JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 218.201.18.196

218.201.18.196 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 12%: ?

12%

ISP	China Mobile Communications Corporation - chongqing
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Lishi, Chongqing

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 218.201.18.196

Whois 218.201.18.196

IP Abuse Reports for 218.201.18.196:

This IP address has been reported a total of 14 times from 6 distinct sources. 218.201.18.196 was first reported on July 10th 2023, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 10:09:41 (16 hours ago)	(mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 06:09:34.506294 2026] [security2:error] [pid 12571:tid 12571] [client 218.201.18.196:29804] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.kneupper.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.kneupper.com"] [uri "/"] [unique_id "ajPD3tmJ5txSQxIaxBj53QAAAAo"], referer: http://www.kneupper.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-01 13:32:08 (1 month ago)	Multiple connection attempts to UDP 8568	Port Scan
🇺🇸 TPI-Abuse	2026-02-24 20:54:51 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 24 15:54:44.021698 2026] [security2:error] [pid 4433:tid 4433] [client 218.201.18.196:21219] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|tedgrob.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "tedgrob.com"] [uri "/"] [unique_id "aZ4QFI3DYtkszuI8S13V1QAAAAg"], referer: http://tedgrob.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-23 08:36:28 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 03:36:22.597016 2026] [security2:error] [pid 32036:tid 32060] [client 218.201.18.196:5800] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.nicholsinvest.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.nicholsinvest.com"] [uri "/"] [unique_id "aZwRhjOTzZnr74KgLGshiAAAAJY"], referer: https://www.nicholsinvest.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-05 22:44:21 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 05 17:44:16.876324 2026] [security2:error] [pid 2355873:tid 2355873] [client 218.201.18.196:31775] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.superiorhandyman.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.superiorhandyman.net"] [uri "/"] [unique_id "aYUdQLMm5UaSNMwJtFHUqQAAABk"], referer: http://www.superiorhandyman.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-02-04 20:57:07 (4 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇺🇸 TPI-Abuse	2026-02-03 19:01:59 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 03 14:01:50.643270 2026] [security2:error] [pid 28120:tid 28120] [client 218.201.18.196:52106] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|gpobiotech.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "gpobiotech.com"] [uri "/"] [unique_id "aYJGHvCO-O16cUHmASnH4gAAAA8"], referer: https://gpobiotech.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 20:13:57 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 15:13:48.167521 2026] [security2:error] [pid 18979:tid 18979] [client 218.201.18.196:19319] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|forsythfixit.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "forsythfixit.com"] [uri "/index.htm"] [unique_id "aX-z_I8sb7wahjQ83Y9ytAAAAA4"], referer: http://forsythfixit.com/index.htm show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-17 21:25:00 (9 months ago)	(mod_security) mod_security (id:210350) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 218.201.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 17 17:24:53.947504 2025] [security2:error] [pid 16347:tid 16347] [client 218.201.18.196:12188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.renju.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.renju.net"] [uri "/tournament/1376/game/53049/"] [unique_id "aMsnJfvkC9CVuDB-aVG5-QAAAAs"], referer: https://www.renju.net/tournament/1376/game/53049 show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2025-03-10 12:19:52 (1 year ago)	tcp/1433 (4 or more attempts)	Port Scan
🇺🇸 kosada.com	2025-01-02 07:12:28 (1 year ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇺🇸 MPL	2023-07-11 18:25:39 (2 years ago)	tcp/23 (2 or more attempts)	Port Scan
🇫🇷 oonux.net	2023-07-11 00:43:49 (2 years ago)	RouterOS: Scanning detected TCP 218.201.18.196:1917 > x.x.x.x:22	Port Scan
🇺🇸 MPL	2023-07-10 19:36:18 (2 years ago)	tcp/81 (2 or more attempts)	Port Scan

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 186.96.158.180

🇭🇰 154.221.17.137

🇦🇺 112.213.180.67

🇳🇱 185.223.235.10

🇳🇱 176.65.139.43

🇰🇷 175.199.7.55

🇩🇪 167.94.146.36

🇮🇳 157.48.199.108

🇩🇪 152.53.22.30

🇺🇸 135.237.126.230

🇻🇳 123.58.198.35

🇮🇳 122.187.229.129

🇺🇸 100.28.153.226

🇳🇱 91.92.40.43

🇩🇪 89.23.108.134

🇩🇪 69.5.169.6

🇩🇪 64.226.72.186

🇨🇳 43.226.39.182

🇬🇧 35.203.211.212

🇸🇬 213.35.123.154