JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 123.152.254.34

123.152.254.34 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 4%: ?

ISP	China Unicom Zhejiang province network
Usage Type	Fixed Line ISP
ASN	AS4837
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Hangzhou, Zhejiang

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 123.152.254.34

Whois 123.152.254.34

IP Abuse Reports for 123.152.254.34:

This IP address has been reported a total of 6 times from 1 distinct source. 123.152.254.34 was first reported on June 17th 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-22 22:48:58 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 18:48:50.872389 2026] [security2:error] [pid 5951:tid 5951] [client 123.152.254.34:24069] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.christineohlman.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.christineohlman.net"] [uri "/"] [unique_id "ajm70gaxkTudJNTCW_6NfgAAACk"], referer: http://www.christineohlman.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 13:06:20 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 09:06:16.470680 2026] [security2:error] [pid 7003:tid 7011] [client 123.152.254.34:22763] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|tierrasolymar.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "tierrasolymar.com"] [uri "/"] [unique_id "ajkzSHgRB76GObynb7kEaAAAAUU"], referer: http://tierrasolymar.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 23:15:33 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 19:15:28.267516 2026] [security2:error] [pid 28668:tid 28668] [client 123.152.254.34:21668] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.thekingtones.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.thekingtones.com"] [uri "/"] [unique_id "ajcfEASlHMO8K2lTOyCxGQAAAAo"], referer: http://www.thekingtones.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 05:53:23 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 01:53:15.404575 2026] [security2:error] [pid 20962:tid 20987] [client 123.152.254.34:21949] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.nimbll.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.nimbll.com"] [uri "/"] [unique_id "ajYqy86FfMNYfdx4sdUl5gAAARM"], referer: https://www.nimbll.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 22:25:10 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 18:25:03.766785 2026] [security2:error] [pid 15966:tid 15966] [client 123.152.254.34:22629] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|theinjuredparties.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "theinjuredparties.com"] [uri "/"] [unique_id "ajRwP8tceZcG6K5muJcQzwAAAAY"], referer: http://theinjuredparties.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 20:18:11 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 123.152.254.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 16:18:03.107685 2026] [security2:error] [pid 28009:tid 28009] [client 123.152.254.34:21146] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|colorwize.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "colorwize.com"] [uri "/index.asp"] [unique_id "ajMA-4sisyhznibhAi6iHgAAACs"], referer: http://colorwize.com/index.asp show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇷 186.13.96.77

🇪🇸 185.67.105.237

🇳🇱 91.92.42.147

🇺🇸 44.241.82.20

🇨🇭 37.140.254.133

🇻🇮 204.11.155.34

🇹🇳 197.5.145.102

🇨🇳 101.52.241.210

🇱🇧 94.187.15.240

🇺🇸 91.230.168.184

🇹🇷 78.180.57.105

🇸🇦 72.1.233.248

🇺🇸 66.132.172.222

🇺🇸 64.62.156.167

🇳🇱 45.148.10.147

🇺🇸 44.60.180.242

🇳🇱 35.204.180.171

🇻🇳 27.79.44.110

🇺🇸 20.98.128.111

🇭🇰 223.197.178.95