JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.239.27.243

120.239.27.243 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 5%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56040
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.239.27.243

Whois 120.239.27.243

IP Abuse Reports for 120.239.27.243:

This IP address has been reported a total of 13 times from 2 distinct sources. 120.239.27.243 was first reported on July 4th 2025, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-22 01:40:34 (10 hours ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 21:40:29.102669 2026] [security2:error] [pid 30690:tid 30690] [client 120.239.27.243:4412] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.robertseyewear.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.robertseyewear.com"] [uri "/"] [unique_id "ajiSjb9Gu_l3qEeb3_gpcAAAAAU"], referer: http://www.robertseyewear.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 19:45:10 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 15:45:02.222810 2026] [security2:error] [pid 22512:tid 22512] [client 120.239.27.243:23614] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.trafficstopper.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.trafficstopper.com"] [uri "/"] [unique_id "ajRKvquWKevCR8AKpykJBAAAAAg"], referer: http://www.trafficstopper.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 02:26:25 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 22:26:17.824974 2026] [security2:error] [pid 17009:tid 17009] [client 120.239.27.243:4601] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|e2home-ec.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "e2home-ec.com"] [uri "/"] [unique_id "ajC0SY1_6WRz_v6KfNUvkwAAABM"], referer: http://e2home-ec.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 20:52:04 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 16:51:59.910054 2026] [security2:error] [pid 5907:tid 5907] [client 120.239.27.243:23577] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.bonvivantorganics.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.bonvivantorganics.com"] [uri "/"] [unique_id "ai3C73bucKtAAfUW7FifMAAAAAk"], referer: http://www.bonvivantorganics.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 19:40:36 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 15:40:30.524921 2026] [security2:error] [pid 21971:tid 21971] [client 120.239.27.243:16727] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.toppress.ca\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.toppress.ca"] [uri "/"] [unique_id "agOCLuw1iHu5M2f_DHug4QAAAAw"], referer: http://www.toppress.ca/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-29 03:00:43 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 28 23:00:38.445806 2026] [security2:error] [pid 11972:tid 11972] [client 120.239.27.243:1219] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|spaceritual.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "spaceritual.net"] [uri "/"] [unique_id "aciV1nVmqCZzF-wL449uKQAAABA"], referer: http://spaceritual.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-28 21:07:37 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 28 17:07:32.545871 2026] [security2:error] [pid 24588:tid 24588] [client 120.239.27.243:1087] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|cbcconsult.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "cbcconsult.com"] [uri "/"] [unique_id "achDFFFQ5ifM2jQZcVxfOQAAACE"], referer: http://cbcconsult.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-21 00:56:09 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 20:56:01.502880 2026] [security2:error] [pid 26504:tid 26504] [client 120.239.27.243:32739] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|circleway.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "circleway.org"] [uri "/"] [unique_id "ab3sobL-7OkIk8ws7d0emwAAAAA"], referer: http://circleway.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 00:19:40 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 20:19:27.005306 2026] [security2:error] [pid 9479:tid 9479] [client 120.239.27.243:6209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|megaandina.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "megaandina.com"] [uri "/index.html"] [unique_id "abX7D0LK-f-3-3ptieciRgAAABE"], referer: https://megaandina.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-26 01:08:33 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 20:08:25.874085 2026] [security2:error] [pid 32648:tid 32648] [client 120.239.27.243:25203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|christianebooks.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "christianebooks.com"] [uri "/"] [unique_id "aZ-dCTE5w9iNBaIwNkDubQAAABA"], referer: http://christianebooks.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-23 02:00:13 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.27.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 22 21:00:09.015278 2026] [security2:error] [pid 11006:tid 11008] [client 120.239.27.243:22601] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|joeandlane.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "joeandlane.com"] [uri "/"] [unique_id "aZu0qSarD3hInvlC8uW1QQAAAAA"], referer: https://joeandlane.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-08-19 00:44:21 (10 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.243 2025-08-18 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.243 2025-08-18 05:30:10 /config.json 2025-08-18 09:11:13 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-04 01:17:38 (11 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.243 2025-07-03 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.27.243 2025-07-03 16:22:09 /robots.txt show less	Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 49.131.81.199

🇷🇴 2.57.121.25

🇷🇴 193.46.255.86

🇳🇱 176.65.139.92

🇨🇳 125.94.145.234

🇨🇳 111.225.148.146

🇳🇱 91.92.42.7

🇩🇪 84.55.4.82

🇺🇸 34.186.253.75

🇺🇸 148.153.121.146

🇷🇴 141.98.83.240

🇳🇿 122.59.152.97

🇨🇳 116.176.35.204

🇧🇩 103.81.104.44

🇨🇦 85.217.149.60

🇺🇸 47.189.182.17

🇮🇳 38.137.11.14

🇺🇸 20.9.92.37

🇰🇷 1.222.42.237

🇺🇸 104.243.35.120