JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.221.100.158

120.221.100.158 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 30%: ?

30%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Qingdao, Shandong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.221.100.158

Whois 120.221.100.158

IP Abuse Reports for 120.221.100.158:

This IP address has been reported a total of 13 times from 10 distinct sources. 120.221.100.158 was first reported on September 22nd 2022, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 shabi	2026-06-03 09:44:08 (2 weeks ago)	UFW Blocked [80/TCP] Source: 120.221.100.158:10926 TTL: 239 Lenth: 40 TOS: 0x00	Port Scan Web App Attack
Anonymous	2026-05-31 19:16:10 (2 weeks ago)	Ports: 3306; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 kosada.com	2026-05-28 23:11:54 (3 weeks ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇩🇪 Rokku	2026-05-26 09:47:00 (3 weeks ago)	Login Attack	FTP Brute-Force
Anonymous	2026-05-24 16:14:26 (3 weeks ago)	Ports: 3306; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇹🇼 kk_it_man	2026-05-20 11:50:02 (4 weeks ago)	honey catch	Port Scan
🇩🇪 iNetWorker	2026-05-19 15:48:22 (1 month ago)	trying to access non-authorized port	Port Scan
🇫🇷 Hiigara	2026-05-19 09:30:52 (1 month ago)	connection attempt : 120.221.100.158 on port : tcp/3306 (MySQL)	Port Scan
🇺🇸 TPI-Abuse	2026-04-05 20:06:29 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.221.100.158 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 120.221.100.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 16:06:25.332422 2026] [security2:error] [pid 7638:tid 7638] [client 120.221.100.158:40466] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.reunionking.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.reunionking.com"] [uri "/"] [unique_id "adLAwR17zan7Ji_-Zu0sRgAAAA8"], referer: http://www.reunionking.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-05 06:37:54 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.221.100.158 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 120.221.100.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 02:37:48.574082 2026] [security2:error] [pid 24945:tid 24945] [client 120.221.100.158:3413] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.daveslawncare.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.daveslawncare.com"] [uri "/"] [unique_id "adIDPNa-jH_ImBJRnCz-6AAAABw"], referer: http://www.daveslawncare.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Scan	2024-04-22 08:11:42 (2 years ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇿🇦 IrisFlower	2023-04-15 20:13:37 (3 years ago)	Unauthorized connection attempt detected from IP address 120.221.100.158 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2022-09-22 07:56:11 (3 years ago)	Unauthorized connection attempt detected from IP address 120.221.100.158 to port 3389 [J]	Port Scan Hacking

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 185.149.26.71

🇻🇳 103.154.62.14

🇩🇪 103.14.32.192

🇳🇱 45.148.10.183

🇨🇦 20.104.203.253

🇺🇸 198.62.7.140

🇩🇪 194.164.63.8

🇬🇧 193.163.125.222

🇨🇭 107.189.1.82

🇰🇪 102.210.149.105

🇰🇬 46.251.213.227

🇷🇴 2.57.122.177

🇫🇮 147.185.133.159

🇮🇩 103.133.61.179

🇱🇹 81.30.98.158

🇩🇪 69.5.169.98

🇺🇸 65.49.20.110

🇮🇩 36.64.131.68

🇧🇷 191.37.89.75

🇺🇸 150.107.36.74