JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.230.22.53

120.230.22.53 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 10%: ?

10%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.230.22.53

Whois 120.230.22.53

IP Abuse Reports for 120.230.22.53:

This IP address has been reported a total of 16 times from 4 distinct sources. 120.230.22.53 was first reported on May 12th 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 23:25:56 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 19:25:52.941357 2026] [security2:error] [pid 23959:tid 24011] [client 120.230.22.53:4934] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.ccgparquitectos.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ccgparquitectos.com"] [uri "/"] [unique_id "aiyVgD6lrKmAf7ga3uyFswAAAEM"], referer: http://www.ccgparquitectos.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 01:24:58 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 21:24:51.821890 2026] [security2:error] [pid 29975:tid 29975] [client 120.230.22.53:24340] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.phantomquailkennel.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.phantomquailkennel.com"] [uri "/"] [unique_id "aitf4-vOKzHdd1lMXgBIaAAAABs"], referer: https://www.phantomquailkennel.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 08:39:08 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:39:00.139378 2026] [security2:error] [pid 30021:tid 30021] [client 120.230.22.53:24485] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.cier.xyz\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.cier.xyz"] [uri "/"] [unique_id "aiZ_pKt-vqZTXpXRnKL3egAAAA8"], referer: http://www.cier.xyz/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 15:25:32 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 11:25:27.738212 2026] [security2:error] [pid 5488:tid 5488] [client 120.230.22.53:25599] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.esdulemba.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.esdulemba.com"] [uri "/index.html"] [unique_id "aiQ75-le1j4HH8AQ2kLm4AAAAAo"], referer: http://www.esdulemba.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 07:31:10 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 03:31:07.136309 2026] [security2:error] [pid 7703:tid 7703] [client 120.230.22.53:17842] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.horsesaw.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.horsesaw.com"] [uri "/"] [unique_id "ahqSO8aS-__cBxn0o0BeMAAAAAo"], referer: https://www.horsesaw.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 18:34:19 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 14:34:15.220654 2026] [security2:error] [pid 2126:tid 2126] [client 120.230.22.53:17092] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|airdeluxemusic.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "airdeluxemusic.com"] [uri "/"] [unique_id "ahncJ3mjOMIITi2ZuvhZ9wAAAAU"], referer: http://airdeluxemusic.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 21:36:06 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 17:35:59.271594 2026] [security2:error] [pid 5366:tid 5366] [client 120.230.22.53:19679] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|intra.es\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "intra.es"] [uri "/"] [unique_id "ahTAv6NYlbbWoP0uRfTNngAAAAw"], referer: http://intra.es/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-05-06 02:48:38 (1 month ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/120.230.22.53 2026-05 ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/120.230.22.53 2026-05-05 23:07:49 /favicon.ico show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-24 10:49:23 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 24 06:49:16.123313 2026] [security2:error] [pid 3795:tid 3804] [client 120.230.22.53:13101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.draas.info\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.draas.info"] [uri "/"] [unique_id "acJsLBHO-jCdh3j_GhQcIgAAAAQ"], referer: http://www.draas.info/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-24 23:55:04 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 24 18:54:58.306358 2026] [security2:error] [pid 5630:tid 5630] [client 120.230.22.53:14784] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|pamplonaserviciotecnico.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "pamplonaserviciotecnico.com"] [uri "/"] [unique_id "aXVb0uqCPEJ2pFgjCwEArwAAAAo"], referer: http://pamplonaserviciotecnico.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-05-01 01:26:12 (1 year ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.230.22.53 2025-04- ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.230.22.53 2025-04-30 03:36:15 /config.json 2025-04-30 19:25:56 /sitemap.xml show less	Web App Attack
Anonymous	2024-03-15 15:04:29 (2 years ago)	Web attack	Bad Web Bot Web App Attack
🇿🇦 IrisFlower	2023-05-12 22:21:47 (3 years ago)	Unauthorized connection attempt detected from IP address 120.230.22.53 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-12 22:11:34 (3 years ago)	Unauthorized connection attempt detected from IP address 120.230.22.53 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-12 22:03:51 (3 years ago)	Unauthorized connection attempt detected from IP address 120.230.22.53 to port 443 [J]	Port Scan Hacking

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 101.96.214.98

🇺🇸 2620:18c:0:192::e0:161

🇺🇸 207.180.29.229

🇬🇧 165.154.129.151

🇮🇩 139.255.254.163

🇺🇸 74.63.17.235

🇻🇳 45.119.81.245

🇺🇸 8.234.145.194

🇬🇭 41.242.115.83

🇩🇪 213.209.159.108

🇫🇷 172.71.118.191

🇺🇸 66.132.172.153

🇮🇷 217.24.154.39

🇮🇱 203.159.81.92

🇸🇬 165.154.29.93

🇸🇬 152.32.220.188

🇷🇴 151.242.30.224

🇹🇼 111.70.33.248

🇳🇱 91.92.40.36

🇳🇱 91.92.40.4