JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.229.212.20

120.229.212.20 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 4%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.229.212.20

Whois 120.229.212.20

IP Abuse Reports for 120.229.212.20:

This IP address has been reported a total of 9 times from 3 distinct sources. 120.229.212.20 was first reported on March 29th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 23:44:20 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 19:44:14.821247 2026] [security2:error] [pid 20689:tid 20689] [client 120.229.212.20:27884] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.10bestsongs.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.10bestsongs.com"] [uri "/"] [unique_id "ajMxTvlWL_R8gQ0tBNN81gAAABA"], referer: http://www.10bestsongs.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 23:22:57 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 19:22:52.964234 2026] [security2:error] [pid 16551:tid 16551] [client 120.229.212.20:23662] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.intervinum.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.intervinum.net"] [uri "/"] [unique_id "aiyUzCQBWiPvsYGXJk67rgAAAAY"], referer: http://www.intervinum.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 21:34:39 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 17:34:31.300520 2026] [security2:error] [pid 20173:tid 20255] [client 120.229.212.20:23687] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|mastersofthesecrets.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "mastersofthesecrets.com"] [uri "/"] [unique_id "ainYZx7KIie_jHnRBjhWXgAAAcw"], referer: https://mastersofthesecrets.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 20:52:16 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 16:52:12.277157 2026] [security2:error] [pid 24521:tid 24521] [client 120.229.212.20:12001] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|personal-sportswear.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "personal-sportswear.com"] [uri "/"] [unique_id "ageHfGjXW1iiY6uM2Hd3XAAAAB4"], referer: http://personal-sportswear.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇿🇦 Tokolosh Hunters	2026-03-16 20:17:19 (3 months ago)	AutoBlockWindow-Known bad useragent query-2026-03-16 20:17:18	Bad Web Bot
🇨🇳 ThreatBook.io	2026-02-12 22:12:45 (4 months ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.229.212.20 2026-02 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.229.212.20 2026-02-12 11:57:35 /robots.txt show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 03:23:52 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.229.212.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 22:23:45.885384 2026] [security2:error] [pid 32440:tid 32440] [client 120.229.212.20:4300] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|vanessalends.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "vanessalends.com"] [uri "/"] [unique_id "aYqkwf32Mrl_vmb0FP_yRwAAAAg"], referer: http://vanessalends.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-04-03 22:14:54 (1 year ago)	ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.229.212.20 2025 ... show more ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.229.212.20 2025-04-03 13:25:23 /Login_files/saved_resource.html 2025-04-03 18:08:57 /config.json 2025-04-03 05:48:46 /robots.txt 2025-04-03 18:08:51 / show less	Web App Attack
🇨🇳 ThreatBook.io	2025-03-29 22:13:54 (1 year ago)	ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.229.212.20 2025 ... show more ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.229.212.20 2025-03-29 13:37:15 /dfdfd show less	Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.141.43.146

🇹🇼 198.235.24.32

🇹🇼 198.235.24.27

🇺🇸 193.203.8.204

🇺🇸 64.62.197.168

🇧🇪 198.235.24.252

🇧🇪 198.235.24.246

🇴🇲 188.66.244.53

🇲🇽 158.23.88.242

🇮🇳 103.249.234.154

🇿🇦 41.181.156.205

🇬🇧 35.203.210.102

🇻🇳 203.205.37.233

🇧🇪 198.235.24.235

🇧🇪 198.235.24.227

🇧🇪 198.235.24.222

🇬🇧 193.163.125.133

🇫🇷 51.210.16.115

🇳🇱 45.156.128.54

🇺🇸 45.56.79.53