JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.153.236.72

180.153.236.72 was found in our database!

This IP was reported 144 times. Confidence of Abuse is 38%: ?

38%

ISP	CHINANET SHANGHAI PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4811
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.153.236.72

Whois 180.153.236.72

IP Abuse Reports for 180.153.236.72:

This IP address has been reported a total of 144 times from 14 distinct sources. 180.153.236.72 was first reported on September 24th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-11 11:40:35 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 07:40:29.362570 2026] [security2:error] [pid 21876:tid 21876] [client 180.153.236.72:34537] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|humans2humans.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "humans2humans.org"] [uri "/"] [unique_id "aiqerUfbirXYrFPkGWwc2AAAAA4"], referer: https://humans2humans.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 11:10:04 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 07:09:58.611759 2026] [security2:error] [pid 10310:tid 10448] [client 180.153.236.72:61879] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|pecanvalleyestates.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "pecanvalleyestates.net"] [uri "/"] [unique_id "aiqXhpr2mSHTOVQSGQFlYQAAANg"], referer: https://pecanvalleyestates.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 10:21:55 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 06:21:50.545033 2026] [security2:error] [pid 1948:tid 1948] [client 180.153.236.72:40591] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.styxtake2.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.styxtake2.com"] [uri "/"] [unique_id "aiqMPhvK9U6Qja4_mWSw0gAAAAc"], referer: http://www.styxtake2.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 06:56:03 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 02:55:56.757157 2026] [security2:error] [pid 16895:tid 16895] [client 180.153.236.72:9975] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|watermarks.info\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "watermarks.info"] [uri "/"] [unique_id "aipb_G3ruKyjAOSMcyuAfwAAABI"], referer: http://watermarks.info/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 05:28:38 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 01:28:31.765316 2026] [security2:error] [pid 20627:tid 20627] [client 180.153.236.72:21419] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|yeswedeliver.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "yeswedeliver.org"] [uri "/"] [unique_id "aipHfySV3SHYHAAgt3iuPQAAACY"], referer: https://yeswedeliver.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 06:55:53 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:55:47.972906 2026] [security2:error] [pid 26379:tid 26379] [client 180.153.236.72:47303] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.davidnevue.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.davidnevue.com"] [uri "/"] [unique_id "aiZncx5d8pueyTW2mPXUJwAAAAY"], referer: https://www.davidnevue.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 05:42:44 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 01:42:38.024810 2026] [security2:error] [pid 15562:tid 15562] [client 180.153.236.72:35189] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.hillcrest.us\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.hillcrest.us"] [uri "/"] [unique_id "aiZWTvYSZdJARLkOCMspTwAAACY"], referer: http://www.hillcrest.us/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 1gz	2026-06-08 03:47:25 (5 days ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: CHALLENGE Protocol: HTTP/2 (GET met ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: CHALLENGE Protocol: HTTP/2 (GET method) Endpoint: /index.html UA: User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0; 360Spider This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-04 09:07:30 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 05:07:26.561194 2026] [security2:error] [pid 17058:tid 17058] [client 180.153.236.72:35959] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|straypointers.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "straypointers.com"] [uri "/"] [unique_id "aiFATiny6Uh6QDpGUti2UAAAAAI"], referer: https://straypointers.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-06-04 07:18:54 (1 week ago)	[Thu Jun 04 17:18:52.951221 2026] [security2:error] [pid 477483] [client 180.153.236.72:42641] [clie ... show more [Thu Jun 04 17:18:52.951221 2026] [security2:error] [pid 477483] [client 180.153.236.72:42641] [client 180.153.236.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "valueaddedpromotions.com.au"] [uri "/"] [unique_id "aiEm3MaCm7kKG5R6tDdnjwAAAAY"], referer: https://valueaddedpromotions.com.au/ ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 04:13:56 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 00:13:47.456940 2026] [security2:error] [pid 19377:tid 19377] [client 180.153.236.72:31187] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|3905ccn.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "3905ccn.org"] [uri "/index.php"] [unique_id "aiD7exp2ENpH0blHrV-FjQAAAAc"], referer: http://3905ccn.org/index.php show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2026-06-01 01:22:42 (1 week ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-31 10:05:28 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 06:05:22.356989 2026] [security2:error] [pid 4404:tid 4404] [client 180.153.236.72:26207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.smid.tv\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.smid.tv"] [uri "/"] [unique_id "ahwH4mktiGCxJwoufNn1IQAAAAo"], referer: http://www.smid.tv/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 06:23:32 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 02:23:24.134028 2026] [security2:error] [pid 6089:tid 6089] [client 180.153.236.72:52111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.drunkenmonkeystyle.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.drunkenmonkeystyle.com"] [uri "/"] [unique_id "ahvT3C5xPDuuNUwk8dtwigAAAA0"], referer: https://www.drunkenmonkeystyle.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 14:45:08 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 180.153.236.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 10:44:56.310882 2026] [security2:error] [pid 11193:tid 11193] [client 180.153.236.72:48427] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|frightlibrary.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "frightlibrary.org"] [uri "/"] [unique_id "ahhU6OQgBgNdBqlBDQZoXwAAABE"], referer: http://frightlibrary.org/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 144 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 185.200.116.75

🇨🇳 182.42.93.139

🇧🇷 177.130.171.57

🇨🇳 123.13.89.148

🇰🇷 106.246.89.68

🇺🇸 66.132.195.125

🇨🇳 27.42.136.232

🇺🇸 17.241.227.51

🇻🇳 221.132.21.185

🇲🇽 201.103.214.31

🇬🇧 185.216.145.170

🇸🇬 168.144.42.72

🇩🇪 167.94.146.40

🇮🇳 152.58.96.189

🇦🇹 150.251.225.140

🇨🇳 112.20.28.241

🇵🇱 83.168.107.158

🇺🇸 66.132.186.223

🇦🇺 34.87.219.164

🇲🇽 201.138.46.105