JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.230.23.157

120.230.23.157 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 2%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.230.23.157

Whois 120.230.23.157

IP Abuse Reports for 120.230.23.157:

This IP address has been reported a total of 14 times from 2 distinct sources. 120.230.23.157 was first reported on April 1st 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 00:23:46 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 20:23:42.310858 2026] [security2:error] [pid 9441:tid 9441] [client 120.230.23.157:2424] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|asbechiro.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "asbechiro.com"] [uri "/index.html"] [unique_id "aitRjjfI8v-hyjkhk2QZ5wAAAA8"], referer: http://asbechiro.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 19:18:34 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 15:18:28.212256 2026] [security2:error] [pid 32572:tid 32572] [client 120.230.23.157:22084] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.ibeautyexchange.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ibeautyexchange.com"] [uri "/"] [unique_id "aiHPhNDExLolbLIFnTcihAAAAA0"], referer: http://www.ibeautyexchange.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 18:49:52 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 14:49:46.610518 2026] [security2:error] [pid 3940:tid 3940] [client 120.230.23.157:5675] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.67ronin.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.67ronin.com"] [uri "/"] [unique_id "ahc8ykfihD6itXRYzF7-IwAAAAk"], referer: http://www.67ronin.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 10:50:36 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 06:50:27.380034 2026] [security2:error] [pid 23423:tid 23423] [client 120.230.23.157:2231] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|longleggedblonde.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "longleggedblonde.com"] [uri "/"] [unique_id "ahV689o6pFecmbmNkNksGAAAACA"], referer: http://longleggedblonde.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 19:28:33 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 15:28:27.070254 2026] [security2:error] [pid 20091:tid 20091] [client 120.230.23.157:15752] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.fastquizmaker.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.fastquizmaker.com"] [uri "/"] [unique_id "agTQ29GcAm0pJG7d-eIe6wAAABI"], referer: http://www.fastquizmaker.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-28 21:40:01 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 28 17:39:52.872552 2026] [security2:error] [pid 7405:tid 7410] [client 120.230.23.157:8106] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|venezuelaguia.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "venezuelaguia.com"] [uri "/"] [unique_id "achKqKTeK4cFhRhQoRPR2wAAAUM"], referer: https://venezuelaguia.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-25 10:23:57 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 05:23:49.551797 2026] [security2:error] [pid 7973:tid 7973] [client 120.230.23.157:12977] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|renjunews.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "renjunews.com"] [uri "/"] [unique_id "aZ7NtV31XYVwkXRf8BHQYAAAAAU"], referer: https://renjunews.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-02 18:55:54 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 02 13:55:49.979682 2026] [security2:error] [pid 11896:tid 11896] [client 120.230.23.157:2217] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.firstunitedreserve.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.firstunitedreserve.com"] [uri "/"] [unique_id "aYDzNfyd8vVAjSZfl9tu_gAAAA4"], referer: https://www.firstunitedreserve.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 20:18:32 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 15:18:25.932215 2026] [security2:error] [pid 19633:tid 19633] [client 120.230.23.157:4036] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|804websolutions.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "804websolutions.com"] [uri "/index.html"] [unique_id "aX-1EVWKIzvkT2Dsi1NQ4gAAABA"], referer: https://804websolutions.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-28 22:25:48 (5 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 28 17:25:43.739992 2026] [security2:error] [pid 189141:tid 189141] [client 120.230.23.157:2303] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.sanesoftware.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.sanesoftware.com"] [uri "/"] [unique_id "aXqM5905WqU6ekk5345MlwAAAA8"], referer: http://www.sanesoftware.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-11-27 04:03:21 (7 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.157 2025-11-26 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.157 2025-11-26 07:22:12 / show less	Web App Attack
🇨🇳 ThreatBook.io	2025-09-05 23:16:40 (9 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.157 2025-09-05 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.157 2025-09-05 05:22:02 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-02 23:15:20 (11 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.157 2025-07-02 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.157 2025-07-02 10:56:14 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-04-01 00:14:19 (1 year ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.230.23.157 2025-03 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.230.23.157 2025-03-31 22:52:23 /portal.html show less	Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2600:3c02::2000:12ff:fef6:6462

🇮🇳 2409:40e4:2a:de3:ec1a:295c:cd8c:8d9f

🇺🇸 205.210.31.30

🇺🇸 192.225.241.98

🇧🇷 177.72.195.114

🇺🇸 165.245.141.209

🇺🇸 165.245.133.219

🇸🇬 152.32.220.188

🇫🇮 147.185.133.131

🇫🇮 147.185.133.40

🇨🇴 129.222.203.222

🇨🇴 129.222.203.186

🇨🇳 125.69.130.117

🇹🇭 110.164.228.242

🇺🇸 64.62.197.203

🇮🇩 36.70.154.153

🇺🇸 24.144.113.209

🇺🇸 216.25.89.102

🇺🇸 205.210.31.42

🇳🇱 185.223.235.18