JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.22

180.153.236.22 was found in our database!

This IP was reported 659 times. Confidence of Abuse is 47%: ?

47%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.22

Whois 180.153.236.22

IP Abuse Reports for 180.153.236.22:

This IP address has been reported a total of 659 times from 20 distinct sources. 180.153.236.22 was first reported on October 12th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-09 13:24:28 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 09:24:20.760695 2026] [security2:error] [pid 13704:tid 13704] [client 180.153.236.22:45924] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|celebritybikinigossip.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "celebritybikinigossip.com"] [uri "/"] [unique_id "aigUBL-UaL_onEc-NzKjBAAAAAA"], referer: http://celebritybikinigossip.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 08:48:57 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:48:50.407831 2026] [security2:error] [pid 8202:tid 8202] [client 180.153.236.22:22028] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|itre.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "itre.org"] [uri "/index.html"] [unique_id "aiaB8ll-A27_fFzIK5NMSQAAAAM"], referer: http://itre.org/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 06:34:35 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:34:27.717098 2026] [security2:error] [pid 10337:tid 10337] [client 180.153.236.22:36352] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|doublenaughtspycar.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "doublenaughtspycar.com"] [uri "/"] [unique_id "aiZic2sUQMCdjV9hGim0KgAAABg"], referer: http://doublenaughtspycar.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 06:12:07 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:12:00.459940 2026] [security2:error] [pid 1561:tid 1566] [client 180.153.236.22:14280] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.tsengkwongchi.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.tsengkwongchi.com"] [uri "/"] [unique_id "aiZdMJMbWN3CjNpeNcNuZQAAAMI"], referer: https://www.tsengkwongchi.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 05:44:24 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 01:44:18.736098 2026] [security2:error] [pid 822:tid 822] [client 180.153.236.22:9474] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.rankinpollination.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.rankinpollination.com"] [uri "/"] [unique_id "aiZWsr8UgJ-QHNTIBj8TpAAAAAI"], referer: http://www.rankinpollination.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 06:27:13 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 02:27:04.851774 2026] [security2:error] [pid 31030:tid 31030] [client 180.153.236.22:46872] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.register-yacht-uk.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.register-yacht-uk.com"] [uri "/"] [unique_id "aiO9uEkEgCt0DUViiX7SuwAAAAQ"], referer: https://www.register-yacht-uk.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 06:50:05 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 02:50:01.552949 2026] [security2:error] [pid 29522:tid 29522] [client 180.153.236.22:28144] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|thegreatleapforward.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "thegreatleapforward.com"] [uri "/"] [unique_id "ahflmWqHALNyGPaZPyfZ0wAAAAA"], referer: http://thegreatleapforward.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 05:59:49 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 01:59:41.523004 2026] [security2:error] [pid 30618:tid 30618] [client 180.153.236.22:44754] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|aares2025.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aares2025.net"] [uri "/index.html"] [unique_id "ahfZzY0STPn5SbMtLrw6bwAAAAw"], referer: http://aares2025.net/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 YF	2026-05-25 20:10:35 (2 weeks ago)	Attaque distribuée subnet	DDoS Attack Web App Attack
🇺🇸 pduggusa	2026-05-25 01:42:44 (2 weeks ago)	Detected attacking dugganusa.com at 2026-05-25T01:42:44.291Z \| Source: DugganUSA PreCog auto-block	Hacking
🇺🇸 pduggusa	2026-05-25 00:41:26 (2 weeks ago)	Detected attacking dugganusa.com at 2026-05-25T00:41:26.085Z \| Source: DugganUSA PreCog auto-block	Hacking
🇺🇸 TPI-Abuse	2026-05-24 05:57:01 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 01:56:56.134569 2026] [security2:error] [pid 14670:tid 14670] [client 180.153.236.22:31556] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|loisbanis.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "loisbanis.com"] [uri "/"] [unique_id "ahKTKB7m6eI5LJvzpVpCEwAAAAs"], referer: http://loisbanis.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-05-24 05:42:59 (2 weeks ago)	[SunMay2407:42:51.7926942026][security2:error][pid2019689:tid2019915][client180.153.236.22:0]ModSecu ... show more [SunMay2407:42:51.7926942026][security2:error][pid2019689:tid2019915][client180.153.236.22:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:User-Agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"efficienza-termica.com\"][uri\"/\"][unique_id\"ahKP230Y5Y6VGuNvYMdssQAAAMI\"]\,referer:http://efficienza-termica.com/ show less	Hacking Web App Attack
🇺🇸 pduggusa	2026-05-24 03:34:30 (2 weeks ago)	Detected attacking dugganusa.com at 2026-05-24T03:34:30.911Z \| Source: DugganUSA PreCog auto-block	Hacking
🇺🇸 pduggusa	2026-05-24 02:36:58 (2 weeks ago)	Detected attacking dugganusa.com at 2026-05-24T02:36:58.350Z \| Source: DugganUSA PreCog auto-block	Hacking

Showing 1 to 15 of 659 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇪 2a05:d018:10df:d400:9a8d:1b7:df51:26c3

🇺🇸 205.210.31.0

🇬🇧 193.163.125.112

🇺🇸 165.154.172.234

🇨🇦 159.203.45.159

🇮🇩 140.213.187.35

🇷🇴 92.118.39.236

🇫🇷 85.217.140.13

🇷🇴 80.94.92.169

🇺🇸 75.75.82.122

🇺🇸 68.129.251.97

🇧🇪 35.195.33.56

🇧🇷 34.151.250.98

🇧🇷 20.226.31.51

🇬🇧 188.122.37.97

🇷🇺 178.178.194.136

🇮🇩 160.187.174.22

🇳🇱 159.223.213.49

🇨🇳 124.72.32.125

🇺🇸 73.137.7.97