JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.84.12.52

120.84.12.52 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 23%: ?

23%

ISP	China Unicom Guangdong province network
Usage Type	Fixed Line ISP
ASN	AS17816
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Guangzhou, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.84.12.52

Whois 120.84.12.52

IP Abuse Reports for 120.84.12.52:

This IP address has been reported a total of 27 times from 13 distinct sources. 120.84.12.52 was first reported on August 3rd 2021, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-16 08:55:22 (2 hours ago)	(mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 04:55:17.196983 2026] [security2:error] [pid 17527:tid 17527] [client 120.84.12.52:17875] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.stationrestaurant.ca\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.stationrestaurant.ca"] [uri "/"] [unique_id "ajEPdWwGqu2HAxZG_p8wwwAAAA0"], referer: http://www.stationrestaurant.ca/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 09:50:48 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 05:50:43.167898 2026] [security2:error] [pid 10261:tid 10261] [client 120.84.12.52:45734] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|kinnen.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kinnen.org"] [uri "/"] [unique_id "aivWc6-PkE89O6k3mAKpoQAAAAU"], referer: http://kinnen.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 05:52:22 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 01:52:16.760790 2026] [security2:error] [pid 15308:tid 15308] [client 120.84.12.52:59559] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|freepatternstocrochet.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "freepatternstocrochet.com"] [uri "/"] [unique_id "aiuekDV9j05RSXNxtj2d9AAAABc"], referer: http://freepatternstocrochet.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 01:49:50 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 21:49:43.944782 2026] [security2:error] [pid 13444:tid 13461] [client 120.84.12.52:15768] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|soundstore.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "soundstore.com"] [uri "/"] [unique_id "aitlt4mG6egAyGhpQLgHWQAAAAo"], referer: http://soundstore.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 soverin	2026-06-05 15:22:56 (1 week ago)	spam	Email Spam
🇫🇷 Sklurk	2026-05-13 01:14:20 (1 month ago)	Web App Attack	Web App Attack
Anonymous	2026-05-01 11:52:05 (1 month ago)	Multiple connection attempts to UDP 8568	Port Scan
🇮🇩 David Koswari	2026-04-01 06:15:00 (2 months ago)	REQ_BLOCKED_ACL	DDoS Attack FTP Brute-Force Ping of Death Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇮🇹 VHosting	2026-03-15 02:23:51 (3 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
Anonymous	2026-02-12 10:13:31 (4 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇮🇹 VHosting	2026-02-10 12:25:12 (4 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇺🇸 TPI-Abuse	2026-01-31 20:57:54 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 120.84.12.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 31 15:57:48.004972 2026] [security2:error] [pid 6197:tid 6197] [client 120.84.12.52:7138] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.lunchtimers.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.lunchtimers.org"] [uri "/"] [unique_id "aX5szJhs5CkeS2CKLWVvXAAAAAg"], referer: http://www.lunchtimers.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 exxos	2025-10-12 15:03:01 (8 months ago)	HTTP1.x attacks	DDoS Attack
🇺🇸 kosada.com	2025-09-19 23:46:45 (8 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇺🇸 xmission.com	2025-08-16 06:09:40 (10 months ago)	Blocked by UFW (TCP on 10026) Source port: 5196 TTL: 104 Packet length: 52 TOS: 0x00 This report (f ... show more Blocked by UFW (TCP on 10026) Source port: 5196 TTL: 104 Packet length: 52 TOS: 0x00 This report (for 120.84.12.52) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.157.188.136

🇺🇸 184.105.139.67

🇺🇸 172.202.118.47

🇺🇸 162.216.149.54

🇲🇹 142.202.254.3

🇬🇷 31.152.39.229

🇻🇳 14.177.99.20

🇨🇳 14.103.121.146

🇪🇨 200.24.139.105

🇵🇰 192.140.148.165

🇳🇱 176.65.148.84

🇭🇰 165.154.6.224

🇰🇭 154.50.24.246

🇵🇭 139.135.192.155

🇺🇸 68.187.173.218

🇮🇳 47.11.107.111

🇳🇱 45.148.10.151

🇻🇳 14.191.34.209

🇺🇸 2600:1f1c:a8f:a802:d896:51b7:7ab9:77d8

🇨🇳 218.22.190.133