JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.230

180.153.236.230 was found in our database!

This IP was reported 142 times. Confidence of Abuse is 44%: ?

44%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.230

Whois 180.153.236.230

IP Abuse Reports for 180.153.236.230:

This IP address has been reported a total of 142 times from 22 distinct sources. 180.153.236.230 was first reported on October 16th 2025, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 09:54:46 (1 hour ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 05:54:38.645976 2026] [security2:error] [pid 17799:tid 17799] [client 180.153.236.230:10587] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.compformation.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.compformation.com"] [uri "/"] [unique_id "aivXXslUTmkHD5pQC5spagAAAAE"], referer: http://www.compformation.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 hermawan	2026-06-11 21:59:45 (13 hours ago)	1781215175.645925 180.153.236.230 103.166.156.58 16060_2-1-1-4-1-3_1460_7 2026-06-12 04:59:35 WIB .. ... show more 1781215175.645925 180.153.236.230 103.166.156.58 16060_2-1-1-4-1-3_1460_7 2026-06-12 04:59:35 WIB ... show less	Email Spam Hacking
🇺🇸 TPI-Abuse	2026-06-11 21:27:42 (13 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 17:27:35.368943 2026] [security2:error] [pid 26983:tid 26983] [client 180.153.236.230:39753] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|renjunews.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "renjunews.com"] [uri "/"] [unique_id "aisoRzLvigSDW-AegkimWwAAAAQ"], referer: https://renjunews.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 08:11:15 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 04:11:11.928988 2026] [security2:error] [pid 21899:tid 21899] [client 180.153.236.230:62887] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|scotts.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "scotts.net"] [uri "/"] [unique_id "aiptn7Hw2BYs_nLdaT6QCgAAAAs"], referer: https://scotts.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 07:35:52 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 03:35:48.080764 2026] [security2:error] [pid 17938:tid 18045] [client 180.153.236.230:34203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.teanaunz.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.teanaunz.com"] [uri "/index.html"] [unique_id "aiplVNw-o_BYtBFwf9-GIQAAAI0"], referer: https://www.teanaunz.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-11 05:13:23 (1 day ago)	[ThuJun1107:13:18.4448632026][security2:error][pid1701631:tid1701646][client180.153.236.230:0]ModSec ... show more [ThuJun1107:13:18.4448632026][security2:error][pid1701631:tid1701646][client180.153.236.230:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.swisservers.com\"][uri\"/\"][unique_id\"aipD7sB_Evx84-uKnUVAVQAAAAY\"]\,referer:https://www.swisservers.com/ show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 09:38:06 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:38:02.241984 2026] [security2:error] [pid 22173:tid 22173] [client 180.153.236.230:58989] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.vadgossos.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.vadgossos.org"] [uri "/"] [unique_id "aiaNes8RmFjMMm2hwjZ8wAAAAAY"], referer: http://www.vadgossos.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 08:00:31 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:00:23.249829 2026] [security2:error] [pid 768:tid 768] [client 180.153.236.230:41075] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|mutiful.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "mutiful.com"] [uri "/"] [unique_id "aiZ2l5Fc7CpQznLGwKSNXgAAABU"], referer: http://mutiful.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 1gz	2026-06-06 05:41:12 (6 days ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: CHALLENGE Protocol: HTTP/2 (GET met ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: CHALLENGE Protocol: HTTP/2 (GET method) Endpoint: /index.html UA: User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0; 360Spider This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-04 05:49:47 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 01:49:39.396398 2026] [security2:error] [pid 5120:tid 5120] [client 180.153.236.230:26403] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|tcjohnston.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "tcjohnston.com"] [uri "/"] [unique_id "aiER8-8mClih3BMAmM7zBgAAAAI"], referer: https://tcjohnston.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 07:51:00 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 03:50:53.866213 2026] [security2:error] [pid 20695:tid 20695] [client 180.153.236.230:6541] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.thingstodonude.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.thingstodonude.com"] [uri "/"] [unique_id "ah_c3T1F7iRda3C6iWzO0QAAAAo"], referer: https://www.thingstodonude.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 02:19:07 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:19:00.021617 2026] [security2:error] [pid 31382:tid 31382] [client 180.153.236.230:15457] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|thevenicecafe.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "thevenicecafe.com"] [uri "/robots.txt"] [unique_id "ahzsFP2JCX36pny6dAr1OAAAABg"], referer: https://thevenicecafe.com/robots.txt show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2026-06-01 01:32:42 (1 week ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-31 07:57:41 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 03:57:36.331939 2026] [security2:error] [pid 14368:tid 14368] [client 180.153.236.230:53341] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.comsew.com.au\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.comsew.com.au"] [uri "/"] [unique_id "ahvp8JP29LGDOdpZoTZwmQAAAAM"], referer: https://www.comsew.com.au/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-05-31 06:22:44 (1 week ago)	[Sun May 31 16:22:43.180833 2026] [security2:error] [pid 929222] [client 180.153.236.230:55043] [cli ... show more [Sun May 31 16:22:43.180833 2026] [security2:error] [pid 929222] [client 180.153.236.230:55043] [client 180.153.236.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "paulshipley.id.au"] [uri "/"] [unique_id "ahvTsx8dZSnk_-_vYwBAaAAAABE"], referer: https://paulshipley.id.au/ ... show less	Web App Attack

Showing 1 to 15 of 142 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 157.48.88.27

🇨🇳 114.132.231.42

🇻🇳 103.118.28.17

🇱🇹 45.227.254.170

🇳🇱 45.148.10.156

🇬🇧 35.203.211.215

🇮🇪 34.251.176.191

🇺🇸 34.58.124.191

🇿🇦 15.240.113.64

🇩🇪 213.209.159.56

🇬🇧 209.97.183.43

🇮🇳 203.194.105.205

🇺🇸 195.184.76.180

🇩🇪 135.125.152.18

🇮🇳 117.203.104.74

🇨🇳 116.179.37.232

🇨🇦 104.207.60.246

🇫🇷 91.231.89.252

🇷🇺 45.132.18.40

🇬🇧 204.217.245.177