JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 39.154.11.42

39.154.11.42 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 11%: ?

11%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Hohhot, Inner Mongolia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 39.154.11.42

Whois 39.154.11.42

IP Abuse Reports for 39.154.11.42:

This IP address has been reported a total of 19 times from 3 distinct sources. 39.154.11.42 was first reported on March 28th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 00:56:33 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 20:56:23.653852 2026] [security2:error] [pid 31983:tid 31983] [client 39.154.11.42:17736] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.orthopaedicsurgical.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.orthopaedicsurgical.com"] [uri "/"] [unique_id "aitZN1do_SZvsgI1EizXuAAAAAM"], referer: https://www.orthopaedicsurgical.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 16:50:11 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 12:49:59.672798 2026] [security2:error] [pid 20011:tid 20011] [client 39.154.11.42:13455] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|glolady.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "glolady.com"] [uri "/index.php"] [unique_id "aiRPt29bXQyGAw8C8ek4mgAAAAc"], referer: http://glolady.com/index.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 21:55:49 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 17:55:39.056817 2026] [security2:error] [pid 24751:tid 24781] [client 39.154.11.42:6893] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.kylight.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.kylight.com"] [uri "/"] [unique_id "aiH0WyM_cED6W9uorjwcSAAAANQ"], referer: http://www.kylight.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 19:06:32 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 15:06:21.235049 2026] [security2:error] [pid 17262:tid 17347] [client 39.154.11.42:16794] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|behaviorhealth.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "behaviorhealth.org"] [uri "/"] [unique_id "aiHMrdX_D89fXXaX7V9xFwAAAMQ"], referer: http://behaviorhealth.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 19:44:44 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 15:44:33.991546 2026] [security2:error] [pid 29615:tid 29615] [client 39.154.11.42:11296] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.samuelpaley.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.samuelpaley.com"] [uri "/index.html"] [unique_id "ahSmof0D9AFkTb5yfgOLbQAAAAk"], referer: http://www.samuelpaley.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 22:03:19 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 18:03:10.764062 2026] [security2:error] [pid 32297:tid 32297] [client 39.154.11.42:23943] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.kokr.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.kokr.org"] [uri "/"] [unique_id "agzeHo9IZ_9sU3LChwEErAAAACs"], referer: http://www.kokr.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-05-15 23:41:07 (1 month ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.42 2026-05-1 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.42 2026-05-15 00:55:32 /sitemap.xml show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 19:04:52 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 15:04:43.131624 2026] [security2:error] [pid 13601:tid 13601] [client 39.154.11.42:23988] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.barryschiller.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.barryschiller.com"] [uri "/"] [unique_id "agYcy3HuKqs6RewrXRQ-HwAAABE"], referer: http://www.barryschiller.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-05-09 23:56:36 (1 month ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.42 2026-05-0 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.42 2026-05-09 06:19:37 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2026-05-07 23:59:50 (1 month ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.42 2026-05-0 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.42 2026-05-07 17:08:29 / show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-03 13:43:22 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 09:43:13.522581 2026] [security2:error] [pid 30914:tid 30943] [client 39.154.11.42:4430] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|abundancebible.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "abundancebible.com"] [uri "/403.shtml"] [unique_id "ac_D8T25DybXGl8Rg781fQAAAVU"], referer: https://abundancebible.com/403.shtml show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 17:49:50 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 13:49:38.878511 2026] [security2:error] [pid 12470:tid 12470] [client 39.154.11.42:4461] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.jan-wilson.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jan-wilson.com"] [uri "/"] [unique_id "ac6sMr8cLC7amL21rUW5HgAAAAQ"], referer: http://www.jan-wilson.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-07-23 23:38:40 (10 months ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.11.42 2025-07- ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.11.42 2025-07-23 01:37:54 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-04 23:47:19 (11 months ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.11.42 2025-07- ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.11.42 2025-07-04 09:45:40 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-04 00:06:48 (11 months ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.11.42 2025-07- ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.11.42 2025-07-03 07:39:46 / show less	Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 200.26.188.219

🇧🇪 198.235.24.206

🇲🇴 182.93.7.194

🇫🇮 178.20.210.208

🇩🇴 152.166.145.205

🇮🇹 151.95.107.227

🇮🇹 95.229.5.248

🇺🇸 84.21.190.140

🇵🇱 31.182.220.15

🇮🇳 223.196.174.143

🇮🇩 180.243.177.224

🇺🇸 107.151.196.205

🇲🇦 105.158.19.173

🇰🇪 102.0.20.194

🇱🇻 81.30.98.44

🇷🇺 80.253.31.232

🇺🇸 52.20.198.190

🇧🇷 45.205.1.247

🇳🇱 45.148.10.151

🇺🇸 209.46.125.221