JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.149.126.4

180.149.126.4 was found in our database!

This IP was reported 867 times. Confidence of Abuse is 96%: ?

96%

ISP	Shine LLC
Usage Type	Fixed Line ISP
ASN	AS45204
Domain Name	gemnet.mn
Country	🇲🇳 Mongolia
City	Ulan Bator, Ulaanbaatar

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.149.126.4

Whois 180.149.126.4

IP Abuse Reports for 180.149.126.4:

This IP address has been reported a total of 867 times from 204 distinct sources. 180.149.126.4 was first reported on December 4th 2020, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 sefinek.net	2026-06-09 22:29:06 (3 days ago)	Honeypot hit: HTTP/1.1 request on 8880 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) A ... show more Honeypot hit: HTTP/1.1 request on 8880 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 Accept: / Accept-Encoding: gzip; 8880 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Hacking Bad Web Bot
🇯🇵 mkaraki	2026-06-09 22:28:42 (3 days ago)	1781044121 # Service_probe # SIGNATURE_SEND # source_ip:180.149.126.4 # dst_port:8880 ...	Port Scan
🇦🇺 LiftUp Hosting	2026-06-09 14:09:57 (3 days ago)	Honeypot hit: HTTP/1.1 request on 16010 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) ... show more Honeypot hit: HTTP/1.1 request on 16010 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 Accept: / Accept-Encoding: gzip; 16010 [1] TCP show less	Hacking Bad Web Bot
🇺🇸 conrad10781	2026-06-09 04:01:04 (4 days ago)	nginx-direct-ip	Port Scan
🇩🇪 banankicks	2026-06-09 01:22:49 (4 days ago)	Unauthorized connection attempt detected from IP address 180.149.126.4 to port 8080 (banankicks-serv ... show more Unauthorized connection attempt detected from IP address 180.149.126.4 to port 8080 (banankicks-server) [C] show less	Brute-Force Exploited Host
🇺🇸 aks4226	2026-06-09 01:12:20 (4 days ago)	Attacking common web applications. (n01)	Web App Attack
🇯🇵 mkaraki	2026-06-08 18:39:14 (4 days ago)	1780943953 # Service_probe # SIGNATURE_SEND # source_ip:180.149.126.4 # dst_port:8083 ...	Port Scan
🇵🇱 sefinek.net	2026-06-08 18:38:37 (4 days ago)	Honeypot hit: Unauthorized traffic (128 bytes of payload); 8083 [1] TCP Reported by: https://github. ... show more Honeypot hit: Unauthorized traffic (128 bytes of payload); 8083 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇳🇱 i-turnradio.nl	2026-06-08 17:15:38 (4 days ago)	2026-06-08 @ 19:15:37 (CET) ~ Blocked for trying to access: /stalker_portal/server/tools/auth_simple ... show more 2026-06-08 @ 19:15:37 (CET) ~ Blocked for trying to access: /stalker_portal/server/tools/auth_simple.php show less	Web App Attack
🇨🇦 lakered	2026-06-08 16:57:19 (4 days ago)	Detectors: [NGINX] \| Reasons: Automated scan targeting an unauthorized host or default server sinkho ... show more Detectors: [NGINX] \| Reasons: Automated scan targeting an unauthorized host or default server sinkhole \| Nginx: Default server trap hit \| Tech Evidence: Minimal-Browser-Profile, Lazy-Header-Accept, Anachronistic-OS (Windows XP), Fake-Chrome-Desktop (No-CH) \| UA: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 show less	Port Scan Bad Web Bot Exploited Host
🇬🇧 gurnip	2026-06-02 13:42:50 (1 week ago)	Vulnerability probe of page /stalker_portal/server/tools/auth_simple.php, not found on server.	Brute-Force Web App Attack
Anonymous	2026-06-02 06:57:29 (1 week ago)	Honeypot hit: HTTP/1.1 request on 8000 GET /c/ User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) ... show more Honeypot hit: HTTP/1.1 request on 8000 GET /c/ User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 Accept: / Accept-Encoding: gzip; 8000 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Hacking Bad Web Bot
Anonymous	2026-06-01 21:31:57 (1 week ago)	Honeypot hit: HTTP/1.1 request on 8626 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) A ... show more Honeypot hit: HTTP/1.1 request on 8626 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 Accept: / Accept-Encoding: gzip; 8626 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Hacking Bad Web Bot
🇩🇪 Justin F. \| AS204464	2026-06-01 13:59:11 (1 week ago)	Honeypot [nx-infrastructure]: HTTP/1.1 request on 8625 GET / User-Agent: Mozilla/5.0 (Windows NT 5. ... show more Honeypot [nx-infrastructure]: HTTP/1.1 request on 8625 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 Accept: / Accept-Encoding: gzip; 8625 [1] TCP Reported by: Justin F. show less	Hacking Bad Web Bot
🇦🇹 begou.dev	2026-05-22 06:26:54 (3 weeks ago)	[Threat Intelligence] Port Scanning and/or Unauthorized access -> TCP/8080	Port Scan

Showing 1 to 15 of 867 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a02:6ea0:c493:2003:f8a4:5f11:98a4:4ea5

🇪🇸 185.210.19.48

🇩🇪 167.94.146.52

🇺🇸 162.216.149.190

🇭🇰 150.5.141.198

🇰🇷 112.216.129.27

🇳🇱 37.139.8.32

🇮🇳 34.131.126.129

🇫🇮 34.88.135.181

🇰🇷 222.239.251.12

🇮🇳 202.71.25.10

🇷🇺 195.218.159.123

🇨🇴 190.60.242.28

🇺🇸 186.179.39.55

🇺🇸 186.179.14.124

🇺🇸 181.177.80.239

🇭🇰 172.253.6.17

🇺🇸 147.185.132.231

🇰🇷 115.91.48.142

🇫🇷 85.217.140.33