JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 139.198.120.27

139.198.120.27 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 0%: ?

ISP	Yunify Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS134366
Domain Name	yunify.com
Country	🇭🇰 Hong Kong
City	Tung Chung, Islands

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 139.198.120.27

Whois 139.198.120.27

IP Abuse Reports for 139.198.120.27:

This IP address has been reported a total of 51 times from 20 distinct sources. 139.198.120.27 was first reported on September 25th 2024, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Packets-Decreaser.NET	2024-10-31 21:45:17 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2024-10-26 19:37:29 (1 year ago)	xmlrpc attack blocked attempt from fail2ban ...	Web App Attack
🇺🇸 TPI-Abuse	2024-10-25 04:05:55 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 25 00:05:49.298420 2024] [security2:error] [pid 7376:tid 7479] [client 139.198.120.27:53081] [client 139.198.120.27] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.198.120.27 (+1 hits since last alert)\|www.rawhabitat.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.rawhabitat.com"] [uri "/xmlrpc.php"] [unique_id "ZxsZHR2WT1oUQ_x_cBeraQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2024-10-23 00:02:52 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2024-10-21 18:32:48 (1 year ago)	supergamecollector.com 139.198.120.27 [16/Oct/2024:10:27:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4 ... show more supergamecollector.com 139.198.120.27 [16/Oct/2024:10:27:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4355 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36" supergamecollector.com 139.198.120.27 [16/Oct/2024:10:27:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4355 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36" show less	Web App Attack
🇺🇸 TPI-Abuse	2024-10-20 03:47:18 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 19 23:47:11.803228 2024] [security2:error] [pid 30141:tid 30141] [client 139.198.120.27:61385] [client 139.198.120.27] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.198.120.27 (+1 hits since last alert)\|lightningbug.farm\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lightningbug.farm"] [uri "/xmlrpc.php"] [unique_id "ZxR9PywohfYf2ff7aANncwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-10-19 01:07:50 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 expandmade.com	2024-10-19 00:14:37 (1 year ago)	trolling for wp-login [19/Oct/2024:00:14:37 "GET /wp-login.php"]	Web App Attack
🇲🇹 Malta	2024-10-16 23:22:32 (1 year ago)	139.198.120.27 - - [17/Oct/2024:01:22:32 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ... show more 139.198.120.27 - - [17/Oct/2024:01:22:32 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" show less	Hacking Web App Attack
Anonymous	2024-10-16 08:27:15 (1 year ago)	supergamecollector.com 139.198.120.27 [16/Oct/2024:10:27:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4 ... show more supergamecollector.com 139.198.120.27 [16/Oct/2024:10:27:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4355 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36" supergamecollector.com 139.198.120.27 [16/Oct/2024:10:27:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4355 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36" show less	Web App Attack
🇺🇸 TPI-Abuse	2024-10-15 22:17:44 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 18:17:35.707778 2024] [security2:error] [pid 16035:tid 16035] [client 139.198.120.27:65370] [client 139.198.120.27] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.198.120.27 (+1 hits since last alert)\|persnicketyinc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "persnicketyinc.com"] [uri "/xmlrpc.php"] [unique_id "Zw7p_2XGuyeH4AwJ92v_egAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2024-10-15 06:08:02 (1 year ago)	Looking for CMS/PHP/SQL vulnerablilities - 13	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2024-10-15 01:36:18 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 14 21:36:11.046969 2024] [security2:error] [pid 29827:tid 29827] [client 139.198.120.27:52903] [client 139.198.120.27] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.198.120.27 (+1 hits since last alert)\|www.computerservicesofflorida.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.computerservicesofflorida.com"] [uri "/xmlrpc.php"] [unique_id "Zw3HC93co5bRGa6MHogAOgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 JimArchon72	2024-10-14 19:55:02 (1 year ago)	2024/10/14 19:51:17 "GET /wp-login.php HTTP/1.1"	Web App Attack
🇺🇸 TPI-Abuse	2024-10-14 06:42:38 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 139.198.120.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 14 02:42:30.822688 2024] [security2:error] [pid 26450:tid 26450] [client 139.198.120.27:50963] [client 139.198.120.27] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 139.198.120.27 (+1 hits since last alert)\|dgereviews.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dgereviews.com"] [uri "/xmlrpc.php"] [unique_id "Zwy9VnWmMyRTw04V2iblQwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.174.17.234

🇺🇸 147.185.132.225

🇻🇳 125.212.235.194

🇨🇳 125.39.179.192

🇨🇳 115.48.11.195

🇧🇩 103.129.238.248

🇱🇻 81.30.98.44

🇺🇸 65.49.1.152

🇱🇹 62.60.130.148

🇸🇪 51.107.188.234

🇯🇵 45.66.217.97

🇺🇸 3.228.8.3

🇺🇸 206.0.69.113

🇬🇧 147.148.205.252

🇨🇳 120.5.57.239

🇧🇬 91.191.209.118

🇩🇪 85.28.47.237

🇺🇸 17.253.31.195

🇭🇰 199.45.154.182

🇲🇾 175.137.132.201