JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.239.28.194

120.239.28.194 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 4%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS56040
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.239.28.194

Whois 120.239.28.194

IP Abuse Reports for 120.239.28.194:

This IP address has been reported a total of 11 times from 2 distinct sources. 120.239.28.194 was first reported on July 29th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-13 06:55:57 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 02:55:51.738594 2026] [security2:error] [pid 30137:tid 30137] [client 120.239.28.194:30830] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|dakotagraphics.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "dakotagraphics.com"] [uri "/index.html"] [unique_id "aiz-94sjVg4F1Il0kFUBOgAAAAk"], referer: http://dakotagraphics.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 04:07:25 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 00:07:17.216413 2026] [security2:error] [pid 24905:tid 24905] [client 120.239.28.194:1589] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|drjaymissdiana.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "drjaymissdiana.com"] [uri "/403.shtml"] [unique_id "aizXdT_FMy0_5juz7fuvrQAAAAg"], referer: https://drjaymissdiana.com/403.shtml show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 20:43:57 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 16:43:50.420699 2026] [security2:error] [pid 21173:tid 21173] [client 120.239.28.194:8922] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|raystransmission.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "raystransmission.com"] [uri "/"] [unique_id "ageFhl8WB8coQ_6RY5rIKAAAAAg"], referer: http://raystransmission.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-04 21:45:13 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 04 17:45:07.092011 2026] [security2:error] [pid 1233:tid 1246] [client 120.239.28.194:3261] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|joeandlane.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "joeandlane.com"] [uri "/"] [unique_id "adGGY0HVMthDOo07TUfp-QAAAIU"], referer: https://joeandlane.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-22 23:57:43 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 19:57:36.922393 2026] [security2:error] [pid 4872:tid 4872] [client 120.239.28.194:2799] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.andrejblatnik.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.andrejblatnik.com"] [uri "/"] [unique_id "acCB8Mre7GSUna3e0JDnLgAAAAc"], referer: http://www.andrejblatnik.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-06 07:32:15 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.239.28.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 06 02:32:08.380739 2026] [security2:error] [pid 720:tid 720] [client 120.239.28.194:5839] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.loneoakhoney.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.loneoakhoney.com"] [uri "/"] [unique_id "aYWY-EIfn8grbTiCR0QFawAAAC4"], referer: http://www.loneoakhoney.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-11-22 00:53:33 (6 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-11-21 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-11-21 13:55:48 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-11-18 00:54:03 (6 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-11-17 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-11-17 08:28:50 / show less	Web App Attack
🇨🇳 ThreatBook.io	2025-11-17 00:50:35 (7 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-11-16 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-11-16 14:01:55 /config.json 2025-11-16 01:28:21 / show less	Web App Attack
🇨🇳 ThreatBook.io	2025-08-23 00:15:25 (9 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-08-22 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-08-22 11:50:35 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-29 00:01:31 (10 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-07-28 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.194 2025-07-28 04:40:52 /sitemap.xml show less	Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇹 213.22.39.38

🇮🇳 168.144.157.41

🇺🇸 154.83.197.82

🇺🇸 138.91.160.162

🇵🇰 125.62.90.176

🇩🇪 109.163.238.250

🇰🇷 106.240.29.98

🇺🇸 91.230.168.249

🇸🇬 43.134.36.238

🇧🇪 35.210.58.81

🇺🇸 2607:f8b0:4864:20::c68

🇦🇹 213.225.9.147

🇩🇪 156.236.31.85

🇩🇴 148.0.166.39

🇵🇰 139.135.40.249

🇨🇦 134.65.176.129

🇨🇳 106.56.73.17

🇿🇦 102.67.74.177

🇺🇸 91.230.168.133

🇳🇱 91.92.40.204