JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.59

180.153.236.59 was found in our database!

This IP was reported 193 times. Confidence of Abuse is 40%: ?

40%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.59

Whois 180.153.236.59

IP Abuse Reports for 180.153.236.59:

This IP address has been reported a total of 193 times from 22 distinct sources. 180.153.236.59 was first reported on September 25th 2025, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 4server	2026-06-17 09:25:08 (3 hours ago)	[WedJun1711:25:02.9441352026][security2:error][pid358359:tid358651][client180.153.236.59:0]ModSecuri ... show more [WedJun1711:25:02.9441352026][security2:error][pid358359:tid358651][client180.153.236.59:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.swisservers.com\"][uri\"/\"][unique_id\"ajJn7qrL0L8nvh45INgEDQAAAQ0\"]\,referer:https://www.swisservers.com/ show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 11:25:55 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 07:25:47.446961 2026] [security2:error] [pid 29072:tid 29072] [client 180.153.236.59:53703] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.justkoolit.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.justkoolit.com"] [uri "/"] [unique_id "ai6Pu9CsE2CShDaU3xRECAAAAAw"], referer: http://www.justkoolit.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 08:22:03 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 04:21:59.585734 2026] [security2:error] [pid 6120:tid 6120] [client 180.153.236.59:61763] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|kayelynn.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kayelynn.com"] [uri "/"] [unique_id "ai5kpzkBBAa1Rp0KeBigHwAAABs"], referer: http://kayelynn.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 07:28:20 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 03:28:16.789980 2026] [security2:error] [pid 13878:tid 13878] [client 180.153.236.59:59571] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|3dsportschannel.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "3dsportschannel.com"] [uri "/"] [unique_id "ai5YENkCdsGcEKqRRE6FXgAAAAQ"], referer: https://3dsportschannel.com?Viva3DTVSports.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 06:21:04 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 02:20:58.569485 2026] [security2:error] [pid 30013:tid 30013] [client 180.153.236.59:23513] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.aares2025.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.aares2025.net"] [uri "/"] [unique_id "ai5ISiZ_Wpi9aFuJOiovngAAAEE"], referer: https://www.aares2025.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 05:35:31 (3 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 01:35:25.794437 2026] [security2:error] [pid 25782:tid 25830] [client 180.153.236.59:62349] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|jevan1.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "jevan1.com"] [uri "/"] [unique_id "ai49nUK3eqeUeX0aSmZ7MQAAAEU"], referer: http://jevan1.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 10:27:04 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 06:26:56.647083 2026] [security2:error] [pid 11190:tid 11190] [client 180.153.236.59:10805] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.texasbordertours.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.texasbordertours.com"] [uri "/"] [unique_id "aiqNcBdE_i3MzG1ezEClugAAABE"], referer: http://www.texasbordertours.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 08:34:12 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 04:34:08.829264 2026] [security2:error] [pid 23950:tid 23950] [client 180.153.236.59:39695] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|celebritybikinigossip.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "celebritybikinigossip.com"] [uri "/"] [unique_id "aipzAJswN48x6YYkw59_UAAAAAI"], referer: https://celebritybikinigossip.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 06:53:22 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 02:53:16.195169 2026] [security2:error] [pid 20823:tid 20831] [client 180.153.236.59:10601] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|kwainet.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kwainet.com"] [uri "/"] [unique_id "aipbXHEzB1-e5SB5UD-6vQAAAEY"], referer: http://kwainet.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 06:36:21 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 02:36:15.557340 2026] [security2:error] [pid 2106:tid 2121] [client 180.153.236.59:22903] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.ccgparquitectos.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ccgparquitectos.com"] [uri "/"] [unique_id "aipXX99-qDMorbNbBUiXKAAAAAg"], referer: http://www.ccgparquitectos.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 micropedro	2026-06-10 17:30:59 (6 days ago)	3 incidents: malicious activity. First: 2026-05-27 11:31, Last: 2026-06-10 13:30 UTC. Triggers: ufw- ... show more 3 incidents: malicious activity. First: 2026-05-27 11:31, Last: 2026-06-10 13:30 UTC. Triggers: ufw-repeater. show less	Port Scan
🇬🇧 poundawebsiteltd	2026-06-08 09:52:38 (1 week ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 180.153.236.59 - - [08/Jun/2026:1 ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 180.153.236.59 - - [08/Jun/2026:10:52:35 +0100] GET / HTTP/1.1 403 214 http://[REDACTED_DOMAIN]/ User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0; 360Spider show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 09:28:47 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:28:43.986905 2026] [security2:error] [pid 18322:tid 18322] [client 180.153.236.59:58351] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.johnatuttle.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.johnatuttle.com"] [uri "/"] [unique_id "aiaLS6frRwAKmxST_lgPjAAAABY"], referer: http://www.johnatuttle.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 06:44:50 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:44:43.513138 2026] [security2:error] [pid 21504:tid 21504] [client 180.153.236.59:59089] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|bahamascruisersguide.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "bahamascruisersguide.com"] [uri "/"] [unique_id "aiZk2xKV1kxzXB5XGEM-3wAAAAM"], referer: http://bahamascruisersguide.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 06:03:52 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 02:03:41.065418 2026] [security2:error] [pid 2491:tid 2497] [client 180.153.236.59:30055] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.newyorkfreepress.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.newyorkfreepress.com"] [uri "/"] [unique_id "aiJmvRxFjj8HvVKx1w3AuAAAAcQ"], referer: https://www.newyorkfreepress.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 193 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 193.124.20.248

🇲🇽 189.167.35.161

🇩🇪 164.92.161.148

🇵🇰 160.30.109.148

🇸🇬 146.190.104.85

🇷🇴 143.20.185.207

🇩🇪 141.11.107.166

🇺🇸 135.237.122.43

🇨🇳 115.57.83.80

🇩🇪 69.5.169.238

🇩🇪 69.5.169.176

🇺🇸 65.49.1.200

🇨🇳 59.55.128.147

🇫🇷 45.157.112.3

🇨🇳 222.223.62.8

🇭🇰 199.45.154.186

🇧🇷 187.87.104.234

🇮🇳 182.18.180.44

🇺🇸 137.184.29.160

🇻🇳 123.17.63.220