JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.239.27.216

120.239.27.216 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 4%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56040
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.239.27.216

Whois 120.239.27.216

IP Abuse Reports for 120.239.27.216:

This IP address has been reported a total of 14 times from 4 distinct sources. 120.239.27.216 was first reported on May 26th 2021, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-24 23:46:32 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 19:46:25.091984 2026] [security2:error] [pid 15552:tid 15552] [client 120.239.27.216:6184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.nelsonroman.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.nelsonroman.com"] [uri "/"] [unique_id "ajxsUWnCNl87XIrUnOhOkwAAAAI"], referer: https://www.nelsonroman.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 19:43:17 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 15:43:10.606242 2026] [security2:error] [pid 15887:tid 15887] [client 120.239.27.216:20788] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|curryfirm.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "curryfirm.com"] [uri "/"] [unique_id "ajrhzq32bV_EufC_EtA5qAAAAA0"], referer: http://curryfirm.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 22:08:24 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 18:08:16.964514 2026] [security2:error] [pid 4943:tid 4943] [client 120.239.27.216:5830] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.36hoursonly.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.36hoursonly.com"] [uri "/"] [unique_id "ag4w0CIlfL7aC7AxT_8X3wAAABM"], referer: http://www.36hoursonly.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 18:48:42 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 14:48:36.299393 2026] [security2:error] [pid 25692:tid 25695] [client 120.239.27.216:20623] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|bakmail.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "bakmail.net"] [uri "/"] [unique_id "agi8BGrJECF89Arlq9FTPgAAAME"], referer: http://bakmail.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 20:11:11 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:949110) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 16:11:06.794759 2026] [security2:error] [pid 5414:tid 5414] [client 120.239.27.216:22440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sunstrongmetal.com"] [uri "/"] [unique_id "agTa2oBv4_p_xOyYmX7EMwAAAA0"], referer: http://www.sunstrongmetal.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 securejdprop	2026-04-16 18:51:32 (2 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(🐾 - 🚨 Suspicious 👀 ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(🐾 - 🚨 Suspicious 👀 SSL/TLS trafic on unusual SSL/TLS port). Ip 120.239.27.216 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-04-16 18:51:30.795881979 +0000 UTC show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-22 23:04:49 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 22 18:04:44.974144 2026] [security2:error] [pid 32574:tid 32574] [client 120.239.27.216:3514] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.sliconswamp.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.sliconswamp.com"] [uri "/"] [unique_id "aZuLjBboQiP-cCCFvqw5wAAAAA4"], referer: https://www.sliconswamp.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 20:58:17 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 15:58:12.410136 2026] [security2:error] [pid 12316:tid 12316] [client 120.239.27.216:19774] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.oakvillepiano.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.oakvillepiano.com"] [uri "/"] [unique_id "aZd5ZCEvBdNQYahBuAe3AwAAABE"], referer: http://www.oakvillepiano.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-08 23:29:32 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 08 18:29:27.126174 2026] [security2:error] [pid 3725670:tid 3725691] [client 120.239.27.216:12759] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.icecc.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.icecc.com"] [uri "/"] [unique_id "aYkcVyW4G2ZkXP5KCZ0uYgAAAVI"], referer: https://www.icecc.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-03 21:16:31 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 03 16:16:23.134759 2026] [security2:error] [pid 29453:tid 29471] [client 120.239.27.216:14970] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|writeonce.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "writeonce.org"] [uri "/"] [unique_id "aYJlpymgJUv0l8ePyuO__gAAAE4"], referer: http://writeonce.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-31 19:08:20 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 31 14:08:11.713085 2026] [security2:error] [pid 12115:tid 12115] [client 120.239.27.216:2360] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.buanamegah.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.buanamegah.com"] [uri "/"] [unique_id "aX5TG3DRdjGbhFRrRBrIcgAAABA"], referer: http://www.buanamegah.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-29 22:21:47 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 29 17:21:40.146586 2026] [security2:error] [pid 31785:tid 31785] [client 120.239.27.216:24698] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.carolmaalouf.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.carolmaalouf.com"] [uri "/"] [unique_id "aXvddK-jJcr0XfGbC_l6pgAAAAE"], referer: http://www.carolmaalouf.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 london2038.com	2024-11-10 15:04:30 (1 year ago)	Connection atttempts against closed TCP ports Nov 10 15:54:38 BLOCK SRC=120.239.27.216 LEN=52 TOS=0x ... show more Connection atttempts against closed TCP ports Nov 10 15:54:38 BLOCK SRC=120.239.27.216 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=6084 DF PROTO=TCP SPT=5461 DPT=34775 WINDOW=64240 RES=0x00 SYN Nov 10 15:58:00 BLOCK SRC=120.239.27.216 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=6092 DF PROTO=TCP SPT=12405 DPT=34775 WINDOW=64240 RES=0x00 SYN Nov 10 16:03:43 BLOCK SRC=120.239.27.216 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=11133 DF PROTO=TCP SPT=12584 DPT=34775 WINDOW=64240 RES=0x00 SYN show less	Port Scan
🇿🇦 IrisFlower	2021-05-26 11:46:26 (5 years ago)	Unauthorized connection attempt detected from IP address 120.239.27.216 to port 443 [J]	Port Scan Hacking

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 209.99.190.113

🇲🇰 188.44.20.32

🇳🇱 164.92.159.100

🇭🇰 101.36.109.176

🇺🇸 20.12.240.178

🇹🇭 223.205.176.68

🇳🇱 195.178.110.199

🇧🇷 189.127.109.198

🇺🇸 161.178.3.105

🇨🇳 125.77.73.145

🇺🇸 107.180.88.176

🇩🇪 46.249.98.62

🇭🇰 46.247.61.215

🇳🇱 45.153.34.158

🇲🇩 45.15.227.120

🇫🇷 37.44.238.68

🇧🇪 34.14.49.91

🇳🇱 176.65.132.149

🇿🇦 165.16.171.135

🇪🇸 158.158.43.25