JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 221.239.90.67

221.239.90.67 was found in our database!

This IP was reported 323 times. Confidence of Abuse is 46%: ?

46%

ISP	CHINANET TIANJIN PROVINCE NETWORK
Usage Type	Commercial
ASN	AS17638
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Tianjin, Tianjin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 221.239.90.67

Whois 221.239.90.67

IP Abuse Reports for 221.239.90.67:

This IP address has been reported a total of 323 times from 30 distinct sources. 221.239.90.67 was first reported on May 22nd 2024, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-27 09:10:34 (1 hour ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 05:10:29.832273 2026] [security2:error] [pid 12847:tid 12847] [client 221.239.90.67:2096] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|askmedichat.com.fiyaplatform.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "askmedichat.com.fiyaplatform.com"] [uri "/"] [unique_id "aj-ThX_e_S7RLgH_9qPowAAAAAM"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 14:13:40 (20 hours ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 10:13:35.158735 2026] [security2:error] [pid 14548:tid 14548] [client 221.239.90.67:2051] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|alt.mavikalem.org\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "alt.mavikalem.org"] [uri "/"] [unique_id "aj6JD0uQIiUwE2qYy_iu8QAAABM"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 12:24:31 (22 hours ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 08:24:26.593288 2026] [security2:error] [pid 19083:tid 19083] [client 221.239.90.67:2057] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|ftp.nysasports.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "ftp.nysasports.com"] [uri "/"] [unique_id "aj5vemx9HgPRmUrOIxY74gAAAAc"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 10:19:34 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 06:19:25.994967 2026] [security2:error] [pid 1758:tid 1758] [client 221.239.90.67:2049] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|mail.virginiabeachlovebird.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "mail.virginiabeachlovebird.com"] [uri "/"] [unique_id "aj5SLdLHhiOLpcxYtRruzQAAABg"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇭🇺 bcsaba	2026-06-26 04:03:25 (1 day ago)	Suricata: Alert - ET INFO Go-http-client User-Agent Observed Inbound	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 16:23:48 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 12:23:42.992825 2026] [security2:error] [pid 4730:tid 4730] [client 221.239.90.67:2053] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.ambarsolar.aguasolar.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.ambarsolar.aguasolar.com"] [uri "/"] [unique_id "aj1WDvmp54hlWW8nus6UqQAAABA"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇲🇽 impra	2026-06-25 13:21:07 (1 day ago)	Detected 14 connection attempts across 2 ports.	Port Scan Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 06:42:57 (2 days ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 02:42:49.709828 2026] [security2:error] [pid 32177:tid 32177] [client 221.239.90.67:2048] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.stricklinphotography.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.stricklinphotography.com"] [uri "/"] [unique_id "ajzN6X0xIEgd6EREnU6w3QAAAAM"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 23:55:15 (2 days ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 19:55:10.347306 2026] [security2:error] [pid 13215:tid 13231] [client 221.239.90.67:2049] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.casino.blog\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.casino.blog"] [uri "/"] [unique_id "ajxuXgeGq2wX9wlrmlXn5gAAAA4"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 20:27:38 (2 days ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 16:27:34.398234 2026] [security2:error] [pid 20298:tid 20298] [client 221.239.90.67:2048] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.kristip.baird.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.kristip.baird.net"] [uri "/"] [unique_id "ajw9tvov-FdAhYJPLg9F5wAAAAs"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 11:43:49 (2 days ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 07:43:44.114665 2026] [security2:error] [pid 10291:tid 10291] [client 221.239.90.67:2048] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.34.gisur.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.34.gisur.com"] [uri "/"] [unique_id "ajvC8OsCpVeH9YaMJkhIvgAAAAk"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 15:23:43 (3 days ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 11:23:38.675844 2026] [security2:error] [pid 24651:tid 24651] [client 221.239.90.67:2139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.al-hafeeztrust.al-bukhari.org\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.al-hafeeztrust.al-bukhari.org"] [uri "/"] [unique_id "ajqk-qQ8XXL1kPnFCw3QNQAAAAI"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 OptimusGO	2026-06-23 08:36:58 (4 days ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-06-23 09:36:58 UTC Log evidence: 221.239.90.67 - - [23/Jun/2026:09:36:57 +0100] "GET / HTTP/1.1" 200 409 "https://www.baidu.com" "Mozilla/5.0 (Linux; Android 12; redroid12_arm64 Build/SQ1D.220205.004; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/122.0.6261.119 Mobile Safari/537.36 uni-app" 06/23/2026-09:36:57.612464 [] [1:2221035:1] SURICATA HTTP Request excessive header repetition [] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 221.239.90.67:2440 -> 185.127.18.66:80 show less	Port Scan Brute-Force
🇺🇸 TPI-Abuse	2026-06-23 08:20:38 (4 days ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 04:20:33.114187 2026] [security2:error] [pid 27813:tid 27813] [client 221.239.90.67:2102] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|mail.peradotto.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "mail.peradotto.net"] [uri "/"] [unique_id "ajpB0a3Y9ignIOaJG__KdwAAABQ"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇭🇺 bcsaba	2026-06-22 19:03:19 (4 days ago)	Suricata: Alert - ET INFO Go-http-client User-Agent Observed Inbound	Web App Attack

Showing 1 to 15 of 323 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇱 217.28.144.61

🇮🇩 180.249.186.216

🇳🇱 176.65.139.216

🇺🇸 173.52.88.174

🇰🇷 59.12.160.91

🇳🇱 45.148.10.141

🇻🇳 14.185.86.238

🇩🇪 217.160.193.15

🇺🇸 103.143.11.150

🇹🇷 93.113.63.28

🇺🇸 64.62.156.155

🇺🇸 20.64.105.32

🇺🇸 8.47.99.159

🇨🇦 2a00:1d20:49:3:9999::200

🇮🇳 152.59.202.213

🇺🇸 135.119.97.71

🇵🇰 119.156.28.157

🇨🇳 113.218.212.85

🇳🇱 91.92.40.6

🇺🇸 64.222.228.21