JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 39.154.11.152

39.154.11.152 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 15%: ?

15%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 39.154.11.152

Whois 39.154.11.152

IP Abuse Reports for 39.154.11.152:

This IP address has been reported a total of 17 times from 4 distinct sources. 39.154.11.152 was first reported on August 22nd 2021, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-20 00:35:59 (3 hours ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 20:35:50.703061 2026] [security2:error] [pid 23388:tid 23412] [client 39.154.11.152:20256] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.vtweaversguild.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.vtweaversguild.org"] [uri "/"] [unique_id "ajXgZvLFFIofJYoY8N9nKgAAAJY"], referer: http://www.vtweaversguild.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 poundawebsiteltd	2026-06-13 23:58:36 (6 days ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 39.154.11.152 - - [14/Jun/2026:00 ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 39.154.11.152 - - [14/Jun/2026:00:58:34 +0100] GET / HTTP/1.1 403 214 http://[REDACTED_DOMAIN]/ User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 18:49:23 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 14:49:13.957395 2026] [security2:error] [pid 16099:tid 16099] [client 39.154.11.152:2665] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|watongalodging.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "watongalodging.com"] [uri "/index.html"] [unique_id "ahyCqSP_6hiTGXUPnt2aNwAAABE"], referer: http://watongalodging.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 21:58:57 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 17:58:49.802157 2026] [security2:error] [pid 21166:tid 21166] [client 39.154.11.152:1134] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.handi-finder.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.handi-finder.com"] [uri "/"] [unique_id "ahYXmT6eSSeMnN86Ea9vrgAAAAg"], referer: https://www.handi-finder.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 22:06:39 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 18:06:27.772556 2026] [security2:error] [pid 15345:tid 15345] [client 39.154.11.152:5953] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.robertmcatee.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.robertmcatee.com"] [uri "/"] [unique_id "ag-B46YCS-Y_4RY55rvcFwAAAAg"], referer: http://www.robertmcatee.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 20:43:28 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 16:43:18.119606 2026] [security2:error] [pid 3584:tid 3584] [client 39.154.11.152:13611] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.ergocorrect.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.ergocorrect.com"] [uri "/"] [unique_id "ag9uZjbYxrvUGJDzfwt1JAAAAA8"], referer: http://www.ergocorrect.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-18 00:01:06 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 20:00:57.323335 2026] [security2:error] [pid 4171:tid 4171] [client 39.154.11.152:5994] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.sarahwhitecotton.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.sarahwhitecotton.com"] [uri "/"] [unique_id "agpWufNw36m7efwZqL9RfwAAABc"], referer: http://www.sarahwhitecotton.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 21:42:47 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 17:42:40.835027 2026] [security2:error] [pid 31001:tid 31001] [client 39.154.11.152:5964] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|roselockecasting.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "roselockecasting.com"] [uri "/"] [unique_id "ago2UJI-nGjZg3Y4z4ZkjgAAAAw"], referer: http://roselockecasting.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-23 01:18:42 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 21:18:33.096146 2026] [security2:error] [pid 31965:tid 31965] [client 39.154.11.152:13032] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|businessgetwellcards.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "businessgetwellcards.com"] [uri "/"] [unique_id "acCU6ZxX1wQ953t-5t81GgAAAAI"], referer: http://businessgetwellcards.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-16 02:20:28 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 21:20:19.044233 2026] [security2:error] [pid 1916274:tid 1916274] [client 39.154.11.152:13669] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|ic1.biz\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ic1.biz"] [uri "/index.html"] [unique_id "aZJ-4xna5zB3S7QBzfLjxAAAABk"], referer: http://ic1.biz/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:37:30 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.152 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:37:20.289927 2026] [security2:error] [pid 28847:tid 28847] [client 39.154.11.152:26432] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|kingstoneproperties.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kingstoneproperties.com"] [uri "/"] [unique_id "aZEjUKd_kq68ajq-O_9JUAAAAAs"], referer: http://kingstoneproperties.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-07-23 23:01:50 (10 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.11.152 2025-07-23 01 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.11.152 2025-07-23 01:22:27 / show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-19 23:07:42 (11 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.11.152 2025-07-19 02 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/39.154.11.152 2025-07-19 02:21:51 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2025-04-27 23:32:56 (1 year ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.152 2025-04- ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.152 2025-04-27 19:32:24 /config.json show less	Web App Attack
🇿🇦 IrisFlower	2021-08-22 06:36:48 (4 years ago)	Unauthorized connection attempt detected from IP address 39.154.11.152 to port 443 [J]	Port Scan Hacking

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 165.154.172.146

🇮🇩 139.255.254.163

🇺🇸 130.131.162.82

🇮🇳 122.176.95.50

🇺🇸 64.62.197.167

🇨🇳 60.25.69.232

🇧🇷 45.205.1.240

🇨🇴 45.179.200.156

🇺🇬 41.220.3.101

🇬🇧 35.203.210.157

🇳🇱 5.61.209.224

🇺🇸 195.184.76.106

🇸🇪 185.246.128.170

🇺🇸 162.216.149.194

🇭🇰 154.221.25.72

🇷🇴 141.98.83.240

🇺🇸 107.23.229.126

🇬🇧 86.30.142.60

🇲🇾 49.124.151.71

🇪🇸 45.67.99.47