JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.106

180.153.236.106 was found in our database!

This IP was reported 183 times. Confidence of Abuse is 47%: ?

47%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.106

Whois 180.153.236.106

IP Abuse Reports for 180.153.236.106:

This IP address has been reported a total of 183 times from 21 distinct sources. 180.153.236.106 was first reported on October 20th 2025, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-28 13:09:40 (3 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 09:09:35.211279 2026] [security2:error] [pid 31970:tid 31970] [client 180.153.236.106:27963] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.thrudheim.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.thrudheim.org"] [uri "/"] [unique_id "akEdD-zMdDngFSR8HJVFXQAAAA4"], referer: http://www.thrudheim.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 10:59:13 (5 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 06:59:06.020108 2026] [security2:error] [pid 31800:tid 31800] [client 180.153.236.106:3531] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|blindshine.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "blindshine.com"] [uri "/"] [unique_id "akD-euJmbm5-lX7PjPE6YQAAAAA"], referer: https://blindshine.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 10:19:17 (6 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 06:19:13.206407 2026] [security2:error] [pid 31796:tid 31796] [client 180.153.236.106:2775] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|schonuniverse.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "schonuniverse.com"] [uri "/"] [unique_id "akD1IZaJ2HD39B_5vkjJ8gAAABA"], referer: https://schonuniverse.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 09:56:06 (6 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 05:56:01.049816 2026] [security2:error] [pid 25531:tid 25546] [client 180.153.236.106:32723] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.secdc.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.secdc.org"] [uri "/index.html"] [unique_id "akDvsRNqWpzk-41tp3ffuwAAAA0"], referer: http://www.secdc.org/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 06:53:29 (9 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 02:53:25.402562 2026] [security2:error] [pid 9666:tid 9666] [client 180.153.236.106:19313] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.pascoyardsale.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.pascoyardsale.com"] [uri "/"] [unique_id "akDE5d5Ut7ssMD7xP0SYdwAAAAY"], referer: https://www.pascoyardsale.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-06-28 05:59:23 (10 hours ago)	[Sun Jun 28 15:59:22.142972 2026] [security2:error] [pid 878416] [client 180.153.236.106:55621] [cli ... show more [Sun Jun 28 15:59:22.142972 2026] [security2:error] [pid 878416] [client 180.153.236.106:55621] [client 180.153.236.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "valueaddedpromotions.com.au"] [uri "/"] [unique_id "akC4Or1QlfPRM_zR6sKeQQAAAAs"], referer: https://valueaddedpromotions.com.au/ ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 22:10:26 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 18:10:19.477720 2026] [security2:error] [pid 24776:tid 24776] [client 180.153.236.106:12989] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.w0kem.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.w0kem.com"] [uri "/"] [unique_id "aj2nS3yXF6AMBGeqt34C9AAAABo"], referer: http://www.w0kem.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 06:25:17 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 02:25:08.943969 2026] [security2:error] [pid 20659:tid 20659] [client 180.153.236.106:47353] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.lasertherapyoc.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.lasertherapyoc.com"] [uri "/"] [unique_id "ajzJxNqGDHm0N1-wKTT88wAAAAk"], referer: https://www.lasertherapyoc.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-23 04:36:41 (5 days ago)	[TueJun2306:36:37.8938502026][security2:error][pid541650:tid541662][client180.153.236.106:0]ModSecur ... show more [TueJun2306:36:37.8938502026][security2:error][pid541650:tid541662][client180.153.236.106:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.motogiro.com\"][uri\"/\"][unique_id\"ajoNVSMY5DjqhKT4NE2LhgAAAQo\"]\,referer:https://www.motogiro.com/ show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 07:58:20 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 03:58:14.381019 2026] [security2:error] [pid 614:tid 614] [client 180.153.236.106:59029] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.powerbypage.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.powerbypage.com"] [uri "/"] [unique_id "ajeZlirVuooLeXXKVniktgAAAAM"], referer: http://www.powerbypage.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 1gz	2026-06-21 06:33:17 (1 week ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: CHALLENGE Protocol: HTTP/2 (GET met ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: CHALLENGE Protocol: HTTP/2 (GET method) Endpoint: /index.html UA: User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0; 360Spider This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-20 03:28:09 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 23:28:01.899331 2026] [security2:error] [pid 4043:tid 4043] [client 180.153.236.106:14671] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.jrbentley.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jrbentley.com"] [uri "/robots.txt"] [unique_id "ajYIwbrTPLxU1oRWffce4wAAAA8"], referer: https://www.jrbentley.com/robots.txt show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 09:05:14 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 05:05:05.679151 2026] [security2:error] [pid 20768:tid 20768] [client 180.153.236.106:31291] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.justicehoward.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.justicehoward.com"] [uri "/"] [unique_id "ajO0wcZN31zZvXwXZR4-dAAAAAE"], referer: https://www.justicehoward.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 07:15:46 (1 week ago)	Automatic report - Vulnerability scan /	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:06:24 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:06:17.611974 2026] [security2:error] [pid 14379:tid 14379] [client 180.153.236.106:61697] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.mirandaracewalks.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.mirandaracewalks.com"] [uri "/"] [unique_id "ajOK2U78WrN7xMrfASzOgQAAAAA"], referer: http://www.mirandaracewalks.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 183 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 177.11.188.131

🇧🇷 177.11.188.130

🇧🇷 177.11.188.13

🇸🇬 103.189.234.96

🇵🇰 39.44.23.86

🇧🇷 177.11.188.129

🇧🇷 177.11.188.127

🇦🇺 173.234.106.21

🇲🇾 121.122.119.170

🇳🇱 45.153.34.165

🇫🇷 2620:171:eb:f0::250

🇸🇬 209.58.160.54

🇧🇷 201.76.120.30

🇭🇰 199.45.154.148

🇳🇱 195.178.110.30

🇩🇪 193.124.20.254

🇧🇷 177.11.188.125

🇭🇰 104.208.65.18

🇧🇬 91.191.209.118

🇫🇷 51.77.202.42