AbuseIPDB » 106.228.3.81
106.228.3.81 was found in our database!
This IP was reported 7 times. Confidence of
Abuse
is 27% : ?
ISP
CHINANET JIANGXI PROVINCE NETWORK
Usage Type
Fixed Line ISP
ASN
AS4134
Domain Name
bta.net.cn
Country
๐จ๐ณ
China
City
Nanchang, Jiangxi
IP info including ISP, Usage Type, and Location provided
by IPInfo . Updated weekly.
IP Abuse Reports for 106.228.3.81 :
This IP address has been reported a total of
7
times from
5 distinct
sources.
106.228.3.81 was first reported on
August 7th 2025 , and the most recent report was
2 days ago .
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
2026-07-10 14:07:15
(2 days ago)
Unauthorized connection to Telnet port 23
Port Scan
๐จ๐ฆ
Slackin' Jack
2026-07-10 13:09:16
(2 days ago)
Triggered honeypot on port 23. (106.228.3.81)
Port Scan
Anonymous
2026-07-10 12:50:54
(2 days ago)
Unauthorized connection attempt on Port 23
Port Scan
Hacking
Exploited Host
Anonymous
2026-07-10 11:08:54
(2 days ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
๐บ๐ธ
mnsf
2026-05-31 20:06:04
(1 month ago)
Abuse Detected (2)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-08 16:15:36
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 106.228.3.81 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 106.228.3.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 08 12:15:30.374605 2025] [security2:error] [pid 5458:tid 5458] [client 106.228.3.81:60893] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||noelramos.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "noelramos.com"] [uri "/e/install/index.php.bak"] [unique_id "aJYiooYtqSynW1Uw3v65FwAAABY"], referer: http://noelramos.com/e/install/index.php.bak?enews=setdb&f=4
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-07 17:47:15
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 106.228.3.81 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 106.228.3.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 07 13:47:11.476873 2025] [security2:error] [pid 27873:tid 27873] [client 106.228.3.81:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.upskirtcrazy.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.upskirtcrazy.com"] [uri "/base/install/index.php.bak"] [unique_id "aJTmn9yNjUmXKLrGpkh2DQAAAAg"], referer: https://www.upskirtcrazy.com/base/install/index.php.bak
show less
Brute-Force
Bad Web Bot
Web App Attack
Showing 1 to
7
of 7 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ
Recently Reported IPs: