JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.221.13.37

120.221.13.37 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 29%: ?

29%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.221.13.37

Whois 120.221.13.37

IP Abuse Reports for 120.221.13.37:

This IP address has been reported a total of 20 times from 12 distinct sources. 120.221.13.37 was first reported on April 10th 2023, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-11 03:02:26 (5 days ago)	(mod_security) mod_security (id:210381) triggered by 120.221.13.37 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210381) triggered by 120.221.13.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 23:02:22.771614 2026] [security2:error] [pid 14029:tid 14040] [client 120.221.13.37:9539] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt\|\|www.mentzlaw.com\|F\|4"] [data "REQUEST_URI=/louisianaweldingrodlawyer/%url%"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.mentzlaw.com"] [uri "/louisianaweldingrodlawyer/%url%"] [unique_id "aiolPlCMj5-QIou1H9ai6QAAAIk"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Diskominfo Lumajang	2026-06-04 00:30:04 (1 week ago)	Security Event Detected by SOC Diskominfo Lumajang: event=alert, hits=3	Brute-Force
🇺🇸 sefinek.net	2026-06-03 23:53:03 (1 week ago)	Blocked by UFW on NY01 [3306/tcp] \| SPT: 40829 \| TTL: 224 \| LEN: 40 \| TOS: 0x08 • Reported by: githu ... show more Blocked by UFW on NY01 [3306/tcp] \| SPT: 40829 \| TTL: 224 \| LEN: 40 \| TOS: 0x08 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇱🇺 SiteXL	2026-05-26 19:18:03 (3 weeks ago)	{"event":{"DateTime":"2026-05-26T19:11:03Z","RemoteAddr":"120.221.13.37:61220","Protocol":"TCP","Com ... show more {"event":{"DateTime":"2026-05-26T19:11:03Z","RemoteAddr":"120.221.13.37:61220","Protocol":"TCP","Command":"","CommandOutput":"","Status":"Stateless","Msg":"New TCP attempt","ID":"b3b328a5-adf8-4823-b35c-6f1941dd3de0","Environ":"","User":"","Password":"","Client":"","Headers":"","HeadersMap":null,"Cookies":"","UserAgent":"","HostHTTPRequest":"","Body":"","HTTPMethod":"","RequestURI":"","Description":"Mysql 8.0.29","SourceIp":"120.221.13.37","SourcePort":"61220","TLSServerName":"","Handler":""},"level":"info","msg":"New Event","status":"Stateless"} {"event":{"DateTime":"2026-05-26T19:11:03Z","RemoteAddr":"120.221.13.37:61215","Protocol":"TCP","Command":"","CommandOutput":"","Status":"Stateless","Msg":"New TCP attempt","ID":"257bf242-d330-444a-8260-e17820cb1885","Environ":"","User":"","Password":"","Client":"","Headers":"","HeadersMap":null,"Cookies":"","UserAgent":"","HostHTTPRequest":"","Body":"","HTTPMethod":"","RequestURI":"","Description":"Mysql 8.0.29","SourceIp":"120.221.13.37","SourcePort":"61215","TLSSe show less	Hacking Port Scan Brute-Force
🇺🇸 sefinek.net	2026-05-21 22:24:43 (3 weeks ago)	Blocked by UFW on NY01 [3306/tcp] \| SPT: 14715 \| TTL: 224 \| LEN: 40 \| TOS: 0x08 • Reported by: githu ... show more Blocked by UFW on NY01 [3306/tcp] \| SPT: 14715 \| TTL: 224 \| LEN: 40 \| TOS: 0x08 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇮🇩 Diskominfo Lumajang	2026-05-20 23:05:03 (3 weeks ago)	Security Event Detected by SOC Diskominfo Lumajang: event=alert, hits=3	Brute-Force
🇹🇼 kk_it_man	2026-05-20 11:50:03 (3 weeks ago)	honey catch	Port Scan
