JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 221.239.90.68

221.239.90.68 was found in our database!

This IP was reported 101 times. Confidence of Abuse is 59%: ?

59%

ISP	CHINANET TIANJIN PROVINCE NETWORK
Usage Type	Commercial
ASN	AS17638
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Tianjin, Tianjin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 221.239.90.68

Whois 221.239.90.68

IP Abuse Reports for 221.239.90.68:

This IP address has been reported a total of 101 times from 13 distinct sources. 221.239.90.68 was first reported on December 24th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-08 07:34:52 (3 weeks ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 03:34:47.159675 2026] [security2:error] [pid 16854:tid 16854] [client 221.239.90.68:2055] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.curriculum-web.com.creartest.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.curriculum-web.com.creartest.com"] [uri "/"] [unique_id "af2SF1fQBtX_FBI2xFcq7gAAAAk"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-07 09:17:11 (4 weeks ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 05:17:07.434573 2026] [security2:error] [pid 21206:tid 21229] [client 221.239.90.68:2080] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.chilltech.info.faimreps.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.chilltech.info.faimreps.com"] [uri "/"] [unique_id "afxYkwt_Jmi0zaXN6lthGAAAAA4"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-07 08:11:56 (4 weeks ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 04:11:50.908443 2026] [security2:error] [pid 13722:tid 13722] [client 221.239.90.68:2056] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.pnp42.com.grancanariaholidays.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.pnp42.com.grancanariaholidays.com"] [uri "/"] [unique_id "afxJRsd_cvCJZOvd3Ep0iAAAAAQ"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-07 06:34:34 (4 weeks ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 02:34:28.208660 2026] [security2:error] [pid 14420:tid 14420] [client 221.239.90.68:2052] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|buckinghambluesbar.com.buckinghambar.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "buckinghambluesbar.com.buckinghambar.com"] [uri "/"] [unique_id "afwydJ45avA4ElLlGLQxMAAAAAE"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-05-07 00:50:11 (4 weeks ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/221.239.90.68 2026-05- ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/221.239.90.68 2026-05-06 11:49:16 / show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-29 12:43:09 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 08:43:00.725974 2026] [security2:error] [pid 18876:tid 18876] [client 221.239.90.68:2056] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|amp.rustyog.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "amp.rustyog.net"] [uri "/"] [unique_id "afH81CmY7yY4zVMmrIw8ygAAAA8"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-29 11:40:41 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 07:40:36.849640 2026] [security2:error] [pid 1112:tid 1112] [client 221.239.90.68:2058] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|skomaxentertainment.com.alanmariotti.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "skomaxentertainment.com.alanmariotti.com"] [uri "/"] [unique_id "afHuNDRTzi-uNIdKYwy0yAAAABE"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 11:35:30 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 07:35:25.210771 2026] [security2:error] [pid 27371:tid 27495] [client 221.239.90.68:2055] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|live.n2play.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "live.n2play.net"] [uri "/"] [unique_id "afCbfVSeTKpjTYVu5dKShwAAAgI"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 13:23:20 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 09:23:12.008941 2026] [security2:error] [pid 11436:tid 11498] [client 221.239.90.68:2048] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|billingsleyonline.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "billingsleyonline.com"] [uri "/"] [unique_id "ae9jQPKfY_22WmhO_qG74QAAAEs"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 genokrad	2026-04-23 19:39:54 (1 month ago)	Website scan TCP 80/443 "/login" "Mozilla/5.0 (Linux; Android 12; redroid12_arm64 Build/SQ1D.22020"	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-04-23 15:51:56 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 11:51:49.484306 2026] [security2:error] [pid 24364:tid 24364] [client 221.239.90.68:2118] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|theburiednews.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "theburiednews.com"] [uri "/"] [unique_id "aepAFb7STQRjPi3Dz2bQNAAAAAw"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 genokrad	2026-04-23 13:17:56 (1 month ago)	Website scan TCP 80/443 "/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:143.0) Gecko/201001"	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-04-23 11:31:34 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 07:31:26.212732 2026] [security2:error] [pid 10710:tid 10710] [client 221.239.90.68:2077] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.candlecrawler.trade\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.candlecrawler.trade"] [uri "/"] [unique_id "aeoDDlOkLV2Gs3Q49aLjswAAAA4"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-23 10:09:09 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 06:09:00.900806 2026] [security2:error] [pid 20660:tid 20660] [client 221.239.90.68:2154] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|oculaser.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "oculaser.net"] [uri "/"] [unique_id "aenvvIwGOGGipoPFOinUxwAAAAk"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-15 16:05:10 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 221.239.90.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 12:04:55.946889 2026] [security2:error] [pid 2073428:tid 2073428] [client 221.239.90.68:2057] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|answeringilliana.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "answeringilliana.com"] [uri "/"] [unique_id "ad-3JyTd0tneoPeoKQ3ulgAAAAQ"], referer: https://www.baidu.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 46 to 60 of 101 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.85.222.201

🇺🇾 201.217.155.130

🇨🇳 183.221.22.74

🇹🇭 152.32.247.54

🇸🇪 138.124.85.214

🇺🇸 103.143.231.2

🇭🇰 101.36.108.9

🇫🇷 90.113.58.188

🇳🇱 81.19.216.118

🇺🇸 74.114.28.222

🇫🇷 54.37.118.77

🇮🇩 36.90.69.100

🇺🇸 13.86.116.180

🇺🇸 2620:171:fe:f0:9999::244

🇺🇸 216.180.246.243

🇧🇷 191.165.211.142

🇺🇸 162.216.150.208

🇺🇸 52.161.51.64

🇺🇸 20.163.246.209

🇰🇷 220.71.199.64