JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.6

180.153.236.6 was found in our database!

This IP was reported 169 times. Confidence of Abuse is 43%: ?

43%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.6

Whois 180.153.236.6

IP Abuse Reports for 180.153.236.6:

This IP address has been reported a total of 169 times from 20 distinct sources. 180.153.236.6 was first reported on September 30th 2025, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 08:08:02 (9 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 04:07:52.812755 2026] [security2:error] [pid 3167:tid 3167] [client 180.153.236.6:0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.upskirtcrazy.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.upskirtcrazy.com"] [uri "/"] [unique_id "ajOnWAEcEGWFN0KnXXpmpQAAAAM"], referer: http://www.upskirtcrazy.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:55:51 (10 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:55:45.320739 2026] [security2:error] [pid 21403:tid 21403] [client 180.153.236.6:25246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|wedemandavote.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "wedemandavote.com"] [uri "/"] [unique_id "ajOWcVg1krw49beQfme6wwAAAAA"], referer: http://wedemandavote.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:37:28 (10 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:37:19.393443 2026] [security2:error] [pid 8544:tid 8544] [client 180.153.236.6:13204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.kingstoneproperties.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.kingstoneproperties.com"] [uri "/"] [unique_id "ajOSH4mYmJPGrcJ0_az4ZQAAAAM"], referer: http://www.kingstoneproperties.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 06:14:28 (11 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 02:14:21.506452 2026] [security2:error] [pid 10371:tid 10371] [client 180.153.236.6:25452] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.accordionfactory.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.accordionfactory.com"] [uri "/"] [unique_id "ajOMvT1Ijw5NvqzQqEJCQwAAAAI"], referer: http://www.accordionfactory.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 05:45:45 (11 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 01:45:39.565838 2026] [security2:error] [pid 15242:tid 15242] [client 180.153.236.6:53208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|mytapt.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "mytapt.com"] [uri "/"] [unique_id "ajOGA_LqWsGNAHCctyd30wAAAAc"], referer: http://mytapt.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 05:16:52 (12 hours ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 01:16:45.751615 2026] [security2:error] [pid 2455:tid 2455] [client 180.153.236.6:35232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|celltechs.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "celltechs.net"] [uri "/"] [unique_id "ajN_PRNe9yeW4rYaQcYLkwAAAAY"], referer: https://celltechs.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-17 08:31:02 (1 day ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.6 (CN/Ch ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 180.153.236.6 (CN/China/-) show less	Bad Web Bot
🇮🇩 sockominfo	2026-06-16 10:00:32 (2 days ago)	Reported by TangerangKota-CSIRT. Status: MALICIOUS	Hacking Email Spam
🇮🇩 sockominfo	2026-06-16 09:00:09 (2 days ago)	Webshell discovery success (Response: 200). Threat Score: 8.7/10 (HIGH). Reported by TangerangKota-C ... show more Webshell discovery success (Response: 200). Threat Score: 8.7/10 (HIGH). Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇮🇩 sockominfo	2026-06-16 08:00:09 (2 days ago)	Webshell discovery success (Response: 200). Threat Score: 8.9/10 (HIGH). Reported by TangerangKota-C ... show more Webshell discovery success (Response: 200). Threat Score: 8.9/10 (HIGH). Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇺🇸 TPI-Abuse	2026-06-11 07:12:45 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 03:12:40.200254 2026] [security2:error] [pid 18042:tid 18042] [client 180.153.236.6:14740] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.areaware-archive.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.areaware-archive.com"] [uri "/"] [unique_id "aipf6N2A11RbGBl5LVbQwwAAAAk"], referer: http://www.areaware-archive.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 06:16:49 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 02:16:41.832268 2026] [security2:error] [pid 6641:tid 6641] [client 180.153.236.6:59104] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.lundtrading.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.lundtrading.com"] [uri "/"] [unique_id "aipSyZQ3Aw_msfokWEn5mwAAABY"], referer: https://www.lundtrading.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 08:50:41 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 04:50:34.107706 2026] [security2:error] [pid 31938:tid 31938] [client 180.153.236.6:52596] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.bodybuildbid.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.bodybuildbid.com"] [uri "/"] [unique_id "aiklWk5K3yfhjWYVa6oOvQAAAAo"], referer: http://www.bodybuildbid.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 08:25:21 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:25:16.529644 2026] [security2:error] [pid 2703:tid 2703] [client 180.153.236.6:52448] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|styxwamworld.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "styxwamworld.com"] [uri "/"] [unique_id "aiZ8bBSnlPS1zwFjVK8UiQAAAIg"], referer: http://styxwamworld.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 07:29:41 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 03:29:34.542223 2026] [security2:error] [pid 30668:tid 30668] [client 180.153.236.6:16746] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|macau-muaythai.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "macau-muaythai.com"] [uri "/"] [unique_id "aiZvXmYL6RMQlFfw2z8sogAAAAI"], referer: http://macau-muaythai.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 169 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.85.251.55

🇺🇸 147.185.132.136

🇧🇩 117.103.80.92

🇨🇳 106.12.74.119

🇫🇷 92.205.57.72

🇰🇷 59.12.212.38

🇨🇳 39.98.55.149

🇺🇸 20.64.105.55

🇰🇷 1.212.225.99

🇨🇦 2600:3c04::2000:ebff:fe01:68eb

🇳🇱 185.38.142.40

🇨🇳 183.221.0.223

🇰🇷 115.178.75.243

🇫🇷 91.196.152.105

🇺🇸 66.132.172.183

🇸🇬 43.160.204.7

🇹🇷 31.223.33.149

🇺🇸 18.118.100.31

🇯🇵 14.137.237.192

🇺🇸 192.185.4.35