JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.239.28.157

120.239.28.157 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 13%: ?

13%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56040
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.239.28.157

Whois 120.239.28.157

IP Abuse Reports for 120.239.28.157:

This IP address has been reported a total of 10 times from 4 distinct sources. 120.239.28.157 was first reported on March 20th 2022, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 08:52:42 (20 hours ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 04:52:33.815688 2026] [security2:error] [pid 7200:tid 7200] [client 120.239.28.157:12025] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|rmjaero.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "rmjaero.com"] [uri "/index.html"] [unique_id "aivI0RJS6eO_EdDedd3XuwAAAAY"], referer: https://rmjaero.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 22:26:53 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 18:26:45.258648 2026] [security2:error] [pid 26223:tid 26223] [client 120.239.28.157:3658] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|guardmagic.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "guardmagic.com"] [uri "/"] [unique_id "ahy1pfnJ5qpAXszh1wkyNgAAAAQ"], referer: http://guardmagic.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-05-12 20:52:37 (1 month ago)	[TueMay1222:52:30.0585162026][security2:error][pid590359:tid590419][client120.239.28.157:0]ModSecuri ... show more [TueMay1222:52:30.0585162026][security2:error][pid590359:tid590419][client120.239.28.157:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:User-Agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.your-team.ch\"][uri\"/\"][unique_id\"agOTDqf6VUKFc7iR6ctLAwAAAAM\"]\,referer:http://www.your-team.ch/ show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 00:07:43 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 20:07:38.791565 2026] [security2:error] [pid 7225:tid 7225] [client 120.239.28.157:21118] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.giftofthemagic.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.giftofthemagic.com"] [uri "/"] [unique_id "ae1XSl6YftOSpod8V6clwgAAABc"], referer: http://www.giftofthemagic.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 22:15:42 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 17:15:35.534348 2026] [security2:error] [pid 2200:tid 2200] [client 120.239.28.157:7153] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|seishin-kan.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "seishin-kan.org"] [uri "/"] [unique_id "aZjdB8FptxEKMz62k3VdGAAAAAc"], referer: http://seishin-kan.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-20 19:27:02 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 14:26:57.980993 2026] [security2:error] [pid 4285:tid 4285] [client 120.239.28.157:17748] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.mmmetalizing.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.mmmetalizing.com"] [uri "/"] [unique_id "aW_XAZkvAWNFnDbANS9KsAAAADE"], referer: http://www.mmmetalizing.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-09-06 00:21:20 (9 months ago)	ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/120.239.28.157 2025-09-05 15 ... show more ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/120.239.28.157 2025-09-05 15:03:15 / show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-25 23:33:08 (10 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.157 2025-07-25 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.157 2025-07-25 14:27:06 /config.json show less	Web App Attack
🇨🇳 ThreatBook.io	2025-02-26 02:25:59 (1 year ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.157 2025-02-25 2 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.157 2025-02-25 20:37:52 /sitemap.xml show less	Web App Attack
🇿🇦 IrisFlower	2022-03-20 14:45:01 (4 years ago)	Unauthorized connection attempt detected from IP address 120.239.28.157 to port 443 [J]	Port Scan Hacking

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 50.82.251.235

🇱🇹 45.227.254.170

🇨🇳 27.16.236.194

🇸🇪 195.137.245.228

🇩🇪 185.171.98.160

🇨🇳 111.162.159.189

🇫🇷 85.217.140.10

🇵🇱 57.128.237.234

🇸🇬 47.79.206.127

🇳🇱 45.148.10.147

🇬🇧 35.203.210.58

🇺🇸 3.145.30.184

🇩🇪 213.209.159.56

🇬🇧 185.247.137.46

🇩🇪 165.227.159.13

🇮🇳 112.133.246.90

🇨🇳 111.228.58.144

🇮🇹 81.57.15.243

🇨🇳 60.166.82.137

🇰🇷 59.16.212.232