JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.221.12.198

120.221.12.198 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 4%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.221.12.198

Whois 120.221.12.198

IP Abuse Reports for 120.221.12.198:

This IP address has been reported a total of 16 times from 7 distinct sources. 120.221.12.198 was first reported on May 11th 2023, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-27 20:42:10 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 120.221.12.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.221.12.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 16:42:04.255627 2026] [security2:error] [pid 7187:tid 7187] [client 120.221.12.198:57346] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.waterjetsolutions.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.waterjetsolutions.com"] [uri "/"] [unique_id "akA1nOQVq98-egRW8MWdWgAAABw"], referer: http://www.waterjetsolutions.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 xserverx.ru	2026-03-24 18:19:12 (3 months ago)	[UFW SCAN!!!!] SRC=120.221.12.198 LEN=40 TOS=0x08 PREC=0x20 TTL=37 PROTO=TCP SPT=65073 DPT=22 WINDOW ... show more [UFW SCAN!!!!] SRC=120.221.12.198 LEN=40 TOS=0x08 PREC=0x20 TTL=37 PROTO=TCP SPT=65073 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇺🇸 TPI-Abuse	2026-01-30 21:12:52 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.221.12.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.221.12.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 30 16:12:45.041406 2026] [security2:error] [pid 19222:tid 19222] [client 120.221.12.198:31791] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.praiseworthy.info\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.praiseworthy.info"] [uri "/"] [unique_id "aX0ezaS-NpdZTv7x6uo3mwAAAAw"], referer: https://www.praiseworthy.info/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-31 20:07:19 (10 months ago)	Infected user bad webscan	Exploited Host
🇮🇹 Samsteve169	2024-06-30 00:14:42 (2 years ago)	Attempt from 120.221.12.198	Brute-Force SSH
🇮🇹 Samsteve169	2024-06-27 21:04:44 (2 years ago)	Attempt from 120.221.12.198	Brute-Force SSH
🇮🇹 Samsteve169	2024-06-26 20:59:16 (2 years ago)	Attempt from 120.221.12.198	Brute-Force SSH
🇺🇸 bigscoots.com	2024-06-25 22:30:59 (2 years ago)	120.221.12.198 (CN/China/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Por ... show more 120.221.12.198 (CN/China/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: Jun 25 17:30:12 15527 sshd[4225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.221.100.248 user=root Jun 25 17:30:13 15527 sshd[4225]: Failed password for root from 120.221.100.248 port 16188 ssh2 Jun 25 17:29:45 15527 sshd[4160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.221.12.198 user=root Jun 25 17:29:47 15527 sshd[4160]: Failed password for root from 120.221.12.198 port 16101 ssh2 Jun 25 17:30:33 15527 sshd[4244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.221.100.248 user=root IP Addresses Blocked: 120.221.100.248 (CN/China/-) show less	Brute-Force SSH
🇷🇸 Scan	2024-05-26 03:26:51 (2 years ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇷🇸 Scan	2024-05-09 10:41:34 (2 years ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-25 23:32:59 (3 years ago)	Unauthorized connection attempt detected from IP address 120.221.12.198 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-24 23:34:09 (3 years ago)	Unauthorized connection attempt detected from IP address 120.221.12.198 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-21 23:33:30 (3 years ago)	Unauthorized connection attempt detected from IP address 120.221.12.198 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-15 22:42:52 (3 years ago)	Unauthorized connection attempt detected from IP address 120.221.12.198 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-15 22:30:25 (3 years ago)	Unauthorized connection attempt detected from IP address 120.221.12.198 to port 443 [J]	Port Scan Hacking

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 100.29.192.117

🇧🇪 34.156.212.53

🇳🇱 204.76.203.79

🇦🇷 190.15.88.166

🇨🇳 124.94.188.1

🇰🇷 112.185.16.157

🇹🇼 111.70.3.106

🇮🇱 2.55.88.51

🇨🇴 186.155.15.35

🇲🇾 175.136.1.81

🇩🇪 141.133.105.36

🇺🇸 108.61.87.135

🇳🇱 50.7.233.211

🇩🇪 2a01:4f8:150:13a5::100:19

🇻🇳 183.81.19.0

🇺🇸 162.216.149.146

🇧🇷 131.221.174.14

🇯🇵 118.193.61.170

🇨🇳 118.178.234.99

🇧🇪 34.156.33.238