JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 180.191.49.80

180.191.49.80 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 6%: ?

ISP	Globe Telecom (GMCR,INC)
Usage Type	Fixed Line ISP
ASN	AS132199
Domain Name	globe.com.ph
Country	🇵🇭 Philippines
City	Quezon City, National Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 180.191.49.80

Whois 180.191.49.80

IP Abuse Reports for 180.191.49.80:

This IP address has been reported a total of 13 times from 10 distinct sources. 180.191.49.80 was first reported on March 19th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇿🇦 Terrorism & Money Laundering Monitor	2026-04-20 17:18:00 (1 month ago)	Multiple brute force and hacking attacks on many WordPress websites.	Brute-Force Web App Attack Hacking
🇺🇸 jcbriar	2026-04-16 16:38:08 (1 month ago)	Searching for vulnerable scripts	Hacking Web App Attack
🇫🇷 SpaceHost-Server	2026-04-13 22:26:49 (2 months ago)		Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-04-13 03:54:41 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 180.191.49.80 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 180.191.49.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 23:54:33.302400 2026] [security2:error] [pid 1394800:tid 1394800] [client 180.191.49.80:58672] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|targetbinario.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "targetbinario.com"] [uri "/wp-json/wp/v2/users"] [unique_id "adxo-UTX5VBE9xW_K6RXKgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-04-12 22:26:23 (2 months ago)		Brute-Force Web App Attack
🇩🇪 4server	2026-04-12 18:10:49 (2 months ago)	[SunApr1220:10:46.1710312026][security2:error][pid4115295:tid4115320][client180.191.49.80:0]ModSecur ... show more [SunApr1220:10:46.1710312026][security2:error][pid4115295:tid4115320][client180.191.49.80:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"148\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"globalhorizon.ch\"][uri\"/xmlrpc.php\"][unique_id\"advgJsrA4r8hesH4hcDN1AAAABY\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 netclix.gr	2026-04-12 15:55:36 (2 months ago)	(wordpress) Failed wordpress login from 180.191.49.80 (PH/Philippines/-): (CF_ENABLE)	Brute-Force
🇬🇧 davelegg	2026-04-01 17:00:00 (2 months ago)	Participated in Layer 7 DDoS attack against forum search endpoint. Part of residential botnet using ... show more Participated in Layer 7 DDoS attack against forum search endpoint. Part of residential botnet using 15,000+ unique IPs with 8 round-robined browser user agents. Behavior: deep pagination of search/tag queries (up to page 1500+), findComment chain crawling, 87% requests closed before response (499). No static assets loaded. Attack ramped from ~1,800 req/hr to ~14,000 req/hr over 17 hours then stopped abruptly. Observed 2026-04-01. show less	DDoS Attack Bad Web Bot Web App Attack
Anonymous	2026-03-30 00:39:12 (2 months ago)	Intrusion Detect. SQL injection attempts with URL.	Hacking SQL Injection Web App Attack
🇺🇸 myagent.site	2026-03-22 16:06:14 (2 months ago)	Blocking for trying to access an exploit file: /xmlrpc.php	Hacking
🇺🇸 TPI-Abuse	2026-03-22 13:42:18 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 180.191.49.80 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 180.191.49.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 09:41:54.044748 2026] [security2:error] [pid 13727:tid 13727] [client 180.191.49.80:64782] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|famagustacyprus.eu\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "famagustacyprus.eu"] [uri "/wp-json/wp/v2/users"] [unique_id "ab_xom7wmOikWyW-ZknpxQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-03-22 05:27:33 (2 months ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-03-19 10:27:51 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 180.191.49.80 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 180.191.49.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 19 06:27:45.691305 2026] [security2:error] [pid 29104:tid 29120] [client 180.191.49.80:50822] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|giere.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "giere.us"] [uri "/wp-json/wp/v2/users"] [unique_id "abvPobUqUXBXa1muH3TbJAAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 212.227.27.47

🇸🇪 176.10.197.168

🇦🇺 170.64.166.144

🇬🇧 165.22.113.175

🇨🇳 122.224.205.134

🇩🇪 69.5.169.231

🇫🇮 35.228.31.149

🇧🇷 34.39.150.114

🇹🇼 198.235.24.84

🇳🇱 195.178.110.30

🇬🇧 193.163.125.232

🇺🇸 172.215.146.234

🇺🇸 135.232.200.209

🇨🇳 110.249.201.139

🇨🇳 101.68.215.26

🇷🇺 83.171.89.209

🇺🇸 35.184.189.28

🇫🇷 5.135.239.87

🇷🇴 2.57.121.25

🇰🇷 211.43.120.12