JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.120

180.153.236.120 was found in our database!

This IP was reported 208 times. Confidence of Abuse is 47%: ?

47%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.120

Whois 180.153.236.120

IP Abuse Reports for 180.153.236.120:

This IP address has been reported a total of 208 times from 25 distinct sources. 180.153.236.120 was first reported on September 23rd 2025, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 09:55:00 (5 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 05:54:52.624620 2026] [security2:error] [pid 4768:tid 4768] [client 180.153.236.120:20335] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.cw-enterprises.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.cw-enterprises.com"] [uri "/"] [unique_id "ajPAbCZvVZOYsJJxoegU8gAAAAM"], referer: http://www.cw-enterprises.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:35:07 (9 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:34:55.347715 2026] [security2:error] [pid 27019:tid 27019] [client 180.153.236.120:52287] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.4lazy.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.4lazy.com"] [uri "/index.php"] [unique_id "ajORj6lwqXgPvDGU6mIezQAAAAw"], referer: https://www.4lazy.com/index.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:02:32 (9 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:02:29.336183 2026] [security2:error] [pid 4797:tid 4797] [client 180.153.236.120:43169] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.criarteste.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.criarteste.com"] [uri "/403.shtml"] [unique_id "ajOJ9Ril8DS_5xOQmZBo-gAAAAc"], referer: http://www.criarteste.com/403.shtml show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 05:40:21 (10 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 01:40:16.467512 2026] [security2:error] [pid 6770:tid 6770] [client 180.153.236.120:55687] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|calvetparis.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "calvetparis.com"] [uri "/"] [unique_id "ajOEwE4CGGAlS6W0dESFDQAAAAc"], referer: http://calvetparis.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 Mediashaker	2026-06-17 18:54:58 (20 hours ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.120 (CN/ ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.120 (CN/China/-) show less	Bad Web Bot
Anonymous	2026-06-16 09:04:46 (2 days ago)	Automated report (2026-06-16T05:04:46-04:00). Misbehaving bot detected.	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-15 05:29:13 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 01:29:06.870089 2026] [security2:error] [pid 1701:tid 1701] [client 180.153.236.120:42989] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.hayrun.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.hayrun.com"] [uri "/"] [unique_id "ai-NolADNQuDh2sy82hbiwAAAAE"], referer: https://www.hayrun.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 09:36:10 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 05:36:02.733543 2026] [security2:error] [pid 15024:tid 15024] [client 180.153.236.120:40041] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|aes-nihil.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aes-nihil.com"] [uri "/"] [unique_id "ai52AkAJMu1YyH7RhREPugAAAAI"], referer: http://aes-nihil.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 07:31:19 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 03:31:15.242251 2026] [security2:error] [pid 891:tid 891] [client 180.153.236.120:62379] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|handyrehab.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "handyrehab.com"] [uri "/"] [unique_id "ai5Yw3OR9ZSpZERcRZExRAAAABU"], referer: https://handyrehab.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 11:00:09 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 07:00:01.660847 2026] [security2:error] [pid 10024:tid 10024] [client 180.153.236.120:63311] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.susanoneill.us\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.susanoneill.us"] [uri "/"] [unique_id "ai04MSd1Mjj0xSOdGLIhggAAAAg"], referer: https://www.susanoneill.us/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 07:30:42 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 03:30:34.436661 2026] [security2:error] [pid 15650:tid 15650] [client 180.153.236.120:50875] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.radionicships.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.radionicships.com"] [uri "/"] [unique_id "aipkGuO8WPtW1Y0CmQOCRgAAAAI"], referer: https://www.radionicships.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 06:46:44 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 02:46:39.625858 2026] [security2:error] [pid 14316:tid 14316] [client 180.153.236.120:3625] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.moonfest.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.moonfest.net"] [uri "/"] [unique_id "aipZz45IQo8uGNsbiCVKiAAAAAo"], referer: http://www.moonfest.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 06:19:55 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 02:19:49.547197 2026] [security2:error] [pid 30277:tid 30277] [client 180.153.236.120:48833] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.mailperform.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.mailperform.com"] [uri "/"] [unique_id "aipTheucloQWzkcLw2RWvwAAAAY"], referer: http://www.mailperform.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 05:40:21 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 01:40:16.466661 2026] [security2:error] [pid 24405:tid 24405] [client 180.153.236.120:64685] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|3dcounty.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "3dcounty.com"] [uri "/"] [unique_id "aipKQDqo6KT8sIvEnt7XAwAAAAA"], referer: https://3dcounty.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 06:35:40 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 02:35:32.551790 2026] [security2:error] [pid 14500:tid 14515] [client 180.153.236.120:61281] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.jofdt.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jofdt.com"] [uri "/"] [unique_id "aikFtKgrzD_ijVI3_Nw6MwAAAAw"], referer: https://www.jofdt.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 208 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇪 102.206.97.46

🇱🇹 81.30.98.144

🇨🇳 60.191.91.122

🇱🇹 45.227.254.170

🇳🇱 45.148.10.121

🇳🇱 2a06:a880:5:9383::1

🇺🇸 172.190.24.225

🇩🇪 159.89.1.53

🇨🇮 154.0.30.137

🇺🇸 147.185.132.229

🇨🇳 123.121.67.167

🇳🇱 92.112.125.5

🇳🇱 45.148.10.15

🇻🇳 27.77.138.70

🇭🇰 20.2.83.149

🇦🇹 159.100.25.241

🇫🇮 147.185.133.142

🇺🇸 147.185.132.125

🇺🇸 135.237.56.53

🇵🇰 103.134.0.250