JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 118.107.3.221

118.107.3.221 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	CTG Server Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS152194
Domain Name	rackip.com
Country	🇭🇰 Hong Kong
City	Tung Chung, Islands

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 118.107.3.221

Whois 118.107.3.221

IP Abuse Reports for 118.107.3.221:

This IP address has been reported a total of 12 times from 10 distinct sources. 118.107.3.221 was first reported on January 20th 2026, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-02-16 01:36:25 (3 months ago)	2026-02-16T02:36:24.047802+01:00 gollum postfix/smtpd[2356912]: warning: unknown[118.107.3.221]: SAS ... show more 2026-02-16T02:36:24.047802+01:00 gollum postfix/smtpd[2356912]: warning: unknown[118.107.3.221]: SASL PLAIN authentication failed: (reason unavailable), [email protected] 2026-02-16T02:36:24.656392+01:00 gollum postfix/smtpd[2356912]: lost connection after AUTH from unknown[118.107.3.221] 2026-02-16T02:36:24.656553+01:00 gollum postfix/smtpd[2356912]: disconnect from unknown[118.107.3.221] ehlo=2 starttls=1 auth=0/1 commands=3/4 ... show less	DDoS Attack Brute-Force
🇺🇸 oncord	2026-02-14 23:13:17 (4 months ago)	Form spam	Web Spam
🇧🇷 hostseries	2026-02-14 14:40:59 (4 months ago)	Trigger: LF_DISTATTACK	Brute-Force
🇵🇱 sefinek.net	2026-02-14 10:57:21 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from HK. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (G ... show more Triggered Cloudflare WAF (firewallCustom) from HK. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (GET) \| Endpoint: /genshin-stella-mod \| UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2026-02-14 05:00:16 (4 months ago)	BruteForce IMAP/POP3/SMTP	Brute-Force
🇮🇹 VHosting	2026-02-13 23:20:00 (4 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇮🇳 liveaspankaj	2026-02-12 11:44:11 (4 months ago)	DDoS attack on learngeeta.com: 276 requests of GET / HTTP/1.1 over plain HTTP with no referrer. Auto ... show more DDoS attack on learngeeta.com: 276 requests of GET / HTTP/1.1 over plain HTTP with no referrer. Automated bot attack with randomized User-Agents (outdated Chrome 127-129). show less	DDoS Attack
🇭🇺 bcsaba	2026-01-24 12:28:51 (4 months ago)	Suricata: Alert - ET WEB_SERVER PHP tags in HTTP POST	Web App Attack
🇯🇵 VXG-NET	2026-01-21 19:31:49 (4 months ago)	port=80, indicator_type=info-leak	Hacking
🇺🇸 TPI-Abuse	2026-01-21 18:22:48 (4 months ago)	(mod_security) mod_security (id:210350) triggered by 118.107.3.221 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 118.107.3.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 13:22:42.100594 2026] [security2:error] [pid 472:tid 472] [client 118.107.3.221:42412] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.clayrivers.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.clayrivers.com"] [uri "/cgi-bin/php.exe"] [unique_id "aXEZcrNFsmBCuCFjzRn6EQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 04:22:11 (4 months ago)	(mod_security) mod_security (id:210350) triggered by 118.107.3.221 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 118.107.3.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 23:22:03.843970 2026] [security2:error] [pid 29656:tid 29656] [client 118.107.3.221:38658] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|urlpick.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "urlpick.com"] [uri "/index.php"] [unique_id "aXBUawFf3SWZV9HRM6hCswAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-20 11:04:19 (4 months ago)	(mod_security) mod_security (id:210350) triggered by 118.107.3.221 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 118.107.3.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 06:04:10.234143 2026] [security2:error] [pid 3823970:tid 3824014] [client 118.107.3.221:51572] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|aspencommission.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "aspencommission.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aW9hKi7VhUetUxVXnlhsdQAAAIA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.136

🇺🇸 172.105.147.126

🇺🇸 150.107.36.236

🇺🇸 135.119.96.68

🇨🇳 110.87.174.200

🇺🇸 107.150.97.147

🇨🇦 85.217.149.32

🇨🇦 85.217.149.4

🇳🇱 64.89.162.27

🇸🇬 43.156.82.40

🇨🇳 221.130.29.85

🇹🇼 221.120.74.68

🇩🇪 209.50.182.17

🇲🇽 201.149.53.243

🇳🇱 185.226.197.15

🇨🇳 123.233.238.128

🇵🇭 103.235.95.185

🇮🇳 103.38.219.22

🇳🇱 91.92.40.16

🇺🇸 71.6.134.234