:16:14
(1 month ago)
Bogus Useragent: 94.249.80.245 - - [09/Jun/2026:05:16:13 +0200] "GET /protocol?id=sn_7_90&offset=100 ...
show more
Bogus Useragent: 94.249.80.245 - - [09/Jun/2026:05:16:13 +0200] "GET /protocol?id=sn_7_90&offset=1000&seq=1039 HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; MSIE 5.0; Windows NT 5.0; Trident/5.0)" asn=8376 org="Jordan Data Communications Company LLC" country=JO
...
show less
Bad Web Bot
๐ช๐ธ
el-brujo
2026-03-01 02:18:07
(4 months ago)
01/Mar/2026:03:18:06.520507 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
01/Mar/2026:03:18:06.520507 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 94.249.80.245] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'no(En' [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: no(En found within REQUEST_COOKIES:x-ms-gateway-slice: estsfd+(SELECT khOlE1gm WHERE 6743=6743AND/**/8505=(SELECT/**/UPPER(CHR(126)||'~'||(SELECT/**/(CASE/**/WHEN/**/(8505=8505)/**/THEN/**/1/**/ELSE/**/0/**/END)/**/FROM/**/DUAL)||'~'||CHR(126))/**/FROM/**/DUAL/**/WHERE/**/DBMS_RANDOM.VALUE(8372,9068)=4616))+"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "tails.elhacker.net"] [uri "/tails/"] [unique_id "aaOh3nWuiUn
...
show less
Hacking
Web App Attack
๐ง๐ช
cmbplf
2026-02-20 16:13:56
(4 months ago)
435 requests with url.path */wp-comments-post.php
Brute-Force
Bad Web Bot
๐จ๐ญ
backslash
2026-02-09 08:15:09
(5 months ago)
block ruleset 6B63410D189E6343B910F7440B8499558BEC52EB
Bad Web Bot
Anonymous
2025-11-22 19:29:41
(7 months ago)
scanning http requests from known botnet
Web App Attack
Anonymous
2025-01-27 13:16:24
(1 year ago)
Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK
Brute-Force
SSH
Showing 1 to
9
of 9 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ
Recently Reported IPs: