JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 1.28.54.212

1.28.54.212 was found in our database!

This IP was reported 3 times. Confidence of Abuse is 2%: ?

ISP	China unicom InnerMongolia province network
Usage Type	Fixed Line ISP
ASN	AS4837
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Hohhot, Inner Mongolia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 1.28.54.212

Whois 1.28.54.212

IP Abuse Reports for 1.28.54.212:

This IP address has been reported a total of 3 times from 1 distinct source. 1.28.54.212 was first reported on February 17th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-04 19:50:38 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 1.28.54.212 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210831) triggered by 1.28.54.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 15:50:32.039553 2026] [security2:error] [pid 29890:tid 29890] [client 1.28.54.212:14139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|davesastro.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "davesastro.com"] [uri "/"] [unique_id "aiHXCMQFKGiBJaLmstnjuAAAABE"], referer: http://davesastro.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 00:19:25 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 1.28.54.212 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210831) triggered by 1.28.54.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 20:19:21.896421 2026] [security2:error] [pid 19146:tid 19146] [client 1.28.54.212:14372] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.register-yacht-uk.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.register-yacht-uk.com"] [uri "/"] [unique_id "ahOViQqCmJluIMkFxaZM3wAAAAQ"], referer: https://www.register-yacht-uk.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-17 20:11:59 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 1.28.54.212 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210831) triggered by 1.28.54.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 15:11:54.357390 2026] [security2:error] [pid 25270:tid 25270] [client 1.28.54.212:21341] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.michaelholdengc.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.michaelholdengc.com"] [uri "/"] [unique_id "aZTLirqf9_smpCuPdNOlzwAAABg"], referer: http://www.michaelholdengc.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 3 of 3 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 2a0b:f4c2::16

🇳🇱 192.109.200.215

🇮🇩 163.7.4.169

🇮🇹 151.95.211.132

🇨🇳 111.9.47.89

🇲🇩 91.199.133.230

🇫🇷 91.196.152.9

🇧🇪 34.76.36.74

🇨🇦 15.235.27.155

🇳🇱 5.83.143.123

🇺🇸 3.88.70.7

🇮🇳 2402:e280:3daf:11b:507a:3daa:749a:bc8e

🇺🇸 192.227.235.212

🇰🇷 158.180.79.132

🇺🇸 147.185.132.160

🇰🇷 121.131.103.35

🇧🇾 81.30.98.142

🇨🇳 60.255.229.249

🇬🇧 35.203.211.42

🇺🇸 20.40.216.95