JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.229.245.38

120.229.245.38 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 4%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56040
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.229.245.38

Whois 120.229.245.38

IP Abuse Reports for 120.229.245.38:

This IP address has been reported a total of 6 times from 2 distinct sources. 120.229.245.38 was first reported on September 4th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-26 22:59:06 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 18:58:59.169322 2026] [security2:error] [pid 25608:tid 25608] [client 120.229.245.38:10392] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|nymarts.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "nymarts.com"] [uri "/index.html"] [unique_id "aj8EM2dwEcV3eLF9mEg4iwAAAAk"], referer: https://nymarts.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 12:28:55 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 08:28:48.183675 2026] [security2:error] [pid 12524:tid 12537] [client 120.229.245.38:10380] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.trust-more.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.trust-more.com"] [uri "/"] [unique_id "aj5wgPA_HoeNxigs7CYexQAAAEs"], referer: http://www.trust-more.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 20:59:44 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 16:59:35.611608 2026] [security2:error] [pid 5939:tid 5939] [client 120.229.245.38:13099] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|informant-systems.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "informant-systems.com"] [uri "/"] [unique_id "ahYJt850cOoX2hQ5MEEfUQAAABY"], referer: http://informant-systems.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 20:15:59 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:949110) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 16:15:54.442160 2026] [security2:error] [pid 21356:tid 21356] [client 120.229.245.38:12994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dplmat.com"] [uri "/"] [unique_id "ahSt-rEIUmULheFt3YRh2AAAAAE"], referer: https://dplmat.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-22 13:18:48 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.229.245.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 09:18:40.821866 2026] [security2:error] [pid 5602:tid 5602] [client 120.229.245.38:20324] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|heathbartley.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "heathbartley.com"] [uri "/index.html"] [unique_id "ab_sMH1DRaxh5TVXHxWNvwAAAA4"], referer: http://heathbartley.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-09-04 00:49:15 (9 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.229.245.38 2025-09-03 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.229.245.38 2025-09-03 14:13:19 /robots.txt show less	Web App Attack

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.109

🇳🇱 195.178.110.217

🇩🇰 109.59.69.107

🇸🇬 94.231.206.158

🇺🇸 66.240.205.34

🇺🇸 66.132.195.120

🇺🇸 66.132.195.85

🇳🇱 45.148.10.157

🇺🇸 45.79.190.10

🇬🇪 2.57.217.229

🇳🇱 195.178.110.30

🇲🇽 186.96.145.241

🇺🇸 172.253.86.26

🇵🇰 103.186.77.66

🇺🇸 96.78.175.41

🇹🇷 94.154.43.181

🇺🇸 66.132.186.254

🇸🇪 56.228.27.218

🇻🇳 27.79.40.210

🇺🇸 2600:1f18:3aea:7000:db96:5ab5:d0ed:a1d0