JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.58

180.153.236.58 was found in our database!

This IP was reported 189 times. Confidence of Abuse is 52%: ?

52%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.58

Whois 180.153.236.58

IP Abuse Reports for 180.153.236.58:

This IP address has been reported a total of 189 times from 31 distinct sources. 180.153.236.58 was first reported on September 24th 2025, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-10 10:09:25 (22 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 06:09:18.961410 2026] [security2:error] [pid 19360:tid 19380] [client 180.153.236.58:4397] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.jofdt.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jofdt.com"] [uri "/"] [unique_id "aik3ztJP_vYNo0cKsitoygAAARE"], referer: https://www.jofdt.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 08:31:36 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 04:31:28.816741 2026] [security2:error] [pid 10738:tid 10738] [client 180.153.236.58:8759] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|handyrehab.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "handyrehab.com"] [uri "/"] [unique_id "aikg4G1EqAWtTRLrUU3rWQAAAAM"], referer: https://handyrehab.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 07:53:08 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 03:53:02.415892 2026] [security2:error] [pid 20193:tid 20193] [client 180.153.236.58:41775] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|namefinder.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "namefinder.com"] [uri "/"] [unique_id "aiZ03pI2h-A5ZPtLKKgI6wAAADI"], referer: http://namefinder.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 06:20:15 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:20:12.422505 2026] [security2:error] [pid 3022:tid 3022] [client 180.153.236.58:60677] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|theproducers.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "theproducers.com"] [uri "/"] [unique_id "aiZfHGu2QX2TvRZP2qU3zwAAAAI"], referer: https://theproducers.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 Peter Yu	2026-06-08 05:44:01 (3 days ago)		Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 05:16:11 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 01:16:06.263380 2026] [security2:error] [pid 27829:tid 27829] [client 180.153.236.58:2643] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|llaira.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "llaira.com"] [uri "/"] [unique_id "aiZQFgcQ8soopi10jQq3FwAAAAY"], referer: http://llaira.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 hermawan	2026-06-04 13:55:51 (6 days ago)	1780581341.715457 180.153.236.58 103.166.156.58 16060_2-1-1-4-1-3_1460_7 2026-06-04 20:55:41 WIB ...	Email Spam Hacking
🇺🇸 TPI-Abuse	2026-06-04 07:35:17 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 03:35:11.054334 2026] [security2:error] [pid 1179:tid 1179] [client 180.153.236.58:44711] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.stationrestaurant.ca\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.stationrestaurant.ca"] [uri "/"] [unique_id "aiEqr2OQvq0i3ChbMVVzywAAAAs"], referer: https://www.stationrestaurant.ca/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 06:40:54 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 02:40:48.016371 2026] [security2:error] [pid 28758:tid 28758] [client 180.153.236.58:30469] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|goseethenurse.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "goseethenurse.com"] [uri "/"] [unique_id "aiEd8Ba2ypgSLzT4tsRc8QAAAAw"], referer: https://goseethenurse.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 06:10:38 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 02:10:32.625507 2026] [security2:error] [pid 20945:tid 20945] [client 180.153.236.58:29175] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|cartoondelivery.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "cartoondelivery.com"] [uri "/"] [unique_id "aiEW2Khzhg29KKIW2k4hwAAAABg"], referer: https://cartoondelivery.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-02 10:39:20 (1 week ago)	[TueJun0212:39:03.8511232026][security2:error][pid1448692:tid1448700][client180.153.236.58:0]ModSecu ... show more [TueJun0212:39:03.8511232026][security2:error][pid1448692:tid1448700][client180.153.236.58:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.rs-solution.ch\"][uri\"/\"][unique_id\"ah6yx04ZfJFnPZBVHY-mTwAAAUA\"]\,referer:https://www.rs-solution.ch/ show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 07:01:16 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 03:01:08.844239 2026] [security2:error] [pid 16765:tid 16765] [client 180.153.236.58:8495] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.gictd.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.gictd.com"] [uri "/"] [unique_id "ahvctIslN02jTgrM8JPhSAAAAAU"], referer: https://www.gictd.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-05-31 07:00:06 (1 week ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 180.153.236.58 (CN/China/-): 1 in th ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 180.153.236.58 (CN/China/-): 1 in the last 3600 secs show less	Web App Attack
🇨🇦 1gz	2026-05-31 06:43:30 (1 week ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: CHALLENGE Protocol: HTTP/2 (GET met ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: CHALLENGE Protocol: HTTP/2 (GET method) Endpoint: / UA: User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0; 360Spider This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-31 06:24:48 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.58 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 02:24:43.722675 2026] [security2:error] [pid 31606:tid 31606] [client 180.153.236.58:22001] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.ohiobabe.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ohiobabe.com"] [uri "/"] [unique_id "ahvUK4G28nrtimCsKrCxyAAAAAU"], referer: http://www.ohiobabe.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 189 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 45.148.10.151

🇰🇪 102.208.235.164

🇺🇸 98.90.43.197

🇨🇳 60.188.58.133

🇲🇾 47.250.114.23

🇮🇹 34.17.164.0

🇩🇪 213.209.159.56

🇷🇺 152.89.199.131

🇱🇹 81.30.98.49

🇷🇴 80.94.92.171

🇧🇬 78.128.113.46

🇨🇳 61.142.42.201

🇳🇱 45.156.87.93

🇳🇱 45.148.10.141

🇸🇬 2402:1f00:8000:800::4672

🇭🇰 154.198.162.75

🇺🇸 147.185.132.175

🇩🇪 142.93.98.58

🇻🇳 125.212.217.143

🇨🇳 124.117.194.46