JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.230.23.231

120.230.23.231 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 20%: ?

20%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.230.23.231

Whois 120.230.23.231

IP Abuse Reports for 120.230.23.231:

This IP address has been reported a total of 15 times from 5 distinct sources. 120.230.23.231 was first reported on July 5th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-24 22:54:29 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 18:54:22.531491 2026] [security2:error] [pid 23979:tid 23979] [client 120.230.23.231:1465] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|tandm.us\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "tandm.us"] [uri "/"] [unique_id "ajxgHilO0cVb9eI4SxVrwAAAABk"], referer: http://tandm.us/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-19 19:49:33 (1 week ago)	[FriJun1921:49:24.7407102026][security2:error][pid466828:tid467042][client120.230.23.231:0]ModSecuri ... show more [FriJun1921:49:24.7407102026][security2:error][pid466828:tid467042][client120.230.23.231:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.executivekotech.com\"][uri\"/\"][unique_id\"ajWdRI8eUh_Yv0CWex_VwAAAAMA\"]\,referer:https://www.executivekotech.com/ show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 21:16:31 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:16:24.348481 2026] [security2:error] [pid 15800:tid 15809] [client 120.230.23.231:6769] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.evolutionaryethics.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.evolutionaryethics.com"] [uri "/"] [unique_id "ajRgKP-PmdGDcjZ6E9uVfgAAAMQ"], referer: http://www.evolutionaryethics.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 19:50:30 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 15:50:22.534453 2026] [security2:error] [pid 25427:tid 25427] [client 120.230.23.231:3246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.studioarts.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.studioarts.net"] [uri "/"] [unique_id "ai8F_iHFAiUNfqu-xs-eiQAAAAA"], referer: http://www.studioarts.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 03:33:21 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 23:33:16.319254 2026] [security2:error] [pid 1314:tid 1314] [client 120.230.23.231:3514] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|johnsoncityjudo.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "johnsoncityjudo.com"] [uri "/"] [unique_id "ait9_DpD30ppPEwOpJxeyAAAABA"], referer: http://johnsoncityjudo.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇿🇦 Tokolosh Hunters	2026-05-23 02:16:49 (1 month ago)	AutoBlockWindow-Known bad useragent query-2026-05-23 02:16:48	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-16 19:30:17 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 15:30:09.595214 2026] [security2:error] [pid 15032:tid 15032] [client 120.230.23.231:4043] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|freightmotivity.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "freightmotivity.com"] [uri "/"] [unique_id "agjFwQNi55RNIgrZonaZjgAAABA"], referer: http://freightmotivity.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-04-26 23:33:25 (2 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.231 2026-04-26 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.231 2026-04-26 16:21:13 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2026-04-02 23:54:04 (2 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.231 2026-04-02 2 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.231 2026-04-02 21:44:00 / show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 17:18:29 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 13:18:21.553642 2026] [security2:error] [pid 25107:tid 25107] [client 120.230.23.231:17349] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.med-engineering.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.med-engineering.com"] [uri "/"] [unique_id "ac6k3RY3Ygoe993hNuwUUgAAABg"], referer: http://www.med-engineering.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-25 00:39:32 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 24 19:39:23.787118 2026] [security2:error] [pid 22654:tid 22680] [client 120.230.23.231:21723] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.jedelectric.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jedelectric.com"] [uri "/index.html"] [unique_id "aZ5Eu3fR_m-N5M9RlLPX5AAAAVg"], referer: http://www.jedelectric.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-11-16 23:38:11 (7 months ago)	ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/120.230.23.231 202 ... show more ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/120.230.23.231 2025-11-16 02:03:31 / show less	Web App Attack
Anonymous	2025-07-31 16:40:35 (10 months ago)	Infected user bad webscan	Exploited Host
🇨🇳 ThreatBook.io	2025-07-07 00:26:50 (11 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.231 2025-07-06 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.231 2025-07-06 12:01:24 / show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-05 02:40:17 (11 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.231 2025-07-04 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.230.23.231 2025-07-04 06:10:22 /config.json show less	Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 150.107.36.236

🇮🇳 20.219.91.90

🇬🇧 195.96.139.86

🇬🇧 193.163.125.78

🇬🇧 185.247.137.108

🇬🇧 185.247.137.92

🇳🇱 176.65.139.130

🇻🇳 171.244.39.95

🇺🇸 162.216.150.127

🇭🇰 152.32.169.42

🇩🇪 139.19.117.130

🇨🇳 112.0.140.231

🇰🇷 110.14.190.217

🇺🇸 107.155.93.102

🇭🇰 103.155.122.183

🇨🇳 101.126.35.9

🇷🇺 95.24.77.134

🇫🇷 91.231.89.230

🇫🇷 91.196.152.213

🇳🇱 91.92.40.231