JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.239.27.134

120.239.27.134 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 5%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56040
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.239.27.134

Whois 120.239.27.134

IP Abuse Reports for 120.239.27.134:

This IP address has been reported a total of 10 times from 2 distinct sources. 120.239.27.134 was first reported on June 5th 2025, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-14 21:04:28 (7 hours ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 17:04:25.384896 2026] [security2:error] [pid 8216:tid 8219] [client 120.239.27.134:11971] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.wassell.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.wassell.org"] [uri "/index.htm"] [unique_id "ai8XWdVEdbFuFRX5KpEHZwAAAYE"], referer: http://www.wassell.org/index.htm show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 18:13:26 (10 hours ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 14:13:18.799211 2026] [security2:error] [pid 3256:tid 3256] [client 120.239.27.134:11843] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|kalourislawfirm.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kalourislawfirm.com"] [uri "/"] [unique_id "ai7vPugodXYoM5V4ZzoP-AAAAAU"], referer: http://kalourislawfirm.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 19:21:15 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 15:21:09.697564 2026] [security2:error] [pid 23857:tid 23857] [client 120.239.27.134:4547] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|robslasercreations.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "robslasercreations.com"] [uri "/"] [unique_id "ae-3JWxUaxN1wqjSyhglmwAAABc"], referer: http://robslasercreations.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-24 22:29:18 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 18:29:11.038878 2026] [security2:error] [pid 16933:tid 16933] [client 120.239.27.134:9552] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.esad.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.esad.com"] [uri "/"] [unique_id "aevutyCKokv267qIB4kNcAAAAAk"], referer: http://www.esad.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-23 20:38:56 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 16:38:49.058675 2026] [security2:error] [pid 8195:tid 8195] [client 120.239.27.134:9547] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.naturev.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.naturev.net"] [uri "/"] [unique_id "aeqDWTkI9cVlTPA4cGTbHwAAABk"], referer: http://www.naturev.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-04 00:53:28 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 20:53:20.307800 2026] [security2:error] [pid 2341:tid 2341] [client 120.239.27.134:6953] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|line2.biz\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "line2.biz"] [uri "/index.html"] [unique_id "adBhACigoSDLDggaqKmIHQAAAAU"], referer: https://line2.biz/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-04 23:45:42 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 04 18:45:38.308983 2026] [security2:error] [pid 873:tid 873] [client 120.239.27.134:6151] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|addocc.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "addocc.com"] [uri "/"] [unique_id "aYPaIrkKtm69S-YMjucd1AAAABo"], referer: http://addocc.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-09-01 00:24:39 (9 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.134 2025-08-31 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.134 2025-08-31 01:32:13 /dfdfd show less	Web App Attack
🇨🇳 ThreatBook.io	2025-06-13 01:03:23 (1 year ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.239.27.134 2025-06 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.239.27.134 2025-06-12 09:41:54 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-06-05 00:36:55 (1 year ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.239.27.134 2025-06 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.239.27.134 2025-06-04 02:52:09 / show less	Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.87.169.47

🇧🇪 198.235.24.153

🇹🇼 198.235.24.116

🇺🇸 198.11.178.150

🇿🇦 196.192.181.202

🇬🇧 185.247.137.100

🇳🇱 185.242.226.126

🇨🇳 171.112.184.30

🇨🇳 123.156.179.142

🇨🇳 49.66.152.27

🇺🇸 38.43.93.185

🇵🇪 38.25.30.131

🇹🇼 35.229.174.193

🇧🇪 34.52.206.242

🇺🇸 4.150.201.26

🇺🇸 2607:f8b0:400e:c02::120

🇪🇹 196.188.37.244

🇬🇧 193.163.125.78

🇺🇸 192.169.197.123

🇺🇸 146.190.165.198