JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 112.230.227.21

112.230.227.21 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 5%: ?

ISP	China Unicom Shandong province network
Usage Type	Fixed Line ISP
ASN	AS4837
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Qingdao, Shandong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 112.230.227.21

Whois 112.230.227.21

IP Abuse Reports for 112.230.227.21:

This IP address has been reported a total of 7 times from 1 distinct source. 112.230.227.21 was first reported on May 24th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-25 22:16:59 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 18:16:54.310290 2026] [security2:error] [pid 21598:tid 21598] [client 112.230.227.21:7012] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.namefinder.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.namefinder.com"] [uri "/"] [unique_id "aj2o1mzMOgsm4wSqQXtg6gAAAB0"], referer: http://www.namefinder.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 22:21:20 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 18:21:13.182388 2026] [security2:error] [pid 4705:tid 4705] [client 112.230.227.21:52191] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.protonmultimedia.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.protonmultimedia.com"] [uri "/"] [unique_id "ajHMWb3FExc5nudQSJthnQAAAAg"], referer: http://www.protonmultimedia.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 16:43:31 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 12:43:24.618538 2026] [security2:error] [pid 7261:tid 7284] [client 112.230.227.21:36145] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.bullfrogspond.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.bullfrogspond.com"] [uri "/"] [unique_id "aiL8rMZIZTDNZU3N9XcMtgAAAJQ"], referer: http://www.bullfrogspond.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 21:08:58 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 17:08:49.394312 2026] [security2:error] [pid 29806:tid 29806] [client 112.230.227.21:4682] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|surrenderhouse.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "surrenderhouse.com"] [uri "/index.html"] [unique_id "ah9GYSv_3QSXN1bUF_RgCQAAAA0"], referer: http://surrenderhouse.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 17:09:04 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:949110) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 13:08:55.218857 2026] [security2:error] [pid 21168:tid 21168] [client 112.230.227.21:38534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cescfoundation.org"] [uri "/"] [unique_id "ahSCJ3HrWAGtJEQqeOGU0wAAAA4"], referer: https://cescfoundation.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 01:58:05 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 21:57:58.586810 2026] [security2:error] [pid 31402:tid 31402] [client 112.230.227.21:24812] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|ic1.biz\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ic1.biz"] [uri "/index.html"] [unique_id "ahOsplqUyXkQB7BwVhzOoAAAACc"], referer: http://ic1.biz/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 21:15:03 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 112.230.227.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 17:14:58.046300 2026] [security2:error] [pid 30610:tid 30610] [client 112.230.227.21:23406] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|jiggaboojones.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "jiggaboojones.com"] [uri "/"] [unique_id "ahNqUg-YD-s8zSy9vj8obAAAABg"], referer: http://jiggaboojones.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.76.158.107

🇲🇦 196.119.179.90

🇫🇮 147.185.133.74

🇳🇱 81.19.216.112

🇹🇼 198.235.24.17

🇫🇷 194.163.150.184

🇵🇱 185.79.139.16

🇺🇸 172.238.160.104

🇸🇬 172.236.143.246

🇩🇪 172.71.172.152

🇫🇷 172.71.134.115

🇺🇸 147.185.132.140

🇨🇳 101.126.24.58

🇺🇸 216.201.9.35

🇺🇸 162.216.149.218

🇭🇰 162.159.98.213

🇪🇸 162.158.123.161

🇺🇸 161.35.232.220

🇺🇸 96.246.230.97

🇳🇱 45.142.193.164