JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.239.26.42

120.239.26.42 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 5%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56040
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.239.26.42

Whois 120.239.26.42

IP Abuse Reports for 120.239.26.42:

This IP address has been reported a total of 7 times from 3 distinct sources. 120.239.26.42 was first reported on February 20th 2022, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 02:06:13 (4 hours ago)	(mod_security) mod_security (id:210831) triggered by 120.239.26.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.239.26.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 22:06:04.614779 2026] [security2:error] [pid 23906:tid 23906] [client 120.239.26.42:6010] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.pizazzsalonandspa.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.pizazzsalonandspa.com"] [uri "/"] [unique_id "aitpjK_3Csj7NGMSpYkNLwAAABI"], referer: http://www.pizazzsalonandspa.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 20:50:15 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 120.239.26.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.239.26.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 16:50:08.036889 2026] [security2:error] [pid 27449:tid 27449] [client 120.239.26.42:16982] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.lasvegaskiss.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.lasvegaskiss.com"] [uri "/"] [unique_id "ahyfAIC5bjseBL2ivWIivgAAAAM"], referer: http://www.lasvegaskiss.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-07 03:06:47 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.26.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.239.26.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 23:06:42.585006 2026] [security2:error] [pid 1583091:tid 1583099] [client 120.239.26.42:12309] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.howiek.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.howiek.com"] [uri "/"] [unique_id "adR0wuCk_6juqgv3uzkPbwAAAAQ"], referer: https://www.howiek.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-26 20:26:19 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.26.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.239.26.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 15:26:15.087542 2026] [security2:error] [pid 2892668:tid 2892668] [client 120.239.26.42:7610] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.polarisled.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.polarisled.com"] [uri "/"] [unique_id "aXfN5y4eVNKqx63CnhcrJwAAAAI"], referer: http://www.polarisled.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-09-01 22:40:58 (9 months ago)	ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.239.26.42 2025- ... show more ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.239.26.42 2025-09-01 11:32:37 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-05-05 23:08:56 (1 year ago)	ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.239.26.42 2025- ... show more ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.239.26.42 2025-05-05 11:41:25 /config.json show less	Web App Attack
🇿🇦 IrisFlower	2022-02-20 08:06:07 (4 years ago)	Unauthorized connection attempt detected from IP address 120.239.26.42 to port 443 [J]	Port Scan Hacking

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.30

🇷🇺 185.58.206.203

🇺🇸 164.90.85.189

🇺🇸 162.216.149.32

🇺🇸 91.230.168.87

🇷🇺 85.15.179.210

🇹🇼 60.250.246.239

🇮🇩 2001:448a:9090:681b:2c08:c65e:70e5:457e

🇧🇪 198.235.24.172

🇧🇷 152.67.46.203

🇳🇱 152.42.141.12

🇺🇸 72.240.125.133

🇩🇪 69.5.169.145

🇩🇪 69.5.169.89

🇺🇸 8.229.224.64

🇳🇱 193.176.31.149

🇬🇧 188.240.59.41

🇺🇸 172.104.10.42

🇱🇹 81.30.98.144

🇮🇳 59.95.99.120