JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 112.238.101.117

112.238.101.117 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 9%: ?

ISP	China Unicom Shandong province network
Usage Type	Fixed Line ISP
ASN	AS4837
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Qingdao, Shandong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 112.238.101.117

Whois 112.238.101.117

IP Abuse Reports for 112.238.101.117:

This IP address has been reported a total of 7 times from 2 distinct sources. 112.238.101.117 was first reported on April 25th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-04 14:33:13 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 10:32:57.330171 2026] [security2:error] [pid 21016:tid 21016] [client 112.238.101.117:29187] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|ramabahama.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ramabahama.net"] [uri "/"] [unique_id "aiGMmTd59bk7vkCn5T9M4QAAAAs"], referer: https://ramabahama.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 21:15:20 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 17:15:02.679266 2026] [security2:error] [pid 2336:tid 2336] [client 112.238.101.117:1512] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|axiselectric.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "axiselectric.net"] [uri "/"] [unique_id "ahoB1qpa0Vpk30K6xN5mEQAAACU"], referer: http://axiselectric.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 00:08:57 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 20:08:39.680821 2026] [security2:error] [pid 19638:tid 19638] [client 112.238.101.117:61677] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|periodthreads.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "periodthreads.com"] [uri "/index.htm"] [unique_id "ahOTB0Ll1cG7md6Nm0RoygAAAAY"], referer: http://periodthreads.com/index.htm show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 23:49:14 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 19:48:59.010343 2026] [security2:error] [pid 6051:tid 6051] [client 112.238.101.117:22389] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|tatethegreat.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "tatethegreat.com"] [uri "/index.html"] [unique_id "ahOOa3A6763_ac4kazFyBQAAAAc"], referer: http://tatethegreat.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 19:03:07 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 15:02:50.366719 2026] [security2:error] [pid 9573:tid 9573] [client 112.238.101.117:35407] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|uniquelaos.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "uniquelaos.com"] [uri "/"] [unique_id "agYcWp6q8pQk4aZbquq6_QAAABo"], referer: http://uniquelaos.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-05-06 00:02:20 (1 month ago)	ThreatBook Intelligence: Dynamic IP more details on http://threatbook.io/ip/112.238.101.117 2026-05- ... show more ThreatBook Intelligence: Dynamic IP more details on http://threatbook.io/ip/112.238.101.117 2026-05-05 02:45:15 /robots.txt show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-25 23:07:59 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 112.238.101.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 19:07:44.903219 2026] [security2:error] [pid 5061:tid 5106] [client 112.238.101.117:39673] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.wicca-love-spells.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.wicca-love-spells.com"] [uri "/"] [unique_id "ae1JQETconLCUf063izf3QAAAQ8"], referer: http://www.wicca-love-spells.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.200

🇳🇱 176.65.148.228

🇺🇸 172.120.89.174

🇺🇸 66.132.172.36

🇸🇪 20.91.198.61

🇳🇱 193.176.31.155

🇺🇸 147.185.132.120

🇨🇦 85.217.149.22

🇩🇪 47.254.167.66

🇺🇸 18.217.208.51

🇧🇷 205.210.31.228

🇬🇧 193.32.209.226

🇨🇳 180.184.182.87

🇺🇸 135.237.126.90

🇱🇧 109.233.21.109

🇩🇪 69.5.169.254

🇺🇸 65.49.1.23

🇺🇸 64.23.146.172

🇺🇸 24.90.47.19

🇺🇸 20.80.72.204