JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 39.154.22.20

39.154.22.20 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 12%: ?

12%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 39.154.22.20

Whois 39.154.22.20

IP Abuse Reports for 39.154.22.20:

This IP address has been reported a total of 9 times from 3 distinct sources. 39.154.22.20 was first reported on May 26th 2023, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 22:28:28 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 39.154.22.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.22.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 18:28:15.252500 2026] [security2:error] [pid 29006:tid 29006] [client 39.154.22.20:3847] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|adn-media.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "adn-media.net"] [uri "/"] [unique_id "ajMffybDAM_vyl8llxd05QAAABc"], referer: http://adn-media.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 23:03:20 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 39.154.22.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.22.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 19:03:09.301740 2026] [security2:error] [pid 2423:tid 2423] [client 39.154.22.20:1201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.mmldesign.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.mmldesign.com"] [uri "/"] [unique_id "agUDLaf1FSSi-I5wMSpetAAAAAQ"], referer: http://www.mmldesign.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-05-12 22:16:34 (1 month ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.22.20 2026-05-12 16: ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.22.20 2026-05-12 16:25:21 /config.json show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-23 23:02:20 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.22.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.22.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 18:02:07.819183 2026] [security2:error] [pid 6194:tid 6194] [client 39.154.22.20:13478] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.tomweston.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.tomweston.net"] [uri "/"] [unique_id "aZzcb2Ik1ed46DCmCPsWrgAAAAo"], referer: http://www.tomweston.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-22 21:49:04 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.22.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.22.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 22 16:48:53.249551 2026] [security2:error] [pid 19080:tid 19080] [client 39.154.22.20:2514] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|amtnm.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "amtnm.com"] [uri "/index.html"] [unique_id "aZt5xX04JTacusfZKZ4KYgAAABE"], referer: https://amtnm.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-11-24 22:16:56 (6 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.22.20 2025-11-24 20: ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.22.20 2025-11-24 20:45:18 /sitemap.xml show less	Web App Attack
🇿🇦 IrisFlower	2023-05-26 01:32:37 (3 years ago)	Unauthorized connection attempt detected from IP address 39.154.22.20 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-26 01:05:11 (3 years ago)	Unauthorized connection attempt detected from IP address 39.154.22.20 to port 443 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-26 00:54:37 (3 years ago)	Unauthorized connection attempt detected from IP address 39.154.22.20 to port 443 [J]	Port Scan Hacking

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 91.92.40.12

🇺🇦 79.143.45.75

🇳🇱 176.65.139.248

🇳🇱 172.71.182.103

🇺🇸 141.11.88.9

🇩🇪 47.245.138.244

🇳🇱 45.198.224.5

🇺🇸 45.33.42.25

🇰🇪 41.90.68.65

🇧🇪 198.235.24.165

🇩🇪 164.92.226.122

🇰🇷 118.43.196.193

🇨🇳 111.22.206.47

🇨🇳 47.96.146.252

🇳🇱 45.153.34.181

🇸🇬 43.173.176.202

🇧🇪 34.77.94.198

🇬🇧 31.94.31.135

🇻🇳 14.191.241.244

🇬🇷 185.109.19.192