JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.230.64.48

120.230.64.48 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 5%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.230.64.48

Whois 120.230.64.48

IP Abuse Reports for 120.230.64.48:

This IP address has been reported a total of 6 times from 3 distinct sources. 120.230.64.48 was first reported on July 31st 2025, and the most recent report was 19 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-22 23:29:36 (19 hours ago)	(mod_security) mod_security (id:949110) triggered by 120.230.64.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:949110) triggered by 120.230.64.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 19:29:33.314617 2026] [security2:error] [pid 10347:tid 10347] [client 120.230.64.48:62820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "justinpenney.com"] [uri "/"] [unique_id "ajnFXUTwqRtoslrS2RerfAAAABE"], referer: https://justinpenney.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 14:53:44 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 120.230.64.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.64.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 10:53:38.735101 2026] [security2:error] [pid 811:tid 811] [client 120.230.64.48:62860] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.solasx.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.solasx.com"] [uri "/"] [unique_id "ajQGcqqTUJxagyI5gJ7HugAAAAc"], referer: http://www.solasx.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 22:14:27 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 120.230.64.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.64.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 18:14:22.993398 2026] [security2:error] [pid 3912:tid 3912] [client 120.230.64.48:62810] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.bb103.us\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.bb103.us"] [uri "/"] [unique_id "ajMcPrbKp8w_gvghXofjBgAAAAo"], referer: https://www.bb103.us/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-09 06:03:14 (2 months ago)	Port scan 8567	Port Scan
🇺🇸 TPI-Abuse	2025-09-20 21:35:25 (9 months ago)	(mod_security) mod_security (id:210350) triggered by 120.230.64.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 120.230.64.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 20 17:35:11.427874 2025] [security2:error] [pid 5403:tid 5403] [client 120.230.64.48:47224] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|renju.net\|F\|4"] [data "close, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "renju.net"] [uri "/media/games.php"] [unique_id "aM8eD3kTRnEmUcJXFpME3AAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-31 15:52:29 (10 months ago)	Infected user bad webscan	Exploited Host

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 172.233.26.186

🇺🇸 40.124.173.90

🇬🇧 5.226.140.52

🇫🇷 92.129.204.168

🇸🇬 84.75.155.88

🇫🇷 62.171.168.140

🇸🇬 43.160.249.98

🇨🇳 43.143.248.79

🇫🇷 15.237.61.33

🇰🇷 112.216.129.27

🇨🇳 106.115.80.203

🇺🇸 104.236.83.40

🇰🇷 58.229.180.107

🇨🇳 58.16.147.246

🇳🇱 45.148.10.147

🇺🇸 38.12.5.206

🇺🇸 216.25.89.69

🇧🇷 205.210.31.153

🇧🇪 198.235.24.225

🇨🇳 180.184.176.74