JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.149.231.99

180.149.231.99 was found in our database!

This IP was reported 74 times. Confidence of Abuse is 0%: ?

ISP	Host Universal Pty Ltd Auckland Services
Usage Type	Data Center/Web Hosting/Transit
ASN	AS136557
Domain Name	ransomit.com.au
Country	🇳🇿 New Zealand
City	Auckland, Auckland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.149.231.99

Whois 180.149.231.99

IP Abuse Reports for 180.149.231.99:

This IP address has been reported a total of 74 times from 35 distinct sources. 180.149.231.99 was first reported on December 4th 2023, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 kosada.com	2026-05-12 05:32:46 (1 month ago)	Web vulnerability probing: /docker-compose.yml	Web App Attack
🇩🇪 FeG Deutschland	2026-04-09 12:32:44 (2 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇮🇩 hermawan	2026-04-07 02:44:54 (2 months ago)	1775529887.212782 180.149.231.99 103.166.156.58 65535_2-4-8-1-3_1286_6 2026-04-07 16:44:47 WIB ...	Email Spam Hacking
Anonymous	2026-02-25 21:45:07 (3 months ago)	HACK	Brute-Force
🇺🇸 TPI-Abuse	2026-02-25 19:40:52 (3 months ago)	(mod_security) mod_security (id:212620) triggered by 180.149.231.99 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212620) triggered by 180.149.231.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 14:40:46.332464 2026] [security2:error] [pid 10253:tid 10253] [client 180.149.231.99:55784] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|portalvasco.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /products/files/httphandlers/filehandler.ashx?action=thumb&fileid=<script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "portalvasco.com"] [uri "/Products/Files/HttpHandlers/filehandler.ashx"] [unique_id "aZ9QPmJAPtwZj3qp0uHkPwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 KIDOS	2026-02-25 19:01:25 (3 months ago)	malicious activity	Web App Attack
🇫🇷 Teufel100	2026-02-25 15:41:52 (3 months ago)	ModSecurity rejected a query'	Brute-Force Hacking Web App Attack
Anonymous	2026-02-25 15:36:17 (3 months ago)	sql injection	Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-09-26 04:00:59 (8 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇫🇷 geot	2025-07-20 15:53:14 (11 months ago)	GET /render/public/..%252f%255C<<removed>>.oast.live%252f%253F%252f..%252f.. HTTP/1.1 GET /public/.. ... show more GET /render/public/..%252f%255C<<removed>>.oast.live%252f%253F%252f..%252f.. HTTP/1.1 GET /public/..%2F%5coast.pro%2F%3f%2F..%2F.. HTTP/1.1 show less	Hacking Web App Attack
🇨🇭 backslash	2025-07-20 05:19:15 (11 months ago)		SQL Injection
🇪🇸 el-brujo	2025-07-19 23:19:02 (11 months ago)	Cloudflare WAF: Request Path: /ssl-vpn/getconfig.esp Request Query: ?client-type=1&protocol-version= ... show more Cloudflare WAF: Request Path: /ssl-vpn/getconfig.esp Request Query: ?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computer Host: www.elhacker.net userAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.35 Action: log Source: firewallManaged ASN Description: HOST-AS-AP Host Universal Pty Ltd Country: NZ Method: GET Timestamp: 2025-07-19T23:19:02Z ruleId: 9c8dda9708cc4452ac76e7be7b58420b. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇩🇪 FeG Deutschland	2025-07-19 22:43:53 (11 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-07-19 20:32:00 (11 months ago)	(mod_security) mod_security (id:211190) triggered by 180.149.231.99 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 180.149.231.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 19 16:31:56.726614 2025] [security2:error] [pid 26948:tid 26948] [client 180.149.231.99:61976] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|cmgpartners.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cmgpartners.com"] [uri "/"] [unique_id "aHwAvArf8nz91xVIN58alwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2025-05-28 06:13:35 (1 year ago)	Form spam	Web Spam

Showing 1 to 15 of 74 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 223.197.178.95

🇧🇷 205.210.31.171

🇨🇳 183.238.41.121

🇭🇰 103.116.75.51

🇨🇦 85.217.149.11

🇺🇸 45.156.129.82

🇺🇸 217.181.70.71

🇨🇳 175.0.64.53

🇮🇳 152.32.158.69

🇺🇸 147.185.132.195

🇸🇬 118.194.233.253

🇨🇳 110.249.201.80

🇺🇸 108.84.45.8

🇹🇼 101.13.5.195

🇫🇷 90.24.93.60

🇺🇸 66.132.195.77

🇮🇶 65.20.163.103

🇫🇷 2a02:c207:3018:3707::1

🇺🇸 217.181.67.191

🇺🇸 217.181.66.3