JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.84.12.41

120.84.12.41 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 5%: ?

ISP	China Unicom Guangdong province network
Usage Type	Fixed Line ISP
ASN	AS17816
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Guangzhou, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.84.12.41

Whois 120.84.12.41

IP Abuse Reports for 120.84.12.41:

This IP address has been reported a total of 21 times from 7 distinct sources. 120.84.12.41 was first reported on April 24th 2021, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 20:54:19 (2 hours ago)	(mod_security) mod_security (id:210831) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 16:54:11.421732 2026] [security2:error] [pid 18096:tid 18096] [client 120.84.12.41:41061] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.marianozaro.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.marianozaro.com"] [uri "/"] [unique_id "ajMJc4Xn_dspENADJHPPmQAAAAQ"], referer: http://www.marianozaro.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 21:59:36 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 17:59:27.747862 2026] [security2:error] [pid 26606:tid 26606] [client 120.84.12.41:46307] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.christinepeat.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.christinepeat.com"] [uri "/"] [unique_id "aiCjv4S4WDOJ1gcJUa4hqAAAABs"], referer: http://www.christinepeat.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 22:45:27 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 18:45:22.347302 2026] [security2:error] [pid 28661:tid 28661] [client 120.84.12.41:25466] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|rdj.us\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "rdj.us"] [uri "/"] [unique_id "ahN_gmjPAd4Rc9mCQYJYXQAAAAE"], referer: http://rdj.us/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-27 16:08:27 (2 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇮🇹 VHosting	2026-02-20 16:57:11 (3 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇺🇸 TPI-Abuse	2026-01-24 23:01:50 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 24 18:01:46.105904 2026] [security2:error] [pid 892:tid 892] [client 120.84.12.41:30600] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.wedemandavote.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.wedemandavote.com"] [uri "/"] [unique_id "aXVPWtQNpIqZNyAtSkk0oAAAABA"], referer: http://www.wedemandavote.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-21 20:20:34 (8 months ago)	(mod_security) mod_security (id:210350) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 21 16:20:29.487918 2025] [security2:error] [pid 31880:tid 31880] [client 120.84.12.41:32906] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.renju.net\|F\|4"] [data "close, keep-alive"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.renju.net"] [uri "/tournament/1777/game/67399/"] [unique_id "aNBeDWtWhIilDPK-UTn-ZgAAADM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-15 10:11:44 (9 months ago)	(mod_security) mod_security (id:210350) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 120.84.12.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 15 06:11:35.834795 2025] [security2:error] [pid 20756:tid 20756] [client 120.84.12.41:9585] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.renju.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.renju.net"] [uri "/game/121336/"] [unique_id "aMfmV7xvjbzo7Q49Qgh53wAAABA"], referer: https://www.renju.net/game/121336 show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-08-06 02:31:24 (10 months ago)	Infected user bad webscan	Exploited Host
Anonymous	2025-04-02 11:52:52 (1 year ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2023-07-24 17:08:17 (2 years ago)		Web Spam Email Spam Blog Spam Bad Web Bot Web App Attack
🇿🇦 IrisFlower	2023-05-12 22:19:11 (3 years ago)	Unauthorized connection attempt detected from IP address 120.84.12.41 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-12 22:11:33 (3 years ago)	Unauthorized connection attempt detected from IP address 120.84.12.41 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-12 22:05:15 (3 years ago)	Unauthorized connection attempt detected from IP address 120.84.12.41 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-12 21:59:34 (3 years ago)	Unauthorized connection attempt detected from IP address 120.84.12.41 to port 443 [J]	Port Scan Hacking

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.218

🇺🇸 191.102.174.130

🇮🇳 182.95.233.86

🇺🇸 172.214.209.153

🇰🇷 112.175.29.94

🇱🇹 81.30.98.158

🇵🇱 74.248.112.30

🇨🇳 27.153.157.138

🇬🇧 167.71.136.93

🇫🇷 64.204.13.251

🇨🇳 36.133.208.182

🇸🇬 34.126.128.245

🇧🇪 34.76.107.251

🇺🇸 34.58.169.33

🇺🇸 170.130.187.18

🇨🇳 47.98.173.211

🇺🇸 38.34.175.146

🇺🇸 216.25.89.114

🇲🇰 188.44.20.24

🇻🇳 171.244.37.97