JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 123.183.191.148

123.183.191.148 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 24%: ?

24%

ISP	CHINANET hebei province network
Usage Type	Fixed Line ISP
ASN	AS4134
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shijiazhuang, Hebei

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 123.183.191.148

Whois 123.183.191.148

IP Abuse Reports for 123.183.191.148:

This IP address has been reported a total of 22 times from 8 distinct sources. 123.183.191.148 was first reported on February 16th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-23 01:08:52 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 21:08:45.989685 2026] [security2:error] [pid 9668:tid 9668] [client 123.183.191.148:54143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.modalsoftware.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.modalsoftware.com"] [uri "/"] [unique_id "ajncnbXGqyD0_8wcQresbwAAAA8"], referer: http://www.modalsoftware.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 kosada.com	2026-06-17 06:12:04 (1 week ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-14 19:08:46 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 15:08:38.529318 2026] [security2:error] [pid 3991:tid 3991] [client 123.183.191.148:40982] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|washburn-books.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "washburn-books.com"] [uri "/"] [unique_id "ai78NlUtCKZ1Wi4h8g7vaQAAAAM"], referer: https://washburn-books.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 18:46:20 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 14:46:13.897985 2026] [security2:error] [pid 28248:tid 28248] [client 123.183.191.148:15298] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.conveyorizedovens.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.conveyorizedovens.com"] [uri "/"] [unique_id "aicN9WfBzt23u-8VNKFzkwAAAAA"], referer: http://www.conveyorizedovens.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 22:43:38 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 18:43:33.773492 2026] [security2:error] [pid 4179:tid 4179] [client 123.183.191.148:34025] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|moonfest.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "moonfest.net"] [uri "/"] [unique_id "aiNRFa5iQ-CUoVp93YqA1wAAABg"], referer: http://moonfest.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 19:59:50 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 15:59:46.358145 2026] [security2:error] [pid 4636:tid 4636] [client 123.183.191.148:29325] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|ruizpuche.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ruizpuche.com"] [uri "/"] [unique_id "aiHZMuYr7fJCCDLULTz09wAAAA4"], referer: http://ruizpuche.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 18:45:46 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 14:45:40.166774 2026] [security2:error] [pid 32562:tid 32571] [client 123.183.191.148:9362] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.reattaforsale.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.reattaforsale.com"] [uri "/"] [unique_id "ah3TVNs6NgVO9Yi8jwI4EwAAAQQ"], referer: http://www.reattaforsale.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 19:56:28 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 15:56:20.399307 2026] [security2:error] [pid 16405:tid 16405] [client 123.183.191.148:5494] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|mjgraphics.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "mjgraphics.net"] [uri "/"] [unique_id "ahnvZGaRaREuECh_bIr08AAAAAM"], referer: http://mjgraphics.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (4 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 0a9278f2-ffb8-4472-8b4f-87e634c16433	DDoS Attack
🇺🇸 TPI-Abuse	2026-05-22 19:42:19 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 15:42:11.524017 2026] [security2:error] [pid 14734:tid 14734] [client 123.183.191.148:22367] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|zebax.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "zebax.com"] [uri "/"] [unique_id "ahCxk1JUAt1wLtbuvZ6GIAAAABM"], referer: https://zebax.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 21:58:45 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 17:58:39.149770 2026] [security2:error] [pid 8321:tid 8321] [client 123.183.191.148:10384] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|fancycleaners.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "fancycleaners.com"] [uri "/"] [unique_id "agzdD36mx9-XGfK1sCc6xAAAAAI"], referer: http://fancycleaners.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 20:20:13 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 16:20:06.696796 2026] [security2:error] [pid 13817:tid 13817] [client 123.183.191.148:5060] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.rail-town.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.rail-town.com"] [uri "/"] [unique_id "agzF9hpqoqmmzCkkO1UrogAAAAI"], referer: https://www.rail-town.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 19:58:44 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 123.183.191.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 15:58:39.627024 2026] [security2:error] [pid 2487:tid 2487] [client 123.183.191.148:57649] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.ryszardwycisk.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ryszardwycisk.com"] [uri "/"] [unique_id "agod7wix5pyuPeUSXG2QXQAAAEg"], referer: http://www.ryszardwycisk.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇸🇬 mypatricks	2026-04-26 01:00:14 (1 month ago)	123.183.191.148 \| Port: 13833 \| DNS: 123.183.191.148 2026-04-26T09:00:13+08:00 Asia/Shanghai \| FETCH ... show more 123.183.191.148 \| Port: 13833 \| DNS: 123.183.191.148 2026-04-26T09:00:13+08:00 Asia/Shanghai \| FETCH Sproofing Activity Detetced. \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 HTTP/1.1 443 GET \| URL: /contents/jquery-code?abfbddfedacc=afcccccccfbdde \| Ref: - \| Country: CN/China/+08:00 IP City: Shijiazhuang 9f21a3d32e9cc0ea-AMS/Amsterdam, Netherlands 1 hits/0 secs Robots 1 show less	Brute-Force Web App Attack Blog Spam Web Spam Exploited Host
Anonymous	2026-04-17 12:19:46 (2 months ago)	Unauthorized connection attempt. Port 8614	Port Scan

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4003:c01::126

🇩🇪 167.94.146.78

🇩🇪 167.94.145.27

🇫🇷 91.231.89.250

🇫🇷 85.217.140.27

🇹🇼 198.235.24.70

🇺🇸 195.184.76.12

🇺🇸 192.169.136.182

🇩🇪 185.242.3.226

🇺🇸 164.92.114.247

🇺🇸 141.11.88.9

🇻🇳 116.104.254.232

🇳🇱 103.161.34.59

🇿🇦 102.64.47.217

🇨🇳 101.26.28.47

🇺🇸 66.132.186.234

🇧🇷 45.205.1.198

🇺🇸 20.163.37.97

🇺🇸 141.11.88.7

🇨🇳 123.10.73.60