JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.239.27.115

120.239.27.115 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 4%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56040
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.239.27.115

Whois 120.239.27.115

IP Abuse Reports for 120.239.27.115:

This IP address has been reported a total of 8 times from 4 distinct sources. 120.239.27.115 was first reported on August 31st 2025, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-16 20:37:13 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.115 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 16:37:04.883086 2026] [security2:error] [pid 23815:tid 23815] [client 120.239.27.115:9741] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|closedfortheseason.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "closedfortheseason.com"] [uri "/"] [unique_id "ajGz8FEAZUVT_7sZVNH7twAAAAw"], referer: http://closedfortheseason.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 18:55:21 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.115 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 14:55:14.987600 2026] [security2:error] [pid 28633:tid 28633] [client 120.239.27.115:22760] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.palmerattaway.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.palmerattaway.com"] [uri "/"] [unique_id "agdsEqF9_9LzDNJ6PvBa6AAAACA"], referer: http://www.palmerattaway.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 18:44:20 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.115 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 14:44:13.163908 2026] [security2:error] [pid 28592:tid 28592] [client 120.239.27.115:1787] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|intra.es\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "intra.es"] [uri "/"] [unique_id "ae5c_Q53BVgkwW-Jkq5WOAAAAAI"], referer: http://intra.es/ show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 EGP Abuse Dept	2026-04-16 09:57:15 (2 months ago)	Unauthorized connection to proxy port 8080	Port Scan Hacking
🇨🇳 ThreatBook.io	2026-04-05 00:54:08 (2 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.115 2026-04-04 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.115 2026-04-04 09:06:30 / show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-03 01:45:32 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.115 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 21:45:24.606342 2026] [security2:error] [pid 7444:tid 7444] [client 120.239.27.115:5775] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.airtechconsulting.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.airtechconsulting.com"] [uri "/"] [unique_id "ac8btKOLuaXR2GYiAGUzBAAAAAk"], referer: https://www.airtechconsulting.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-10-22 00:07:09 (8 months ago)	ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.239.27.115 2025 ... show more ThreatBook Intelligence: Zombie,Gateway more details on https://threatbook.io/ip/120.239.27.115 2025-10-21 02:31:58 / show less	Web App Attack
🇺🇸 kosada.com	2025-08-31 06:15:31 (9 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 180.102.110.161

🇩🇪 155.117.127.214

🇳🇱 89.21.67.164

🇺🇸 23.251.34.171

🇺🇸 20.64.104.142

🇩🇪 2003:ca:5f4d:47bf:dc90:6eb7:c245:2a0a

🇺🇸 216.218.206.117

🇺🇸 195.184.76.175

🇳🇱 185.132.176.56

🇲🇩 178.175.130.250

🇮🇩 163.7.9.55

🇭🇰 116.48.150.115

🇨🇳 112.86.146.178

🇸🇬 111.119.204.198

🇩🇪 69.5.169.164

🇱🇹 45.227.254.170

🇸🇪 45.84.107.17

🇺🇸 20.106.57.122

🇬🇧 194.50.235.150

🇳🇱 185.93.89.157