JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 183.199.180.49

183.199.180.49 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 15%: ?

15%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS24547
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 183.199.180.49

Whois 183.199.180.49

IP Abuse Reports for 183.199.180.49:

This IP address has been reported a total of 11 times from 4 distinct sources. 183.199.180.49 was first reported on July 20th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 paulshipley.com.au	2026-06-18 20:50:24 (1 day ago)	[Fri Jun 19 06:50:24.041273 2026] [security2:error] [pid 576157] [client 183.199.180.49:13524] [clie ... show more [Fri Jun 19 06:50:24.041273 2026] [security2:error] [pid 576157] [client 183.199.180.49:13524] [client 183.199.180.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "levellapromotions.com.au"] [uri "/"] [unique_id "ajRaEOz04I3NNKSHNuw3NwAAAAA"], referer: https://levellapromotions.com.au/ ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 20:01:49 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 16:01:44.310047 2026] [security2:error] [pid 21626:tid 21626] [client 183.199.180.49:19909] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|csems.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "csems.org"] [uri "/index.html"] [unique_id "ajROqB94HCYr0GhIxCHZFQAAAAA"], referer: https://csems.org/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 13:30:58 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 09:30:51.758613 2026] [security2:error] [pid 17507:tid 17507] [client 183.199.180.49:22732] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|randyshelly.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "randyshelly.com"] [uri "/"] [unique_id "ajPzC4ONF2A02SqLdzBncAAAAAo"], referer: http://randyshelly.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 07:11:56 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 03:11:47.525681 2026] [security2:error] [pid 8857:tid 8857] [client 183.199.180.49:1997] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|littlestarbookspub.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "littlestarbookspub.com"] [uri "/"] [unique_id "ahaZM7vMR1sO0FqcFBBSOwAAAAM"], referer: https://littlestarbookspub.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-06 21:02:18 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 17:02:13.165143 2026] [security2:error] [pid 368919:tid 368919] [client 183.199.180.49:9469] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.kbalan.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.kbalan.com"] [uri "/"] [unique_id "adQfVa7inyU3IyEYa4ZeNAAAAAk"], referer: https://www.kbalan.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-06 00:10:54 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 20:10:50.254211 2026] [security2:error] [pid 5623:tid 5623] [client 183.199.180.49:4986] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|andrewweigel.name\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "andrewweigel.name"] [uri "/"] [unique_id "adL6CnIYo6OTbUEKDx9U2wAAAAI"], referer: http://andrewweigel.name/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-05 19:11:58 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 15:11:52.116540 2026] [security2:error] [pid 26558:tid 26558] [client 183.199.180.49:5023] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.muskogeecleaning.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.muskogeecleaning.com"] [uri "/"] [unique_id "adKz-Dk-kEjgkBei9VEPrQAAAAE"], referer: http://www.muskogeecleaning.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-05 03:09:08 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 04 23:09:01.496043 2026] [security2:error] [pid 27969:tid 27969] [client 183.199.180.49:11321] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|totenclaus.es\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "totenclaus.es"] [uri "/"] [unique_id "adHSTele_YOJ11dQEs6gzQAAAAg"], referer: http://totenclaus.es/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-04-02 23:02:07 (2 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/183.199.180.49 2026-04-02 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/183.199.180.49 2026-04-02 18:34:29 / show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 13:06:12 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 183.199.180.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 09:06:08.236148 2026] [security2:error] [pid 29909:tid 29909] [client 183.199.180.49:12732] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|ohwaitiforgot.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ohwaitiforgot.com"] [uri "/"] [unique_id "ac5pwH138bduNoSgYaqHSwAAAAw"], referer: https://ohwaitiforgot.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-20 06:47:46 (11 months ago)	Ports: *; Direction: 0; Trigger: LF_DISTSMTP	Brute-Force SSH

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 216.26.232.61

🇺🇸 170.247.220.226

🇷🇴 128.127.118.16

🇸🇪 83.233.149.204

🇮🇶 65.20.202.4

🇺🇸 47.88.59.135

🇸🇬 194.5.82.150

🇺🇸 170.247.220.222

🇺🇸 170.247.220.206

🇺🇸 170.247.220.202

🇺🇸 170.247.220.201

🇺🇸 147.185.132.112

🇹🇭 147.50.227.79

🇺🇸 129.121.85.48

🇨🇳 110.249.202.139

🇭🇰 101.36.111.119

🇩🇪 91.67.24.209

🇫🇷 88.162.30.176

🇬🇧 35.203.211.219

🇺🇸 20.65.194.43