JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.229

180.153.236.229 was found in our database!

This IP was reported 158 times. Confidence of Abuse is 41%: ?

41%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.229

Whois 180.153.236.229

IP Abuse Reports for 180.153.236.229:

This IP address has been reported a total of 158 times from 21 distinct sources. 180.153.236.229 was first reported on October 22nd 2025, and the most recent report was 44 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-21 06:52:17 (44 minutes ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 02:52:13.816109 2026] [security2:error] [pid 18613:tid 18613] [client 180.153.236.229:5487] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|antiradares.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "antiradares.net"] [uri "/"] [unique_id "ajeKHYrPvRZkS3I2mfVX1gAAAAg"], referer: http://antiradares.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 06:02:41 (1 hour ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 02:02:34.576365 2026] [security2:error] [pid 32640:tid 32640] [client 180.153.236.229:40327] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|steamboatrowena.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "steamboatrowena.com"] [uri "/"] [unique_id "ajd-ej4ZH41z4uLJ3iG3dwAAAAo"], referer: https://steamboatrowena.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 04:12:25 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 00:12:17.468061 2026] [security2:error] [pid 11905:tid 11917] [client 180.153.236.229:13151] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|mouawadarchitects.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "mouawadarchitects.com"] [uri "/"] [unique_id "ajTBoRKfk8k4nWI6tr3c2AAAAQo"], referer: http://mouawadarchitects.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 22:15:39 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 18:15:31.390364 2026] [security2:error] [pid 12474:tid 12474] [client 180.153.236.229:22745] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.aares2026.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.aares2026.net"] [uri "/index.html"] [unique_id "ajRuA10HsifXb1FPHdSaWQAAAAQ"], referer: https://www.aares2026.net/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 10:10:31 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 06:10:26.133030 2026] [security2:error] [pid 24056:tid 24056] [client 180.153.236.229:38335] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|iclog.us\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "iclog.us"] [uri "/"] [unique_id "ajPEEvjHiWCO9fJOew-udQAAAAg"], referer: http://iclog.us/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:53:52 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:53:48.350272 2026] [security2:error] [pid 15133:tid 15133] [client 180.153.236.229:56985] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|laecovillage.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "laecovillage.org"] [uri "/"] [unique_id "ajOV_KQ-VzU7gYbjlGmE0QAAABw"], referer: https://laecovillage.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:03:26 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:03:22.867951 2026] [security2:error] [pid 22302:tid 22302] [client 180.153.236.229:43549] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|pbhomesinc.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "pbhomesinc.net"] [uri "/"] [unique_id "ajOKKgrQUZYCQt-uyiQEnwAAAAE"], referer: http://pbhomesinc.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 poundawebsiteltd	2026-06-18 05:34:14 (3 days ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 180.153.236.229 - - [18/Jun/2026: ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 180.153.236.229 - - [18/Jun/2026:06:34:12 +0100] GET / HTTP/1.1 403 214 http://[REDACTED_DOMAIN]/ User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0; 360Spider show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 04:59:20 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 00:59:14.477389 2026] [security2:error] [pid 3978:tid 3978] [client 180.153.236.229:22331] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.tribwatch.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.tribwatch.com"] [uri "/index.htm"] [unique_id "ajN7IreQvdxCoJnnRiUJfgAAAAk"], referer: https://www.tribwatch.com/index.htm show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 sockominfo	2026-06-16 04:00:53 (5 days ago)	Suspicious user-agent accessing webshell. Threat Score: 8.7/10 (CRITICAL). Confidence: 70%. CVSS v3. ... show more Suspicious user-agent accessing webshell. Threat Score: 8.7/10 (CRITICAL). Confidence: 70%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 87%. MITRE ATT&CK: T1210 (Exploitation of Remote Services). Tactic: TA0001. Freshness: Moderate. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇮🇩 sockominfo	2026-06-16 03:00:57 (5 days ago)	Suspicious user-agent accessing webshell. Threat Score: 8.7/10 (CRITICAL). Confidence: 70%. CVSS v3. ... show more Suspicious user-agent accessing webshell. Threat Score: 8.7/10 (CRITICAL). Confidence: 70%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 87%. MITRE ATT&CK: T1210 (Exploitation of Remote Services). Tactic: TA0001. Freshness: Fresh. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇮🇩 sockominfo	2026-06-16 02:00:32 (5 days ago)	Reported by TangerangKota-CSIRT. Status: MALICIOUS	Hacking Email Spam
🇮🇩 sockominfo	2026-06-16 01:00:09 (5 days ago)	Suspicious user-agent accessing webshell. Threat Score: 8.4/10 (HIGH). Reported by TangerangKota-CSI ... show more Suspicious user-agent accessing webshell. Threat Score: 8.4/10 (HIGH). Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇺🇸 TPI-Abuse	2026-06-14 09:16:24 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 05:16:17.726419 2026] [security2:error] [pid 32130:tid 32130] [client 180.153.236.229:55541] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.3905ccn.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.3905ccn.org"] [uri "/"] [unique_id "ai5xYYrHA0PoloZaFuiUCgAAABQ"], referer: https://www.3905ccn.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 06:48:41 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 02:48:34.277808 2026] [security2:error] [pid 8839:tid 8839] [client 180.153.236.229:43001] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|soglove.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "soglove.com"] [uri "/"] [unique_id "ai5Owhl6W3jN6sBYISdClQAAABQ"], referer: http://soglove.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 158 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 172.217.43.145

🇺🇸 97.107.135.186

🇺🇸 2001:470:2cc:1::d2

🇦🇹 213.225.9.147

🇨🇳 180.153.236.70

🇳🇱 176.65.139.36

🇯🇵 160.251.197.41

🇷🇴 141.98.83.240

🇩🇪 103.252.90.129

🇧🇪 81.82.58.207

🇳🇱 195.178.110.30

🇸🇦 188.53.4.18

🇺🇸 142.93.49.81

🇸🇬 118.26.111.107

🇭🇺 84.225.42.129

🇳🇱 83.168.106.26

🇱🇹 81.30.98.62

🇷🇴 80.94.92.186

🇩🇪 185.176.94.38

🇺🇸 73.129.57.71