JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 36.161.112.1

36.161.112.1 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 5%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 36.161.112.1

Whois 36.161.112.1

IP Abuse Reports for 36.161.112.1:

This IP address has been reported a total of 25 times from 2 distinct sources. 36.161.112.1 was first reported on April 1st 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-21 18:51:05 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:50:56.675849 2026] [security2:error] [pid 27860:tid 27860] [client 36.161.112.1:24064] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.thingstodonude.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.thingstodonude.com"] [uri "/"] [unique_id "ajgykG1ZEyHWTfbUe3NPSgAAAFI"], referer: http://www.thingstodonude.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 10:33:29 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 06:33:23.853514 2026] [security2:error] [pid 8986:tid 8996] [client 36.161.112.1:24228] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|appraisalteam.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "appraisalteam.net"] [uri "/"] [unique_id "ajJ385NeVZWqlAE6ZMIduwAAAQU"], referer: http://appraisalteam.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 20:45:53 (6 days ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 16:45:47.800792 2026] [security2:error] [pid 19584:tid 19584] [client 36.161.112.1:24191] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|christineohlman.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "christineohlman.net"] [uri "/"] [unique_id "ajG1-3pmtV-A_gpF02-3wQAAAAE"], referer: http://christineohlman.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 22:52:31 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 18:52:27.066649 2026] [security2:error] [pid 17068:tid 17068] [client 36.161.112.1:23983] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|lowrygroup.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "lowrygroup.com"] [uri "/"] [unique_id "aiyNq170pdQx2CL4U4nZpwAAAAU"], referer: http://lowrygroup.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 23:25:11 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 19:25:07.259112 2026] [security2:error] [pid 2127:tid 2127] [client 36.161.112.1:24354] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.thevenicecafe.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.thevenicecafe.com"] [uri "/"] [unique_id "ahzDU7I2wfupU_EY3En3fAAAAAM"], referer: http://www.thevenicecafe.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 18:48:30 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 14:48:23.717788 2026] [security2:error] [pid 995:tid 995] [client 36.161.112.1:23712] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|flowergirlbaskets.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "flowergirlbaskets.com"] [uri "/index.htm"] [unique_id "ahc8d_PRLOqu6OIfeWx3lAAAABc"], referer: http://flowergirlbaskets.com/index.htm show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-23 01:06:27 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 21:06:20.978434 2026] [security2:error] [pid 10578:tid 10578] [client 36.161.112.1:23954] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|legalnexuslawfirm.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "legalnexuslawfirm.com"] [uri "/"] [unique_id "ahD9jOKbWmxaa11I3bXwEAAAAAs"], referer: https://legalnexuslawfirm.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-08 18:21:54 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 14:21:49.231955 2026] [security2:error] [pid 26779:tid 26779] [client 36.161.112.1:24467] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|ramseysgalleryofstuff.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ramseysgalleryofstuff.com"] [uri "/"] [unique_id "af4pvQ1HODEE6G0G8IwxWAAAAAM"], referer: http://ramseysgalleryofstuff.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-27 01:47:44 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 26 20:47:38.299883 2026] [security2:error] [pid 1708:tid 1708] [client 36.161.112.1:24354] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|worthhistory.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "worthhistory.org"] [uri "/index.htm"] [unique_id "aaD3uk7WzcpsYcsSGxqlNwAAABU"], referer: http://worthhistory.org/index.htm show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-03 18:58:59 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 03 13:58:52.507379 2026] [security2:error] [pid 26045:tid 26045] [client 36.161.112.1:23947] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|periodthreads.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "periodthreads.com"] [uri "/"] [unique_id "aYJFbGcthphEyG3fkibMQwAAABU"], referer: http://periodthreads.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-03 17:29:14 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 03 12:29:10.610556 2026] [security2:error] [pid 233250:tid 233250] [client 36.161.112.1:24051] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.francisfindings.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.francisfindings.com"] [uri "/"] [unique_id "aYIwZuDkfmnKmfbeeEImNAAAABg"], referer: http://www.francisfindings.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 13:52:46 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 36.161.112.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 08:52:40.641111 2026] [security2:error] [pid 28166:tid 28166] [client 36.161.112.1:23735] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|thevenicecafe.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "thevenicecafe.com"] [uri "/"] [unique_id "aX9aqFngrQkUbfpfcF4FqwAAAAU"], referer: http://thevenicecafe.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-12-20 01:14:37 (6 months ago)	ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/36.161.112.1 2025-12-19 02:5 ... show more ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/36.161.112.1 2025-12-19 02:52:18 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-11-14 01:16:45 (7 months ago)	ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/36.161.112.1 2025-11-13 21:2 ... show more ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/36.161.112.1 2025-11-13 21:26:23 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2025-06-21 00:57:38 (1 year ago)	ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/36.161.112.1 2025-06-20 04:4 ... show more ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/36.161.112.1 2025-06-20 04:45:21 /robots.txt show less	Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.253.0.24

🇵🇹 213.22.188.209

🇧🇷 205.210.31.161

🇻🇳 116.110.212.229

🇮🇹 72.146.1.254

🇺🇸 44.107.236.139

🇳🇱 5.187.35.142

🇺🇸 3.139.136.204

🇺🇸 2a04:c300:400::18c

🇺🇸 207.90.244.3

🇩🇴 190.167.237.191

🇯🇵 172.235.201.171

🇮🇳 103.86.180.10

🇷🇴 89.40.222.79

🇧🇾 81.30.98.142

🇳🇱 45.148.10.121

🇺🇸 44.70.191.143

🇳🇵 36.253.9.128

🇺🇸 20.169.80.121

🇵🇱 194.180.48.33