JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.149.126.8

180.149.126.8 was found in our database!

This IP was reported 817 times. Confidence of Abuse is 95%: ?

95%

ISP	Shine LLC
Usage Type	Fixed Line ISP
ASN	AS45204
Domain Name	gemnet.mn
Country	🇲🇳 Mongolia
City	Ulan Bator, Ulaanbaatar

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.149.126.8

Whois 180.149.126.8

IP Abuse Reports for 180.149.126.8:

This IP address has been reported a total of 817 times from 202 distinct sources. 180.149.126.8 was first reported on December 2nd 2020, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇬 pa4080	2026-06-02 12:50:42 (3 days ago)	Detected by ModSecurity. Host header is an IP address, Request URI: /	Hacking Web App Attack
🇩🇪 pltcldvlpr	2026-06-02 12:46:23 (3 days ago)	Bogus Useragent: 180.149.126.8 - - [02/Jun/2026:14:46:22 +0200] "GET / HTTP/1.1" 200 191714 "-" "Moz ... show more Bogus Useragent: 180.149.126.8 - - [02/Jun/2026:14:46:22 +0200] "GET / HTTP/1.1" 200 191714 "-" "Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36" asn=45204 org="Gemnet" country=MN ... show less	Bad Web Bot
🇫🇷 zulzeen	2026-06-02 09:15:10 (4 days ago)	[incypit-web] Blocked by SysWarden Firewall [BLOCK] (Web Attack)	Hacking Web App Attack
Anonymous	2026-06-01 23:01:51 (4 days ago)	Honeypot hit: HTTP/1.1 request on 2103 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) A ... show more Honeypot hit: HTTP/1.1 request on 2103 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 Accept: / Accept-Encoding: gzip; 2103 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Hacking Bad Web Bot
🇪🇸 librebit	2026-05-23 05:49:16 (2 weeks ago)	Brute force	Brute-Force
🇺🇸 Rip	2026-05-22 22:50:13 (2 weeks ago)	Automated recon attempt targeting restricted and sensitive paths.	Web App Attack
🇧🇬 Stoyko Stoykov	2026-05-22 22:49:11 (2 weeks ago)	180.149.126.8 - - [23/May/2026:01:49:10 +0300] "GET /stalker_portal/server/tools/auth_simple.php HTT ... show more 180.149.126.8 - - [23/May/2026:01:49:10 +0300] "GET /stalker_portal/server/tools/auth_simple.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36" ... show less	Hacking Web App Attack
🇬🇧 PeravixGroup	2026-05-22 06:24:08 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 donarev419	2026-05-22 02:04:56 (2 weeks ago)	Connection to port 17000 with data transfer. Data preview: GET / HTTP/1.1 Host: 198.23.188.201:1700 ... show more Connection to port 17000 with data transfer. Data preview: GET / HTTP/1.1 Host: 198.23.188.201:17000 User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) App show less	Port Scan Hacking
🇲🇹 neilcaruana	2026-05-22 02:03:05 (2 weeks ago)	Sentinel detected an attack on port [17000]	Hacking
🇺🇸 jfz-abuse	2026-05-16 23:27:51 (2 weeks ago)	fail2ban: apache-php-recon ...	Web App Attack
🇺🇸 walnuts	2026-05-16 23:27:43 (2 weeks ago)	Automated: Triggered nginx security jail (nginx-444) - probing blocked paths on web server	Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-05-16 23:26:00 (2 weeks ago)	ThreatBook Intelligence: Zombie,IDC more details on https://threatbook.io/ip/180.149.126.8 2026-05-1 ... show more ThreatBook Intelligence: Zombie,IDC more details on https://threatbook.io/ip/180.149.126.8 2026-05-16 13:09:26 / show less	Web App Attack
🇩🇪 dispaisyenterprises	2026-05-16 07:35:35 (3 weeks ago)	Honeypot [fra-de-honeypot]: HTTP/1.1 request on 8625 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; ... show more Honeypot [fra-de-honeypot]: HTTP/1.1 request on 8625 GET / User-Agent: Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 Accept: / Accept-Encoding: gzip; 8625 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Hacking Bad Web Bot
🇦🇺 trentwiles.com	2026-05-16 00:56:24 (3 weeks ago)	Unauthorized connection attempt detected from IP address 180.149.126.8 to port 8083 [SYD]	Port Scan

Showing 1 to 15 of 817 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇬 2620:171:66:f004:9999::245

🇩🇪 185.242.3.226

🇴🇲 161.8.80.21

🇧🇷 45.205.1.242

🇺🇸 38.141.62.160

🇩🇪 13.140.129.227

🇺🇸 2602:80d:1008::96

🇺🇸 198.147.26.226

🇺🇸 162.216.149.193

🇭🇰 152.32.226.205

🇱🇧 109.110.101.245

🇵🇰 39.34.147.137

🇩🇪 35.159.111.126

🇺🇸 20.12.240.178

🇫🇷 2a02:4780:27:2158:0:1231:cb51:1

🇺🇸 216.132.133.26

🇺🇸 165.154.206.204

🇬🇧 86.178.224.142

🇺🇸 216.180.246.187

🇦🇷 170.155.12.4