🇱🇺 SiteXL	2026-05-20 02:48:26 (3 weeks ago)	{"event":{"DateTime":"2026-05-20T02:41:04Z","RemoteAddr":"120.221.13.37:29073","Protocol":"TCP","Com ... show more {"event":{"DateTime":"2026-05-20T02:41:04Z","RemoteAddr":"120.221.13.37:29073","Protocol":"TCP","Command":"","CommandOutput":"","Status":"Stateless","Msg":"New TCP attempt","ID":"cf0cc8dc-3cb6-444d-bdc9-b2a374a9d1ee","Environ":"","User":"","Password":"","Client":"","Headers":"","HeadersMap":null,"Cookies":"","UserAgent":"","HostHTTPRequest":"","Body":"","HTTPMethod":"","RequestURI":"","Description":"Mysql 8.0.29","SourceIp":"120.221.13.37","SourcePort":"29073","TLSServerName":"","Handler":""},"level":"info","msg":"New Event","status":"Stateless"} {"event":{"DateTime":"2026-05-20T02:41:04Z","RemoteAddr":"120.221.13.37:29078","Protocol":"TCP","Command":"","CommandOutput":"","Status":"Stateless","Msg":"New TCP attempt","ID":"31369311-2fe3-4294-b243-9e9320689067","Environ":"","User":"","Password":"","Client":"","Headers":"","HeadersMap":null,"Cookies":"","UserAgent":"","HostHTTPRequest":"","Body":"","HTTPMethod":"","RequestURI":"","Description":"Mysql 8.0.29","SourceIp":"120.221.13.37","SourcePort":"29078","TLSSe show less	Hacking Port Scan Brute-Force
🇺🇸 kosada.com	2025-09-05 04:20:30 (9 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
Anonymous	2025-08-02 04:42:33 (10 months ago)	Infected user bad webscan	Exploited Host
Anonymous	2024-06-13 09:38:34 (2 years ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2024-05-31 11:40:31 (2 years ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 bigscoots.com	2024-05-31 09:13:51 (2 years ago)	120.221.13.37 (CN/China/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Port ... show more 120.221.13.37 (CN/China/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: May 31 04:13:42 15925 sshd[12491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.221.13.37 user=root May 31 04:13:24 15925 sshd[12451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.221.12.113 user=root May 31 04:13:25 15925 sshd[12451]: Failed password for root from 120.221.12.113 port 10779 ssh2 May 31 04:11:20 15925 sshd[12234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.221.13.26 user=root May 31 04:11:22 15925 sshd[12234]: Failed password for root from 120.221.13.26 port 21573 ssh2 IP Addresses Blocked: show less	Brute-Force SSH
🇺🇸 bigscoots.com	2024-05-27 00:05:09 (2 years ago)	120.221.13.37 (CN/China/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Port ... show more 120.221.13.37 (CN/China/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: May 26 19:04:42 16716 sshd[8312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.221.11.39 user=root May 26 19:04:44 16716 sshd[8312]: Failed password for root from 120.221.11.39 port 26617 ssh2 May 26 19:04:47 16716 sshd[8317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.221.100.231 user=root May 26 19:04:49 16716 sshd[8317]: Failed password for root from 120.221.100.231 port 23933 ssh2 May 26 19:04:55 16716 sshd[8320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.221.13.37 user=root IP Addresses Blocked: 120.221.11.39 (CN/China/-) 120.221.100.231 (CN/China/-) show less	Brute-Force SSH
Anonymous	2024-05-25 13:07:29 (2 years ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.96

🇮🇩 202.59.197.168

🇳🇱 185.224.128.16

🇱🇹 91.224.92.147

🇩🇪 86.53.106.166

🇺🇸 74.208.92.116

🇭🇰 45.142.154.98

🇮🇳 13.71.28.101

🇺🇸 193.36.224.173

🇲🇽 189.218.5.19

🇧🇷 187.51.219.26

🇺🇸 135.237.125.146

🇨🇳 114.132.99.120

🇬🇧 104.28.154.119

🇮🇳 103.195.81.146

🇷🇴 80.94.92.177

🇺🇸 66.132.186.249

🇩🇿 41.111.178.165

🇧🇪 34.62.161.16

🇺🇸 216.25.89.78