JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.239.10.140

120.239.10.140 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 4%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.239.10.140

Whois 120.239.10.140

IP Abuse Reports for 120.239.10.140:

This IP address has been reported a total of 13 times from 4 distinct sources. 120.239.10.140 was first reported on May 22nd 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-24 18:37:01 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 14:36:55.057810 2026] [security2:error] [pid 8864:tid 8864] [client 120.239.10.140:2040] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|frenchtowntogether.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "frenchtowntogether.org"] [uri "/"] [unique_id "ajwjxxNFvSpk-utV0E9DYgAAABo"], referer: http://frenchtowntogether.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 08:05:46 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 04:05:40.720508 2026] [security2:error] [pid 29114:tid 29114] [client 120.239.10.140:5157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.legacy-insight.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.legacy-insight.com"] [uri "/"] [unique_id "ajo-VPtScV85BMhJvDZBpwAAAAU"], referer: https://www.legacy-insight.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 23:03:57 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 19:03:52.729407 2026] [security2:error] [pid 12651:tid 12651] [client 120.239.10.140:5366] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|itre.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "itre.org"] [uri "/index.html"] [unique_id "ajm_WKVWOLELFKGoKoa0tgAAACE"], referer: http://itre.org/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 22:20:12 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 18:20:07.611526 2026] [security2:error] [pid 15645:tid 15645] [client 120.239.10.140:3622] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.kayelynn.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.kayelynn.com"] [uri "/"] [unique_id "agT5F6yR5FtAvumTGKDhxAAAAB8"], referer: http://www.kayelynn.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-07 07:48:41 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 07 03:48:36.295419 2026] [security2:error] [pid 853103:tid 853103] [client 120.239.10.140:9807] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|sabri.es\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "sabri.es"] [uri "/"] [unique_id "adS21K_55vu2-LdnSteY3wAAAAg"], referer: http://sabri.es/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-21 19:13:39 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 21 15:13:31.688594 2026] [security2:error] [pid 30056:tid 30087] [client 120.239.10.140:19833] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.vivierae.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.vivierae.com"] [uri "/"] [unique_id "ab7t2xpFnnIeucX7BItPIAAAAFM"], referer: http://www.vivierae.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 01:20:54 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 21:20:50.132210 2026] [security2:error] [pid 30097:tid 30097] [client 120.239.10.140:19911] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|disneylawsuit.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "disneylawsuit.com"] [uri "/"] [unique_id "abYJcsFbYcMappcaPqlYRQAAAAU"], referer: http://disneylawsuit.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-08 08:52:09 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 08 03:52:02.976743 2026] [security2:error] [pid 7524:tid 7524] [client 120.239.10.140:6542] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.ramabahama.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ramabahama.net"] [uri "/"] [unique_id "aYhOsgavx0V9_hYMGrDX3QAAAAE"], referer: https://www.ramabahama.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 exxos	2025-10-11 07:05:43 (8 months ago)	Attacks with Bad user agents	Hacking
🇺🇸 kosada.com	2025-09-21 03:03:03 (9 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-09-12 23:47:21 (9 months ago)	(mod_security) mod_security (id:210350) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 120.239.10.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 12 19:47:08.025715 2025] [security2:error] [pid 26938:tid 26938] [client 120.239.10.140:35859] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.renju.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.renju.net"] [uri "/tournament/36/game/2078/"] [unique_id "aMSw_NSovv004RHT-lsQ1AAAAAA"], referer: https://www.renju.net/tournament/36/game/2078 show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-09-05 23:10:05 (9 months ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.239.10.140 2025-09 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.239.10.140 2025-09-05 16:26:30 /favicon.ico 2025-09-05 05:45:59 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2025-05-22 23:03:22 (1 year ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.10.140 2025-05-22 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.10.140 2025-05-22 19:15:34 /config.json show less	Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇷 190.122.91.15

🇸🇬 165.22.251.27

🇺🇸 151.240.56.72

🇺🇸 95.164.156.191

🇺🇸 66.132.186.218

🇺🇸 45.92.229.196

🇳🇱 195.178.110.232

🇧🇷 138.255.230.4

🇰🇷 112.216.129.27

🇺🇸 94.131.64.131

🇺🇸 91.242.95.211

🇺🇸 91.242.95.145

🇺🇸 91.242.73.69

🇱🇹 62.60.130.219

🇨🇦 52.138.10.154

🇺🇸 20.169.49.16

🇻🇳 14.225.217.138

🇷🇴 193.46.255.86

🇮🇳 103.105.155.117

🇩🇪 92.246.90.149