JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 106.13.48.221

106.13.48.221 was found in our database!

This IP was reported 84 times. Confidence of Abuse is 25%: ?

25%

ISP	Beijing Baidu Netcom Science and Technology Co., Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS38365
Domain Name	baidu.com
Country	🇨🇳 China
City	Beijing, Beijing

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 106.13.48.221

Whois 106.13.48.221

IP Abuse Reports for 106.13.48.221:

This IP address has been reported a total of 84 times from 47 distinct sources. 106.13.48.221 was first reported on January 6th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-09 02:16:34 (4 days ago)	(mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 22:16:29.026603 2026] [security2:error] [pid 14904:tid 14904] [client 106.13.48.221:44856] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|studioarts.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "studioarts.net"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aid3fZoArdvU62RWIRSHVQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 01:24:08 (4 days ago)	(mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 21:24:02.716240 2026] [security2:error] [pid 23441:tid 23441] [client 106.13.48.221:52568] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|lsd36.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "lsd36.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aidrMoVidAO4DxNzSIlpZQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 21:52:01 (5 days ago)	(mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 17:51:54.750214 2026] [security2:error] [pid 15147:tid 15147] [client 106.13.48.221:52252] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|CustomHumanRobots.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "customhumanrobots.com"] [uri "/index.php"] [unique_id "aic5er7hJvjZeFMf9IV4fQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 14:54:34 (5 days ago)	(mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 10:54:28.340003 2026] [security2:error] [pid 2207:tid 2209] [client 106.13.48.221:34204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|paywithfortress.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "paywithfortress.com"] [uri "/index.php"] [unique_id "aibXpCffntGpaZ1TC0VH-wAAAUA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 14:22:52 (5 days ago)	(mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 10:22:47.691275 2026] [security2:error] [pid 14596:tid 14596] [client 106.13.48.221:48980] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|modmove.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "modmove.com"] [uri "/cgi-bin/php-cgi.exe"] [unique_id "aibQNxYKyA-niOJjWwxfQQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 13:27:28 (5 days ago)	(mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 106.13.48.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 09:27:24.311986 2026] [security2:error] [pid 22248:tid 22248] [client 106.13.48.221:60378] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|johnmorogiello.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "johnmorogiello.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aibDPF12Yrh7BURlXTMh5QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 lp	2026-05-12 12:20:13 (1 month ago)	Email account brute force: 1 attempts were recorded from 106.13.48.221 2026-05-12T13:27:52+02:00 war ... show more Email account brute force: 1 attempts were recorded from 106.13.48.221 2026-05-12T13:27:52+02:00 warning: unknown[106.13.48.221]: SASL PLAIN authentication failed: authentication failure, [email protected] show less	Brute-Force
Anonymous	2026-05-08 01:11:01 (1 month ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇮🇹 VHosting	2026-05-01 17:38:18 (1 month ago)	Detected mail brute force attack from 4 different servers	Brute-Force
Anonymous	2026-04-24 04:30:45 (1 month ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇸🇪 adaml1324	2026-04-23 19:09:33 (1 month ago)	TCP port scan detected	Port Scan
🇳🇱 EGP Abuse Dept	2026-03-16 04:47:53 (2 months ago)	Unsolicited connection to port 465	Port Scan Hacking
🇭🇺 Lacika555	2026-03-10 21:28:54 (3 months ago)	RdpGuard detected brute-force attempt on SMTP	Brute-Force
🇹🇷 Threat.live	2026-03-04 05:55:33 (3 months ago)	Suspicious activity, tcp/23	Port Scan
🇹🇷 rtbh.com.tr	2026-03-02 08:11:50 (3 months ago)	list.rtbh.com.tr report: tcp/23	Brute-Force

Showing 1 to 15 of 84 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇾 167.60.136.199

🇧🇩 150.228.135.17

🇺🇸 130.131.161.17

🇷🇸 77.105.37.219

🇺🇸 45.131.195.198

🇦🇷 200.32.52.150

🇨🇳 122.96.50.255

🇳🇱 91.92.40.4

🇮🇳 59.179.31.237

🇧🇿 45.227.254.152

🇳🇱 45.148.10.152

🇨🇳 14.103.127.231

🇺🇸 162.216.150.220

🇳🇱 144.31.54.15

🇳🇱 91.92.42.243

🇸🇪 83.249.98.235

🇷🇴 80.94.92.182

🇮🇳 49.205.183.78

🇳🇱 45.156.87.166

🇳🇱 45.148.10.141