JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 175.6.113.166

175.6.113.166 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 47%: ?

47%

ISP	CHINANET HUNAN PROVINCE NETWORK
Usage Type	Data Center/Web Hosting/Transit
ASN	AS63835
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Changsha, Hunan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 175.6.113.166

Whois 175.6.113.166

IP Abuse Reports for 175.6.113.166:

This IP address has been reported a total of 10 times from 7 distinct sources. 175.6.113.166 was first reported on June 25th 2026, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 IRISIO	2026-06-30 11:23:07 (3 hours ago)	scans/SQL injection/spam posts : 6 queries	Web App Attack SQL Injection
🇧🇾 lns.bz	2026-06-30 08:31:40 (6 hours ago)	.env scanning [BY]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 07:18:07 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 175.6.113.166 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 175.6.113.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 03:18:03.676585 2026] [security2:error] [pid 8344:tid 8344] [client 175.6.113.166:51146] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.meridianranchdrc.org"] [uri "/api/.env"] [unique_id "akNtq71aDtjRke8HlQBkewAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 05:43:06 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 175.6.113.166 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 175.6.113.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 01:42:55.568693 2026] [security2:error] [pid 15850:tid 15850] [client 175.6.113.166:39876] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rucomp.com"] [uri "/.env.bak"] [unique_id "akNXX1JDk8SGax3Z91XQ1QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Hary74656	2026-06-29 21:34:12 (17 hours ago)	[Mon Jun 29 23:34:06.072054 2026] [security2:error] [pid 169025:tid 169149] [client 175.6.113.166:42 ... show more [Mon Jun 29 23:34:06.072054 2026] [security2:error] [pid 169025:tid 169149] [client 175.6.113.166:42848] [client 175.6.113.166] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1056"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "ip.aschi.at"] [ ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-29 11:01:39 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 175.6.113.166 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 175.6.113.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 07:01:30.884828 2026] [security2:error] [pid 446:tid 446] [client 175.6.113.166:52033] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raystransmission.com"] [uri "/.env.save"] [unique_id "akJQilAfAckjyXEM2sgDlAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-26 22:05:58 (3 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-25. show less	Web App Attack SSH Hacking
Anonymous	2026-06-26 13:23:00 (4 days ago)	175.6.113.166 - - [26/Jun/2026:15:22:59 +0200] "GET /.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Window ... show more 175.6.113.166 - - [26/Jun/2026:15:22:59 +0200] "GET /.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 21:29:26 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 175.6.113.166 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 175.6.113.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 17:29:19.457855 2026] [security2:error] [pid 803:tid 803] [client 175.6.113.166:38706] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gsvgallery.perissosdigitalmarketing.com"] [uri "/.env.local"] [unique_id "aj2dr70vNElGtp4bqKBJgQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 interbiznw.com	2026-06-25 15:58:58 (4 days ago)	fail2ban-ban	Hacking Brute-Force Exploited Host Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇷 78.109.200.147

🇮🇷 2.190.145.134

🇧🇷 192.145.214.90

🇺🇸 147.185.132.165

🇸🇬 103.187.147.214

🇩🇪 64.226.65.160

🇨🇳 59.52.102.168

🇳🇱 45.198.224.5

🇧🇪 198.235.24.225

🇹🇭 182.52.236.235

🇸🇬 172.188.89.41

🇺🇸 162.216.149.248

🇳🇬 102.89.84.156

🇺🇸 47.251.241.66

🇺🇸 47.89.230.198

🇳🇱 45.148.10.151

🇬🇧 35.203.211.147

🇷🇴 2.57.122.234

🇨🇳 220.250.11.191

🇭🇰 203.83.11.146