JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.230.22.74

120.230.22.74 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 11%: ?

11%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.230.22.74

Whois 120.230.22.74

IP Abuse Reports for 120.230.22.74:

This IP address has been reported a total of 16 times from 3 distinct sources. 120.230.22.74 was first reported on July 20th 2025, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 paulshipley.com.au	2026-06-26 19:11:40 (17 hours ago)	[Sat Jun 27 05:11:39.712782 2026] [security2:error] [pid 669885] [client 120.230.22.74:14457] [clien ... show more [Sat Jun 27 05:11:39.712782 2026] [security2:error] [pid 669885] [client 120.230.22.74:14457] [client 120.230.22.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rjryanpartners.com.au"] [uri "/"] [unique_id "aj7O67s1dPSpJi0jRMptEAAAABI"], referer: https://rjryanpartners.com.au/ ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 21:08:10 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 17:08:03.054690 2026] [security2:error] [pid 4205:tid 4205] [client 120.230.22.74:24058] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.adelaidapacific.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.adelaidapacific.com"] [uri "/"] [unique_id "agouM-VHkWgUAdJHuXDRigAAAAs"], referer: http://www.adelaidapacific.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 21:11:22 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 17:11:15.795791 2026] [security2:error] [pid 26404:tid 26404] [client 120.230.22.74:24000] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.maffiniandbearce.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.maffiniandbearce.com"] [uri "/"] [unique_id "agjdc3YJ_RBPKMjwBD7NBAAAABE"], referer: https://www.maffiniandbearce.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 18:59:37 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 14:59:29.000821 2026] [security2:error] [pid 2760:tid 2760] [client 120.230.22.74:23934] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.oualierealty.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.oualierealty.com"] [uri "/"] [unique_id "agdtELcgCefgZEQBWcMCtQAAAAQ"], referer: https://www.oualierealty.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 18:48:56 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 14:48:47.906812 2026] [security2:error] [pid 23055:tid 23055] [client 120.230.22.74:17497] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|noelramos.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "noelramos.com"] [uri "/"] [unique_id "afEBD0YzmSq8pial_uJcVQAAAA0"], referer: http://noelramos.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 00:00:13 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 20:00:05.958816 2026] [security2:error] [pid 16241:tid 16241] [client 120.230.22.74:17647] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.mrzradio.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.mrzradio.org"] [uri "/"] [unique_id "ae1VhfjKCYyelP3yDGw5QAAAAAA"], referer: http://www.mrzradio.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-07 03:36:07 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 23:36:00.521200 2026] [security2:error] [pid 926733:tid 926733] [client 120.230.22.74:3746] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.drjaymissdiana.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.drjaymissdiana.com"] [uri "/"] [unique_id "adR7oC9J-s4fhpVttGP1vAAAAAA"], referer: http://www.drjaymissdiana.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-05 20:35:09 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 16:35:02.729709 2026] [security2:error] [pid 29516:tid 29516] [client 120.230.22.74:3608] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|bisbyphotography.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "bisbyphotography.com"] [uri "/index.html"] [unique_id "adLHdkWpkK_q8BwayFZTYAAAAAk"], referer: http://bisbyphotography.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-03-25 01:13:55 (3 months ago)	ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/120.230.22.74 2026-03-24 22: ... show more ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/120.230.22.74 2026-03-24 22:44:32 /sitemap.xml show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-14 19:22:33 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 15:22:28.655734 2026] [security2:error] [pid 16928:tid 16928] [client 120.230.22.74:2205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|rankinpollination.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "rankinpollination.com"] [uri "/"] [unique_id "abW1dFNhzVFa16rWPuS4ngAAAAM"], referer: http://rankinpollination.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-08 04:05:59 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 23:05:50.753637 2026] [security2:error] [pid 22599:tid 22599] [client 120.230.22.74:24062] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|wadenelson.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "wadenelson.com"] [uri "/"] [unique_id "aYgLnutrXPO9OwPG-KYwDAAAAAI"], referer: http://wadenelson.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-07 20:21:33 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 15:21:28.992230 2026] [security2:error] [pid 16975:tid 16975] [client 120.230.22.74:23986] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.testrong.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.testrong.com"] [uri "/"] [unique_id "aYeeyCcmO2l7Uy0PLNhstAAAAAg"], referer: http://www.testrong.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-12-22 00:33:31 (6 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.22.74 2025-12-21 03 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.22.74 2025-12-21 03:39:25 /robots.txt show less	Web App Attack
🇺🇸 TPI-Abuse	2025-09-08 03:23:05 (9 months ago)	(mod_security) mod_security (id:210350) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 120.230.22.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 07 23:22:31.152974 2025] [security2:error] [pid 15661:tid 15661] [client 120.230.22.74:36590] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.renju.net\|F\|4"] [data "close, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.renju.net"] [uri "/tournament/2065/game/93260"] [unique_id "aL5L98PaJdk-rOF1yTpDXAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-07-22 00:19:05 (11 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.22.74 2025-07-21 16 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.22.74 2025-07-21 16:31:27 /robots.txt show less	Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 213.66.196.11

🇲🇽 187.190.35.163

🇲🇾 183.171.49.152

🇳🇱 160.119.71.135

🇨🇳 117.172.221.133

🇺🇸 107.151.204.254

🇮🇳 103.171.39.147

🇻🇳 27.79.0.180

🇧🇪 198.235.24.231

🇷🇺 194.85.235.99

🇬🇧 191.96.110.39

🇨🇳 118.145.104.37

🇻🇳 118.71.186.33

🇷🇺 92.255.170.48

🇧🇬 79.124.62.126

🇩🇪 69.5.169.151

🇮🇩 43.243.142.42

🇦🇹 2.59.21.51

🇨🇳 240e:c2:1800:84::

🇬🇭 154.65.16.170