JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.57

180.153.236.57 was found in our database!

This IP was reported 199 times. Confidence of Abuse is 49%: ?

49%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.57

Whois 180.153.236.57

IP Abuse Reports for 180.153.236.57:

This IP address has been reported a total of 199 times from 29 distinct sources. 180.153.236.57 was first reported on September 23rd 2025, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-28 14:36:27 (9 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 10:36:23.026080 2026] [security2:error] [pid 11541:tid 11541] [client 180.153.236.57:46753] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|cbmanufacturing.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "cbmanufacturing.com"] [uri "/index.htm"] [unique_id "akExZ6mC8THbCqnrDtDjFwAAAA4"], referer: http://cbmanufacturing.com/index.htm show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 12:03:39 (11 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 08:03:32.943930 2026] [security2:error] [pid 30274:tid 30274] [client 180.153.236.57:51941] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.heinsohn.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.heinsohn.com"] [uri "/"] [unique_id "akENlKvMXlcc6h7X8glSswAAAAk"], referer: http://www.heinsohn.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-28 07:41:55 (16 hours ago)	[SunJun2809:41:48.9500572026][security2:error][pid844858:tid845091][client180.153.236.57:0]ModSecuri ... show more [SunJun2809:41:48.9500572026][security2:error][pid844858:tid845091][client180.153.236.57:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"motogiro.com\"][uri\"/\"][unique_id\"akDQPM-C42USO3gsBR9IqgAAAMw\"]\,referer:https://motogiro.com/ show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 05:34:13 (18 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 01:34:07.448350 2026] [security2:error] [pid 12469:tid 12469] [client 180.153.236.57:1311] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|72blues.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "72blues.com"] [uri "/"] [unique_id "akCyT6R2NSrGjluOHonamAAAABk"], referer: http://72blues.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-26 19:19:37 (2 days ago)	Blocked by ModSec and CSF	Port Scan
🇺🇸 TPI-Abuse	2026-06-25 19:35:27 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 15:35:19.401227 2026] [security2:error] [pid 32239:tid 32239] [client 180.153.236.57:55361] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.player-care.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.player-care.com"] [uri "/"] [unique_id "aj2C9zs0w9pIVG7sRTauSwAAADU"], referer: https://www.player-care.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 06:38:59 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 02:38:52.161013 2026] [security2:error] [pid 8185:tid 8185] [client 180.153.236.57:3989] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.mathgen.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.mathgen.com"] [uri "/"] [unique_id "ajzM_PHZe4zwF9xuoCe3ogAAAAE"], referer: https://www.mathgen.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇬🇷 setupgr	2026-06-21 10:14:13 (1 week ago)	(mod_security) mod_security (id:100011) triggered by 180.153.236.57 (CN/China/Shanghai/Shanghai/-/[A ... show more (mod_security) mod_security (id:100011) triggered by 180.153.236.57 (CN/China/Shanghai/Shanghai/-/[AS4811 CHINANET-SHANGHAI-MAN China Telecom Group]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jun 21 13:14:09.279197 2026] [security2:error] [pid 554249:tid 554268] [remote 180.153.236.57:22493] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(www\\\\.)?ftiaxtomonosou\\\\.gr" at SERVER_NAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "54"] [id "100011"] [msg "CSF-TRIGGER: Country Block CN/SG for ftiaxtomonosou.gr"] [hostname "ftiaxtomonosou.gr"] [uri "/"] [unique_id "aje5ce6odY7VUE--6TFLewAAzhA"], referer: https://ftiaxtomonosou.gr/ show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-21 06:40:49 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 02:40:41.836083 2026] [security2:error] [pid 6225:tid 6225] [client 180.153.236.57:3017] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|joukoji.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "joukoji.com"] [uri "/"] [unique_id "ajeHacbpUGV3Rk6IFThJwwAAABI"], referer: http://joukoji.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 06:11:10 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 02:11:02.176707 2026] [security2:error] [pid 23080:tid 23080] [client 180.153.236.57:33177] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|artspacecleveland.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "artspacecleveland.org"] [uri "/"] [unique_id "ajeAdnfKAkJrmJogSbIufQAAABA"], referer: http://artspacecleveland.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 03:11:18 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 23:11:10.621989 2026] [security2:error] [pid 2342:tid 2342] [client 180.153.236.57:32375] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|kotelbarmitzvah.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kotelbarmitzvah.com"] [uri "/"] [unique_id "ajSzTvln2MtD9JlJqq7KuAAAAAQ"], referer: https://kotelbarmitzvah.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 07:49:40 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 03:49:33.700262 2026] [security2:error] [pid 14164:tid 14164] [client 180.153.236.57:19475] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.nvafc.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.nvafc.com"] [uri "/"] [unique_id "ajOjDR_D3_eq4SYcMea_9AAAAAI"], referer: http://www.nvafc.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 05:22:43 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 01:22:36.619583 2026] [security2:error] [pid 19011:tid 19011] [client 180.153.236.57:32939] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.reunionking.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.reunionking.com"] [uri "/"] [unique_id "ajOAnBy-pFeuLl9SebTjoAAAABY"], referer: http://www.reunionking.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-17 18:13:24 (1 week ago)	[WedJun1720:13:21.0467972026][security2:error][pid2186927:tid2186980][client180.153.236.57:0]ModSecu ... show more [WedJun1720:13:21.0467972026][security2:error][pid2186927:tid2186980][client180.153.236.57:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.hostingedominio.com\"][uri\"/\"][unique_id\"ajLjwSodc9sqAYMPpnh9agAAAEw\"]\,referer:https://www.hostingedominio.com/ show less	Hacking Web App Attack
🇩🇪 4server	2026-06-17 08:41:27 (1 week ago)	[WedJun1710:41:21.1955082026][security2:error][pid2757569:tid2757711][client180.153.236.57:0]ModSecu ... show more [WedJun1710:41:21.1955082026][security2:error][pid2757569:tid2757711][client180.153.236.57:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.specialfood.ch\"][uri\"/\"][unique_id\"ajJdsU_XfNvyJ12ajyCANQAAAFU\"]\,referer:https://www.specialfood.ch/ show less	Port Scan Brute-Force Web App Attack

Showing 1 to 15 of 199 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 118.145.242.91

🇮🇩 117.102.86.226

🇨🇳 223.84.195.56

🇨🇳 220.181.108.82

🇹🇼 198.235.24.126

🇺🇸 193.19.109.171

🇲🇽 187.189.188.107

🇮🇳 172.71.162.136

🇺🇸 141.11.88.12

🇰🇷 119.203.251.187

🇮🇷 109.230.91.238

🇩🇪 94.31.68.77

🇳🇱 91.92.40.52

🇬🇧 81.19.219.248

🇺🇸 74.7.243.199

🇫🇷 45.157.112.249

🇳🇱 45.156.87.34

🇳🇱 45.148.10.246

🇳🇱 45.148.10.157

🇦🇹 45.38.114.101