JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.239.27.167

120.239.27.167 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 5%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56040
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.239.27.167

Whois 120.239.27.167

IP Abuse Reports for 120.239.27.167:

This IP address has been reported a total of 12 times from 2 distinct sources. 120.239.27.167 was first reported on March 18th 2025, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-27 00:42:30 (2 hours ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 20:42:22.918040 2026] [security2:error] [pid 4421:tid 4421] [client 120.239.27.167:18047] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.moralportfolio.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.moralportfolio.com"] [uri "/"] [unique_id "aj8cbmRq10ssJqpky34IvwAAABM"], referer: http://www.moralportfolio.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 20:17:08 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 16:17:02.532930 2026] [security2:error] [pid 26290:tid 26290] [client 120.239.27.167:7399] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|cpking.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "cpking.com"] [uri "/403.shtml"] [unique_id "ajw7PifsmCr_APdJTgKYYQAAAAE"], referer: https://cpking.com/403.shtml show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 22:06:15 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 18:06:09.928162 2026] [security2:error] [pid 27166:tid 27178] [client 120.239.27.167:7287] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.jd-web-designs.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jd-web-designs.com"] [uri "/"] [unique_id "ajhgUVAHEt-HEa_huFBg1wAAAUg"], referer: http://www.jd-web-designs.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-06 19:03:46 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 15:03:42.108071 2026] [security2:error] [pid 913674:tid 913674] [client 120.239.27.167:5685] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|oldkentuckyhams.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "oldkentuckyhams.org"] [uri "/index.htm"] [unique_id "adQDjrffGIDwDsWwwVCI4gAAAAo"], referer: http://oldkentuckyhams.org/index.htm show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-02 02:11:08 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 21:11:02.351953 2026] [security2:error] [pid 9414:tid 9414] [client 120.239.27.167:8680] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|nccb.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "nccb.org"] [uri "/"] [unique_id "aaTxtk1fQ50IYvhCvNe-ZQAAAAo"], referer: http://nccb.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-28 01:14:58 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 20:14:51.271602 2026] [security2:error] [pid 9224:tid 9224] [client 120.239.27.167:20916] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|aupapierjaponais.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aupapierjaponais.com"] [uri "/index.php"] [unique_id "aaJBi6xEfhCVZpewH-i4DwAAABY"], referer: http://aupapierjaponais.com/index.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-20 23:15:23 (5 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 18:15:17.508982 2026] [security2:error] [pid 20205:tid 20205] [client 120.239.27.167:16929] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.damonmarks.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.damonmarks.com"] [uri "/index.html"] [unique_id "aXAMhfXxDpfwBUBSL4PwDAAAABA"], referer: https://www.damonmarks.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-12-23 01:33:43 (6 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.167 2025-12-22 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.167 2025-12-22 08:27:36 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-30 00:25:55 (10 months ago)	ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/120.239.27.167 2025-07-29 04 ... show more ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/120.239.27.167 2025-07-29 04:35:05 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-04-29 01:28:09 (1 year ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.167 2025-04-28 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.167 2025-04-28 01:08:10 /portal.html show less	Web App Attack
🇨🇳 ThreatBook.io	2025-03-20 01:57:41 (1 year ago)	ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/120.239.27.167 202 ... show more ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/120.239.27.167 2025-03-19 04:11:23 /config.json show less	Web App Attack
🇨🇳 ThreatBook.io	2025-03-18 02:16:45 (1 year ago)	ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/120.239.27.167 202 ... show more ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/120.239.27.167 2025-03-17 08:09:23 /config.json show less	Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 34.209.65.98

🇺🇸 2a03:2880:24ff:45::

🇭🇰 199.45.154.179

🇺🇸 184.168.20.180

🇧🇷 177.10.203.106

🇺🇸 172.86.114.38

🇺🇸 162.216.150.34

🇲🇾 160.187.211.96

🇨🇳 116.179.32.31

🇺🇸 91.230.168.21

🇳🇱 45.148.10.141

🇬🇧 2a06:4880:4000::63

🇺🇸 2a03:2880:24ff:44::

🇧🇷 205.210.31.217

🇺🇸 192.3.206.66

🇮🇩 180.252.207.77

🇳🇱 176.65.148.132

🇺🇸 147.185.132.151

🇺🇸 147.185.132.31

🇺🇸 109.105.209.12