JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 119.127.139.103

119.127.139.103 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 15%: ?

15%

ISP	CHINANET Guangdong province network
Usage Type	Fixed Line ISP
ASN	AS4134
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shenzhen, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 119.127.139.103

Whois 119.127.139.103

IP Abuse Reports for 119.127.139.103:

This IP address has been reported a total of 12 times from 2 distinct sources. 119.127.139.103 was first reported on June 13th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 12:48:08 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 08:48:03.278357 2026] [security2:error] [pid 22281:tid 22306] [client 119.127.139.103:3561] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.aafm.us\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.aafm.us"] [uri "/"] [unique_id "ajPpA70-BCqGOxo02EMupAAAAVY"], referer: https://www.aafm.us/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 10:13:57 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 06:13:51.772058 2026] [security2:error] [pid 8048:tid 8180] [client 119.127.139.103:3915] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.windowtailors.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.windowtailors.com"] [uri "/"] [unique_id "ajPE3_AikUHBB7UB9sEeNgAAAg4"], referer: https://www.windowtailors.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 20:15:23 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 16:15:16.137093 2026] [security2:error] [pid 27671:tid 27671] [client 119.127.139.103:2555] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.omahareact.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.omahareact.org"] [uri "/"] [unique_id "ajMAVBIPrj48s8jaVyeH5AAAAAo"], referer: http://www.omahareact.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 23:47:49 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 19:47:42.494632 2026] [security2:error] [pid 23303:tid 23303] [client 119.127.139.103:3563] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|iahksa.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "iahksa.com"] [uri "/"] [unique_id "ajHgnm0kE2hQ8e2icpvmZAAAAAg"], referer: https://iahksa.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 20:31:01 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 16:30:53.794304 2026] [security2:error] [pid 16546:tid 16546] [client 119.127.139.103:4067] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.avmcyber.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.avmcyber.com"] [uri "/"] [unique_id "ajGyfa0m6LgECCR2zkb24QAAAA0"], referer: http://www.avmcyber.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 20:13:57 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 16:13:50.859510 2026] [security2:error] [pid 16873:tid 16873] [client 119.127.139.103:1229] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.cybersoftware.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.cybersoftware.org"] [uri "/"] [unique_id "ajGufvEzN8j_HSNBHPEzyQAAAAM"], referer: http://www.cybersoftware.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 11:14:25 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 07:14:19.478245 2026] [security2:error] [pid 11358:tid 11467] [client 119.127.139.103:2189] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.pamper.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.pamper.com"] [uri "/"] [unique_id "ajEwC-96emyunJyZ7K4hsgAAAQs"], referer: http://www.pamper.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-15 08:31:03 (1 week ago)	[MonJun1510:30:57.6509332026][security2:error][pid2319617:tid2319807][client119.127.139.103:0]ModSec ... show more [MonJun1510:30:57.6509332026][security2:error][pid2319617:tid2319807][client119.127.139.103:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.aid-web.ch\"][uri\"/\"][unique_id\"ai-4QXNSXvW0sJK6hNsRQQAAAEg\"]\,referer:https://www.aid-web.ch/ show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 20:55:38 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 16:55:32.191607 2026] [security2:error] [pid 19502:tid 19502] [client 119.127.139.103:4767] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|jpastorphotographics.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "jpastorphotographics.com"] [uri "/"] [unique_id "ai8VRLoGqLLX4EIWED7O3QAAAB0"], referer: http://jpastorphotographics.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 02:21:35 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 22:21:28.141002 2026] [security2:error] [pid 27034:tid 27034] [client 119.127.139.103:3807] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|sjhrc.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "sjhrc.org"] [uri "/"] [unique_id "ai4QKPY6Q5ZCR8uJIAHtUgAAAB8"], referer: http://sjhrc.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 23:55:18 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 19:55:13.200909 2026] [security2:error] [pid 638:tid 638] [client 119.127.139.103:3993] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|testrong.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "testrong.com"] [uri "/"] [unique_id "ai3t4fOP36v8fuZp4RfMsgAAAA0"], referer: http://testrong.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 19:06:06 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 119.127.139.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 15:05:59.663330 2026] [security2:error] [pid 32341:tid 32341] [client 119.127.139.103:4682] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|webtony.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "webtony.net"] [uri "/"] [unique_id "ai2qF2ZfN0zgQvtAYd9x1gAAABk"], referer: http://webtony.net/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇨 205.235.2.176

🇳🇱 193.176.31.156

🇫🇮 147.185.133.167

🇧🇷 201.71.192.108

🇻🇪 190.206.2.225

🇳🇱 159.223.6.75

🇺🇸 147.182.247.10

🇨🇦 104.207.59.210

🇮🇷 85.198.19.251

🇩🇪 69.5.169.58

🇺🇸 52.238.198.211

🇧🇪 35.187.177.239

🇰🇷 220.80.223.144

🇨🇳 124.251.110.186

🇨🇳 124.74.9.190

🇨🇳 103.217.196.222

🇷🇴 92.118.39.236

🇩🇪 64.89.163.85

🇰🇷 59.30.138.58

🇳🇱 34.178.200.11