JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.166

180.153.236.166 was found in our database!

This IP was reported 145 times. Confidence of Abuse is 45%: ?

45%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.166

Whois 180.153.236.166

IP Abuse Reports for 180.153.236.166:

This IP address has been reported a total of 145 times from 19 distinct sources. 180.153.236.166 was first reported on September 24th 2025, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-11 07:52:04 (5 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 03:51:56.617880 2026] [security2:error] [pid 13674:tid 13674] [client 180.153.236.166:12599] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.1214productions.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.1214productions.com"] [uri "/"] [unique_id "aippHIpit-HIZoKaocSg5QAAAA4"], referer: http://www.1214productions.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 06:59:45 (5 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 02:59:41.473657 2026] [security2:error] [pid 28190:tid 28190] [client 180.153.236.166:59127] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|whomakestherules.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "whomakestherules.com"] [uri "/"] [unique_id "aipc3aFXIEVA3Tloq7pLdwAAAA4"], referer: http://whomakestherules.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 23:52:38 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 19:52:30.176532 2026] [security2:error] [pid 3709:tid 3731] [client 180.153.236.166:37019] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.jofdt.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jofdt.com"] [uri "/"] [unique_id "aidVvst2W1i7yycYO8JdfAAAAFQ"], referer: https://www.jofdt.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 07:28:38 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 03:28:34.515035 2026] [security2:error] [pid 16514:tid 16514] [client 180.153.236.166:37373] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.usaenquirer.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.usaenquirer.com"] [uri "/"] [unique_id "aiZvIjI5cP1R0TU9oWsZmAAAAAQ"], referer: https://www.usaenquirer.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 07:04:09 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 03:04:04.143878 2026] [security2:error] [pid 26620:tid 26620] [client 180.153.236.166:50817] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|invitationsprinted.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "invitationsprinted.com"] [uri "/"] [unique_id "aiZpZEEx2zEZUjqEPqqp7wAAACM"], referer: http://invitationsprinted.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-08 05:46:33 (3 days ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.166 (CN/ ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.166 (CN/China/-) show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-05 18:40:58 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 14:40:52.743666 2026] [security2:error] [pid 9082:tid 9082] [client 180.153.236.166:61101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.misomayo.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.misomayo.com"] [uri "/"] [unique_id "aiMYNP8FnhwJC6m69Nf0fQAAABs"], referer: https://www.misomayo.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-06-05 05:21:53 (6 days ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 180.153.236.166 (CN/China/-): 1 in t ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 180.153.236.166 (CN/China/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 07:52:43 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 03:52:36.329910 2026] [security2:error] [pid 28674:tid 28674] [client 180.153.236.166:17839] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.chrisbilder.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.chrisbilder.com"] [uri "/"] [unique_id "aiEuxKIBZfVAQG2U2sco9gAAAA0"], referer: https://www.chrisbilder.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 GabrielJST	2026-06-04 06:43:59 (1 week ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.166 (CN/ ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.166 (CN/China/-) show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-04 06:39:59 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 02:39:52.044090 2026] [security2:error] [pid 4413:tid 4413] [client 180.153.236.166:6941] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.sophcomp.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.sophcomp.com"] [uri "/"] [unique_id "aiEduEZ36x2ZZFi-Ft5QgwAAAAk"], referer: http://www.sophcomp.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 00:38:38 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 20:38:35.096495 2026] [security2:error] [pid 31626:tid 31626] [client 180.153.236.166:47311] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.trlservice.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.trlservice.com"] [uri "/robots.txt"] [unique_id "ahzUiwWYd9HW3buLkF_0IAAAAAQ"], referer: http://www.trlservice.com/robots.txt show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 19:26:17 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 15:26:12.379128 2026] [security2:error] [pid 15799:tid 15799] [client 180.153.236.166:38801] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.anbruskitchens.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.anbruskitchens.com"] [uri "/"] [unique_id "ahyLVJwuROdhw9GjsOOCNwAAABA"], referer: http://www.anbruskitchens.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 09:18:37 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 05:18:34.131234 2026] [security2:error] [pid 13934:tid 13934] [client 180.153.236.166:38625] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|caribeanvacationsturs.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "caribeanvacationsturs.com"] [uri "/"] [unique_id "ahv86iZLkg9uecfqo7iSqQAAABQ"], referer: http://caribeanvacationsturs.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 06:57:09 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 02:57:06.045450 2026] [security2:error] [pid 2076:tid 2076] [client 180.153.236.166:13425] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|customdesignsbybjp.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "customdesignsbybjp.com"] [uri "/"] [unique_id "ahvbwlD7QVQuyD4us5wyowAAAAw"], referer: https://customdesignsbybjp.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 145 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 207.182.143.9

🇩🇪 176.65.132.119

🇺🇸 165.154.235.9

🇺🇸 162.216.149.46

🇯🇵 156.227.232.198

🇺🇸 109.105.210.83

🇺🇸 66.132.186.254

🇭🇰 45.249.247.165

🇱🇹 45.227.254.170

🇷🇺 31.173.0.140

🇨🇳 27.18.187.239

🇧🇷 170.80.37.155

🇮🇳 103.164.246.168

🇱🇹 81.30.98.44

🇲🇾 47.254.242.70

🇺🇸 34.83.158.156

🇩🇪 202.71.141.170

🇲🇽 201.161.46.131

🇮🇶 185.166.25.150

🇹🇼 104.199.255.54