JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 123.234.99.16

123.234.99.16 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 17%: ?

17%

ISP	China Unicom Shandong Province Network
Usage Type	Fixed Line ISP
ASN	AS4837
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Qingdao, Shandong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 123.234.99.16

Whois 123.234.99.16

IP Abuse Reports for 123.234.99.16:

This IP address has been reported a total of 8 times from 4 distinct sources. 123.234.99.16 was first reported on April 23rd 2022, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-24 01:22:21 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 123.234.99.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 123.234.99.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 21:22:14.760686 2026] [security2:error] [pid 940:tid 940] [client 123.234.99.16:30906] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|natursac.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "natursac.com"] [uri "/"] [unique_id "ajsxRuC2J9ZGK69FC8K4RQAAABw"], referer: http://natursac.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 19:10:13 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 123.234.99.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 123.234.99.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 15:10:05.311399 2026] [security2:error] [pid 27179:tid 27179] [client 123.234.99.16:0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:user-agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.goalsnet.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.goalsnet.net"] [uri "/"] [unique_id "ajraDaWxkFCmIRdIRc79egAAAAk"], referer: http://www.goalsnet.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 16:19:00 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 123.234.99.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 123.234.99.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 12:18:53.286589 2026] [security2:error] [pid 32089:tid 32089] [client 123.234.99.16:30793] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.aares2026.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.aares2026.net"] [uri "/index.html"] [unique_id "ajF3bWlFQ-3WQoaksc0mwwAAAAk"], referer: http://www.aares2026.net/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 19:39:47 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 123.234.99.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 123.234.99.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 15:39:40.004992 2026] [security2:error] [pid 12378:tid 12400] [client 123.234.99.16:30284] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.classactionlawsuit.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.classactionlawsuit.org"] [uri "/"] [unique_id "ah3f_DZ_U4n8m6PxGlIs3wAAAFQ"], referer: https://www.classactionlawsuit.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-01 18:43:35 (3 weeks ago)	[MonJun0120:43:29.3788302026][security2:error][pid1956949:tid1957189][client123.234.99.16:0]ModSecur ... show more [MonJun0120:43:29.3788302026][security2:error][pid1956949:tid1957189][client123.234.99.16:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.hostingedominio.com\"][uri\"/\"][unique_id\"ah3S0SZGebNT0TiNuMPeOgAAANA\"]\,referer:https://www.hostingedominio.com/ show less	Hacking Web App Attack
🇨🇳 ThreatBook.io	2026-05-10 23:54:55 (1 month ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/123.234.99.16 2026-05-10 15 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/123.234.99.16 2026-05-10 15:00:44 /config.json show less	Web App Attack
🇨🇳 ThreatBook.io	2026-05-09 23:52:29 (1 month ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/123.234.99.16 2026-05-09 10 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/123.234.99.16 2026-05-09 10:01:54 /robots.txt show less	Web App Attack
🇿🇦 IrisFlower	2022-04-23 06:31:28 (4 years ago)	Unauthorized connection attempt detected from IP address 123.234.99.16 to port 443 [J]	Port Scan Hacking

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇿 193.169.161.57

🇺🇸 172.253.85.93

🇻🇳 171.231.191.142

🇨🇳 111.228.13.226

🇺🇸 66.132.172.147

🇧🇪 198.235.24.165

🇬🇧 188.240.59.41

🇺🇸 184.32.233.196

🇨🇳 106.12.151.23

🇬🇧 90.241.105.56

🇧🇾 81.30.98.142

🇸🇪 78.71.220.153

🇺🇸 66.132.186.242

🇳🇱 45.148.10.141

🇺🇸 37.140.223.144

🇺🇸 20.115.45.115

🇺🇸 2.57.148.196

🇺🇸 216.25.89.131

🇩🇪 213.209.159.238

🇲🇽 200.68.181.198