JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.239

180.153.236.239 was found in our database!

This IP was reported 170 times. Confidence of Abuse is 43%: ?

43%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.239

Whois 180.153.236.239

IP Abuse Reports for 180.153.236.239:

This IP address has been reported a total of 170 times from 22 distinct sources. 180.153.236.239 was first reported on October 2nd 2025, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-21 06:45:08 (17 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 02:45:01.769985 2026] [security2:error] [pid 1548:tid 1548] [client 180.153.236.239:60575] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.aroilcontrolsystem.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.aroilcontrolsystem.com"] [uri "/"] [unique_id "ajeIbWsd1xqJwxkj7ORPgwAAAAs"], referer: http://www.aroilcontrolsystem.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 18:49:16 (3 days ago)	Blocked by ModSec and CSF	Port Scan
🇮🇩 sockominfo	2026-06-18 09:00:53 (3 days ago)	Webshell discovery success (Response: 200). Threat Score: 8.7/10 (CRITICAL). Confidence: 70%. CVSS v ... show more Webshell discovery success (Response: 200). Threat Score: 8.7/10 (CRITICAL). Confidence: 70%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 87%. MITRE ATT&CK: T1566 (Phishing). Tactic: TA0001. Freshness: Fresh. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇮🇩 sockominfo	2026-06-18 08:01:00 (3 days ago)	Webshell discovery success (Response: 200). Threat Score: 8.8/10 (CRITICAL). Confidence: 70%. CVSS v ... show more Webshell discovery success (Response: 200). Threat Score: 8.8/10 (CRITICAL). Confidence: 70%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 87%. MITRE ATT&CK: T1566 (Phishing). Tactic: TA0001. Freshness: Fresh. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇺🇸 TPI-Abuse	2026-06-18 07:07:33 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 03:07:26.515662 2026] [security2:error] [pid 12714:tid 12714] [client 180.153.236.239:44895] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|busengakko.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "busengakko.org"] [uri "/"] [unique_id "ajOZLiiP2ov1mBiz8769IgAAABw"], referer: https://busengakko.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 sockominfo	2026-06-18 07:00:09 (3 days ago)	Webshell discovery success (Response: 200). Threat Score: 8/10 (HIGH). Reported by TangerangKota-CSI ... show more Webshell discovery success (Response: 200). Threat Score: 8/10 (HIGH). Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇺🇸 TPI-Abuse	2026-06-18 06:48:42 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:48:37.635275 2026] [security2:error] [pid 26764:tid 26767] [client 180.153.236.239:30913] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.wpe.uk.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.wpe.uk.com"] [uri "/"] [unique_id "ajOUxRqoOQHsfFE0ewfiyAAAAIA"], referer: http://www.wpe.uk.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-18 05:42:29 (3 days ago)	[ThuJun1807:42:23.0682082026][security2:error][pid3733359:tid3733379][client180.153.236.239:0]ModSec ... show more [ThuJun1807:42:23.0682082026][security2:error][pid3733359:tid3733379][client180.153.236.239:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"feldenkraistherapy.ch\"][uri\"/\"][unique_id\"ajOFP-q5uAK765EE6zgJUAAAABE\"]\,referer:https://feldenkraistherapy.ch/ show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 21:17:01 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 17:16:53.525751 2026] [security2:error] [pid 22616:tid 22616] [client 180.153.236.239:1211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|megaandina.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "megaandina.com"] [uri "/index.html"] [unique_id "ai8aRUsoCnFDp-sRqw_T8gAAAAU"], referer: https://megaandina.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 09:52:13 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 05:52:07.839408 2026] [security2:error] [pid 1953:tid 1953] [client 180.153.236.239:46125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|comitedelafamille.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "comitedelafamille.org"] [uri "/"] [unique_id "ai55x4v0CabMOi3NanpuMQAAABA"], referer: https://comitedelafamille.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 08:58:06 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 04:57:57.833928 2026] [security2:error] [pid 28149:tid 28149] [client 180.153.236.239:59063] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|essav.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "essav.net"] [uri "/"] [unique_id "ai5tFZfrrhpfExsMP31FVAAAABg"], referer: https://essav.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 07:14:54 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 03:14:48.800017 2026] [security2:error] [pid 24963:tid 24966] [client 180.153.236.239:9485] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|aaenroll.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aaenroll.com"] [uri "/"] [unique_id "ai5U6LYaEa8RDZfVd9YktQAAAYA"], referer: https://aaenroll.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 06:30:19 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 02:30:00.845956 2026] [security2:error] [pid 14440:tid 14440] [client 180.153.236.239:7557] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.anytimesign.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.anytimesign.com"] [uri "/"] [unique_id "ai5KaMtbZAeqPJYJYtEpIAAAAA4"], referer: https://www.anytimesign.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-06-14 05:46:35 (1 week ago)	[Sun Jun 14 15:46:34.697701 2026] [security2:error] [pid 877884] [client 180.153.236.239:34695] [cli ... show more [Sun Jun 14 15:46:34.697701 2026] [security2:error] [pid 877884] [client 180.153.236.239:34695] [client 180.153.236.239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rjryanpartners.com.au"] [uri "/"] [unique_id "ai5AOuXepu4yyQV7YYXFZgAAAAQ"], referer: https://rjryanpartners.com.au/ ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 09:25:21 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 05:25:15.866745 2026] [security2:error] [pid 9032:tid 9032] [client 180.153.236.239:12091] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.mathgen.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.mathgen.com"] [uri "/"] [unique_id "aivQew2Tisq21P4X79UoLQAAAAE"], referer: https://www.mathgen.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 170 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.3.145.26

🇷🇴 141.98.83.240

🇺🇸 64.62.197.123

🇵🇭 45.114.132.70

🇵🇱 45.38.156.119

🇨🇳 222.85.212.227

🇺🇸 195.184.76.206

🇳🇱 192.253.248.67

🇸🇬 188.166.246.68

🇸🇪 170.62.100.234

🇺🇸 146.190.212.146

🇸🇬 142.91.102.186

🇺🇸 141.11.88.17

🇨🇳 139.170.72.250

🇩🇪 109.91.4.177

🇨🇳 106.12.6.79

🇬🇧 89.37.172.153

🇱🇹 81.30.98.158

🇺🇦 45.150.243.128

🇺🇸 44.96.67.201