JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 124.221.140.98

124.221.140.98 was found in our database!

This IP was reported 152 times. Confidence of Abuse is 100%: ?

100%

ISP	Tencent cloud computing (Beijing) Co., Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS45090
Domain Name	tencentcloud.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 124.221.140.98

Whois 124.221.140.98

IP Abuse Reports for 124.221.140.98:

This IP address has been reported a total of 152 times from 62 distinct sources. 124.221.140.98 was first reported on May 19th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 GoodOldTOS	2026-06-18 04:43:51 (1 hour ago)	Highly suspect IP	Hacking Web App Attack
🇫🇷 masterguru	2026-06-18 00:40:04 (5 hours ago)	Multiple/Conflicting Connection Header Data Found. Pattern match "\\\\b(?:keep-alive\|close),\\\\s?(? ... show more Multiple/Conflicting Connection Header Data Found. Pattern match "\\\\b(?:keep-alive\|close),\\\\s?(?:keep-alive\|close)\\\\b" at REQUEST_HEADERS:Connection. (920210-197) show less	Hacking
🇨🇦 dispensight	2026-06-17 23:41:24 (6 hours ago)	Probe via dispensight.* redirect honeypot — attacker hit http://www.dispensight.click, 301-redirecte ... show more Probe via dispensight.* redirect honeypot — attacker hit http://www.dispensight.click, 301-redirected to canonical dispensight.com, Referer header exposed origin (2 req(s) on dispensight.com, UA: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_). show less	Bad Web Bot Web App Attack
🇩🇰 RhQM	2026-06-17 20:07:24 (9 hours ago)		Bad Web Bot Exploited Host Web App Attack
Anonymous	2026-06-17 09:24:42 (20 hours ago)	FortiWeb WAF: 56 attacks detected. Threat Score: 17200. Types: Client Management(28), GEO IP(28). Or ... show more FortiWeb WAF: 56 attacks detected. Threat Score: 17200. Types: Client Management(28), GEO IP(28). Origin: China. show less	Web App Attack
🇩🇪 sdos.es	2026-06-17 06:30:37 (23 hours ago)	"Multiple/Conflicting Connection Header Data Found - keep-alive, close"	Web App Attack
🇨🇦 lakered	2026-06-17 06:28:59 (23 hours ago)	Detectors: [NGINX, SURICATA] \| Reasons: Invalid HTTP protocol or SSTP scan attempt detected on sinkh ... show more Detectors: [NGINX, SURICATA] \| Reasons: Invalid HTTP protocol or SSTP scan attempt detected on sinkhole \| Automated scan targeting an unauthorized host or default server sinkhole \| UA: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 \| ASN: 45090 (Shenzhen Tencent Computer Systems Company Limited) show less	Port Scan Bad Web Bot
🇺🇸 Charlesiv	2026-06-17 00:01:12 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK ASN: 45090 (Shenzhen Tencent ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK ASN: 45090 (Shenzhen Tencent Computer Systems Company Limited) Protocol: HTTP/1.1 (GET method) Endpoint: / Timestamp: 2026-06-16T23:36:04Z Ray ID: a0cda272be6266d9 UA: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 show less	Bad Web Bot
🇳🇱 soverin	2026-06-16 12:26:57 (1 day ago)	Network scan on port 80	Email Spam
🇬🇧 OptimusGO	2026-06-16 08:55:06 (1 day ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-06-16 09:55:05 UTC Log evidence: 124.221.140.98 - - [16/Jun/2026:09:55:04 +0100] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" 06/16/2026-09:55:05.193907 [] [1:2221035:1] SURICATA HTTP Request excessive header repetition [] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 124.221.140.98:54046 -> 185.127.18.66:80 show less	Port Scan Brute-Force
🇺🇸 Lezetho	2026-06-16 08:00:08 (1 day ago)	DDoS, WebSpam, Web Attack, and Brute-force blocked by Cloudflare	DDoS Attack Email Spam Hacking Brute-Force
🇦🇹 Pingger Shikkoken	2026-06-16 01:21:10 (2 days ago)	2026-06-16T01:21:10+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC ... show more 2026-06-16T01:21:10+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=124.221.140.98 DST=10.1.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=21094 DF PROTO=TCP SPT=57986 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 2026-06-16T01:21:11+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=124.221.140.98 DST=10.1.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=21095 DF PROTO=TCP SPT=57986 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 2026-06-16T01:21:13+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:88:32:08:00 SRC=124.221.140.98 DST=10.1.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=21096 DF PROTO=TCP SPT=57986 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ... show less	Hacking Bad Web Bot
🇦🇱 router.al	2026-06-15 19:42:11 (2 days ago)	06/15/2026-19:42:11.221025 124.221.140.98 Protocol: 6 GPL WEB_SERVER 403 Forbidden	Port Scan
🇬🇷 setupgr	2026-06-15 17:33:53 (2 days ago)	(mod_security) mod_security (id:100011) triggered by 124.221.140.98: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:100011) triggered by 124.221.140.98: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Mon Jun 15 20:33:50.582315 2026] [security2:error] [pid 1917013:tid 1917196] [client 124.221.140.98:39698] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(www\\\\.)?ftiaxtomonosou\\\\.gr" at SERVER_NAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "54"] [id "100011"] [msg "CSF-TRIGGER: Country Block CN/SG for ftiaxtomonosou.gr"] [hostname "www.ftiaxtomonosou.gr"] [uri "/"] [unique_id "ajA3fkEA9pRZS3vlJ2uxIwAAAJc"] show less	Port Scan
🇺🇸 kosada.com	2026-06-15 13:59:09 (2 days ago)	Web vulnerability probing: / (bogus vhost/SNI)	Web App Attack

Showing 1 to 15 of 152 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.46.177.174

🇬🇧 193.176.29.16

🇳🇬 165.154.11.37

🇺🇸 146.88.241.129

🇭🇰 114.111.54.189

🇷🇴 92.118.39.74

🇱🇹 62.60.130.14

🇸🇬 45.197.12.65

🇩🇪 185.220.101.4

🇧🇷 167.126.6.183

🇬🇧 165.227.232.157

🇩🇪 164.92.140.160

🇺🇸 157.230.189.4

🇸🇬 136.110.63.185

🇺🇸 136.109.36.134

🇮🇳 128.185.33.241

🇨🇳 112.28.234.157

🇱🇹 45.227.254.170

🇧🇪 35.241.205.80

🇺🇸 3.22.233.89