JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.40

180.153.236.40 was found in our database!

This IP was reported 185 times. Confidence of Abuse is 65%: ?

65%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.40

Whois 180.153.236.40

IP Abuse Reports for 180.153.236.40:

This IP address has been reported a total of 185 times from 26 distinct sources. 180.153.236.40 was first reported on October 2nd 2025, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-11 08:31:11 (9 hours ago)	Automated report (2026-06-11T04:31:11-04:00). Misbehaving bot detected.	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-11 07:37:03 (10 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 03:36:58.658588 2026] [security2:error] [pid 1858:tid 1858] [client 180.153.236.40:29721] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.closedfortheseason.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.closedfortheseason.com"] [uri "/"] [unique_id "aiplmgPfaFJzDZGJAF8qVAAAABI"], referer: http://www.closedfortheseason.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 07:14:54 (10 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 03:14:45.440956 2026] [security2:error] [pid 22320:tid 22320] [client 180.153.236.40:52201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.flatchestedmama.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.flatchestedmama.com"] [uri "/"] [unique_id "aipgZXPYiwuN8mYNHBGP_wAAABc"], referer: http://www.flatchestedmama.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-11 02:22:22 (15 hours ago)	[ThuJun1104:22:16.8324032026][security2:error][pid1067584:tid1068423][client180.153.236.40:0]ModSecu ... show more [ThuJun1104:22:16.8324032026][security2:error][pid1067584:tid1068423][client180.153.236.40:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.rs-solution.ch\"][uri\"/\"][unique_id\"aiob2AXqkVMycGgLgiTC9wAAANc\"]\,referer:https://www.rs-solution.ch/ show less	Hacking Web App Attack
🇳🇱 GabrielJST	2026-06-08 06:59:33 (3 days ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.40 (CN/C ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.40 (CN/China/-) show less	Bad Web Bot
🇦🇺 paulshipley.com.au	2026-06-08 06:36:18 (3 days ago)	[Mon Jun 08 16:36:17.292918 2026] [security2:error] [pid 82712] [client 180.153.236.40:20185] [clien ... show more [Mon Jun 08 16:36:17.292918 2026] [security2:error] [pid 82712] [client 180.153.236.40:20185] [client 180.153.236.40] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "levellapromotions.com.au"] [uri "/"] [unique_id "aiZi4cYwsTZkIVgi9MoYdQAAAAU"], referer: https://levellapromotions.com.au/ ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 06:26:19 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:26:13.373675 2026] [security2:error] [pid 6381:tid 6381] [client 180.153.236.40:44131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.divingmachines.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.divingmachines.com"] [uri "/"] [unique_id "aiZghaFdc42iuKFSXbrBjwAAAA0"], referer: http://www.divingmachines.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 05:33:35 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 01:33:32.156095 2026] [security2:error] [pid 5748:tid 5748] [client 180.153.236.40:60675] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|gapanda.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "gapanda.com"] [uri "/"] [unique_id "aiZULOKD33d-H_FKxBOgcgAAAA0"], referer: http://gapanda.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 06:25:14 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 02:25:05.471922 2026] [security2:error] [pid 12441:tid 12441] [client 180.153.236.40:32793] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.onlinesuretybonds.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.onlinesuretybonds.com"] [uri "/"] [unique_id "aiJrwVrpz7MCbu_RcUZlrwAAABE"], referer: https://www.onlinesuretybonds.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2026-06-05 00:06:54 (6 days ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇮🇩 hermawan	2026-06-04 13:55:58 (1 week ago)	1780581346.728266 180.153.236.40 103.166.156.58 16060_2-1-1-4-1-3_1460_7 2026-06-04 20:55:46 WIB ...	Email Spam Hacking
🇺🇸 TPI-Abuse	2026-06-04 09:18:01 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 05:17:55.765735 2026] [security2:error] [pid 16121:tid 16121] [client 180.153.236.40:8951] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|celebritybikinigossip.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "celebritybikinigossip.com"] [uri "/"] [unique_id "aiFCw66FZjPPQbeFO9tSlwAAAAU"], referer: http://celebritybikinigossip.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 07:33:08 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 03:33:05.668606 2026] [security2:error] [pid 12824:tid 12833] [client 180.153.236.40:3073] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.credit-card-cap.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.credit-card-cap.com"] [uri "/"] [unique_id "aiEqMYch5k5n0V-cBu0wLgAAAEY"], referer: https://www.credit-card-cap.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 06:06:33 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 02:06:25.811189 2026] [security2:error] [pid 20895:tid 20895] [client 180.153.236.40:20679] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.gdg1.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.gdg1.com"] [uri "/"] [unique_id "aiEV4QR2Waq1xSGSpZZoCgAAAAM"], referer: http://www.gdg1.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 05:38:37 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 01:38:33.733493 2026] [security2:error] [pid 10451:tid 10451] [client 180.153.236.40:3223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.vanessalends.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.vanessalends.com"] [uri "/"] [unique_id "aiEPWcqrWMw-XNDV0PgXGQAAAA4"], referer: http://www.vanessalends.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 185 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 144.217.74.127

🇺🇸 65.49.20.77

🇲🇽 187.191.48.6

🇺🇸 162.216.150.145

🇷🇴 92.118.39.62

🇳🇱 45.148.10.152

🇺🇸 208.87.242.185

🇧🇷 186.209.52.199

🇺🇸 172.172.23.205

🇫🇮 147.185.133.107

🇸🇬 118.26.111.107

🇬🇧 51.77.103.48

🇺🇸 142.248.80.174

🇮🇳 117.200.88.105

🇺🇸 108.178.7.34

🇺🇸 104.243.42.167

🇺🇸 103.153.183.126

🇭🇰 101.36.112.103

🇺🇸 38.107.226.227

🇬🇧 35.203.210.133