JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 183.87.99.116

183.87.99.116 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 32%: ?

32%

ISP	Huawei-Cloud-HK
Usage Type	Data Center/Web Hosting/Transit
ASN	AS136907
Domain Name	huawei.com
Country	🇭🇰 Hong Kong
City	Hong Kong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 183.87.99.116

Whois 183.87.99.116

IP Abuse Reports for 183.87.99.116:

This IP address has been reported a total of 15 times from 7 distinct sources. 183.87.99.116 was first reported on December 16th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 backslash	2026-06-25 21:18:00 (1 day ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-25 18:40:14 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 14:40:06.334215 2026] [security2:error] [pid 4415:tid 4415] [client 183.87.99.116:25436] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.mavikalem.org\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.mavikalem.org"] [uri "/"] [unique_id "aj12Bs8XE52zjUhTlchMmAAAAAc"], referer: https://mavikalem.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 07:29:07 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 03:29:01.983788 2026] [security2:error] [pid 16991:tid 16991] [client 183.87.99.116:52424] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|thenursingsite.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "thenursingsite.com"] [uri "/2020/09/https-thenursingsite-com-p2263"] [unique_id "ajzYvaYv4Gly7_feVhvzxgAAAAo"], referer: https://thenursingsite.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 04:06:39 (1 day ago)	(mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 00:06:33.956036 2026] [security2:error] [pid 24256:tid 24256] [client 183.87.99.116:35231] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|arsenalfordemocracy.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "arsenalfordemocracy.com"] [uri "/tag/labor-unions"] [unique_id "ajypSSBtb3wJqUuJCeh4FwAAABQ"], referer: https://arsenalfordemocracy.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 kosada.com	2026-06-25 00:53:44 (1 day ago)	Web bot: denial-of-service flood	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-13 23:50:44 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 19:50:40.091061 2026] [security2:error] [pid 17882:tid 17882] [client 183.87.99.116:35623] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|airtechconsulting.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "airtechconsulting.com"] [uri "/"] [unique_id "ai3s0Pzti2zD2GMyqoAY8QAAAAg"], referer: https://www.chromeheartsofficial.shop/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 14:21:15 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 10:21:08.703332 2026] [security2:error] [pid 30065:tid 30065] [client 183.87.99.116:57135] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.evolute.io\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.evolute.io"] [uri "/top-5-learnings-moving-software-to-containers"] [unique_id "ai1nVP8NO5sy5k5aLhGyYwAAABo"], referer: https://www.evolute.io/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 netmagnet	2026-06-07 09:14:33 (2 weeks ago)	Automated HTTP request flood (1871 requests in ~10 min) to lovecpokladu.cz using spam ?backlink= que ... show more Automated HTTP request flood (1871 requests in ~10 min) to lovecpokladu.cz using spam ?backlink= query params; bad web bot / web app attack from Huawei Cloud HK. show less	Web Spam Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 18:54:39 (4 weeks ago)	(mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 14:54:34.430277 2026] [security2:error] [pid 9118:tid 9118] [client 183.87.99.116:62571] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.dogarttoday.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.dogarttoday.com"] [uri "/tag/darren-rowse/"] [unique_id "ahiPamnn5lLmsdWQJ9Ql8AAAABI"], referer: https://dogarttoday.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 kosada.com	2026-05-28 10:40:18 (4 weeks ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-26 09:20:34 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 183.87.99.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 05:20:29.599174 2026] [security2:error] [pid 24483:tid 24519] [client 183.87.99.116:41995] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.oxfordlawschool.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.oxfordlawschool.com"] [uri "/"] [unique_id "ahVl3YzLRVJ0M_P1JgZsBQAAAQs"], referer: http://www.oxfordlawschool.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-19 01:00:04 (1 month ago)	\| [Dangerous/India] Aggressive IP 183.87.99.116 (~30 hits). Type: DoS Defender- Web server 400 error ... show more \| [Dangerous/India] Aggressive IP 183.87.99.116 (~30 hits). Type: DoS Defender- Web server 400 error code show less	Web App Attack Hacking SQL Injection
🇺🇸 kosada.com	2026-05-17 23:16:14 (1 month ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇺🇸 ne1for23	2025-12-16 23:42:14 (6 months ago)	Attempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" ... show more Attempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" resources improperly exposed externally and "protected" only by a lack of external DNS resolution. 183.87.99.116 - - [16/Dec/2025:23:42:13 +0000] "GET /api/check_version HTTP/1.1" 403 555 "http://http://###.###.###.###/byte/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.127 Safari/537.36" "-" show less	Hacking
🇬🇧 Shadymint	2025-12-16 02:58:37 (6 months ago)	url probing	Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:400e:c0c::121

🇧🇪 209.85.128.68

🇹🇼 198.235.24.103

🇷🇴 80.94.95.211

🇺🇸 54.144.32.149

🇸🇬 43.156.162.193

🇺🇸 34.181.169.58

🇳🇱 193.176.31.248

🇧🇪 104.155.11.101

🇷🇺 87.250.9.98

🇺🇸 20.119.74.72

🇺🇸 172.174.5.146

🇮🇩 103.78.105.178

🇮🇩 103.78.105.23

🇳🇱 91.92.40.66

🇩🇪 2a00:1637:409:90:9999::214

🇳🇱 213.109.147.234

🇧🇪 198.235.24.239

🇮🇩 195.88.211.25

🇸🇬 152.32.220.188