JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 39.154.11.80

39.154.11.80 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 3%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 39.154.11.80

Whois 39.154.11.80

IP Abuse Reports for 39.154.11.80:

This IP address has been reported a total of 14 times from 3 distinct sources. 39.154.11.80 was first reported on April 21st 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-05 19:57:25 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 15:57:12.185922 2026] [security2:error] [pid 10289:tid 10289] [client 39.154.11.80:10675] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|heavenly-creatures.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "heavenly-creatures.com"] [uri "/"] [unique_id "aiMqGKsT4FmUL7a-uqrZ3AAAAAQ"], referer: https://heavenly-creatures.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 22:30:55 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 18:30:42.866605 2026] [security2:error] [pid 32081:tid 32081] [client 39.154.11.80:13112] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.professorjunk.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.professorjunk.com"] [uri "/"] [unique_id "aiH8ku5atJYOok7pDfe1JQAAAA8"], referer: http://www.professorjunk.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 19:24:16 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 15:24:06.327082 2026] [security2:error] [pid 13726:tid 13726] [client 39.154.11.80:6895] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|bakerimaging.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "bakerimaging.com"] [uri "/"] [unique_id "ahXzVs2acViunEYXG8vVmQAAAAU"], referer: http://bakerimaging.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 20:12:12 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 16:12:00.617710 2026] [security2:error] [pid 5283:tid 5283] [client 39.154.11.80:16177] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.awl-v.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.awl-v.com"] [uri "/"] [unique_id "ae_DENd074nhl1KZAVeAlQAAAA0"], referer: http://www.awl-v.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-06 23:06:44 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 19:06:34.843493 2026] [security2:error] [pid 467043:tid 467043] [client 39.154.11.80:12985] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|oceanicpier.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "oceanicpier.com"] [uri "/index.html"] [unique_id "adQ8euTFQJu01wiP28FuCQAAAAA"], referer: https://oceanicpier.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-03 18:16:09 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 14:16:01.546315 2026] [security2:error] [pid 32246:tid 32246] [client 39.154.11.80:8506] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|freightmotivity.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "freightmotivity.com"] [uri "/"] [unique_id "adAD4fYzZgaTzrDLCE0TUgAAAAg"], referer: https://freightmotivity.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-16 00:02:45 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 20:02:34.173004 2026] [security2:error] [pid 11942:tid 11942] [client 39.154.11.80:21572] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.fourminutedecision.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.fourminutedecision.com"] [uri "/"] [unique_id "abdImg08TmPtaVqj3wAwcAAAAAA"], referer: http://www.fourminutedecision.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-02 12:58:12 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 02 07:57:58.806529 2026] [security2:error] [pid 954:tid 954] [client 39.154.11.80:2210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.swwpccpa.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.swwpccpa.com"] [uri "/"] [unique_id "aaWJVpGGFFeRvtFZeIqXHgAAABk"], referer: http://www.swwpccpa.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 03:01:14 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 22:01:04.032419 2026] [security2:error] [pid 2297226:tid 2297226] [client 39.154.11.80:7867] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|thermalsoftware.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "thermalsoftware.com"] [uri "/"] [unique_id "aY6T8LjQV3RtyzSOtXoCbAAAAAo"], referer: http://thermalsoftware.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 01:37:37 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 20:37:25.829039 2026] [security2:error] [pid 26299:tid 26299] [client 39.154.11.80:18683] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|kaylamaclaincounseling.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kaylamaclaincounseling.com"] [uri "/"] [unique_id "aYqL1SQhw_1jixRjfHBWGAAAAAo"], referer: http://kaylamaclaincounseling.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-08-19 23:39:44 (9 months ago)	ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/39.154.11.80 2025-08-19 11:5 ... show more ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/39.154.11.80 2025-08-19 11:52:34 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2025-07-15 00:06:48 (11 months ago)	ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/39.154.11.80 2025-07-14 09:0 ... show more ThreatBook Intelligence: Mobile more details on http://threatbook.io/ip/39.154.11.80 2025-07-14 09:06:52 /sitemap.xml 2025-07-14 08:53:18 /favicon.ico show less	Web App Attack
🇨🇳 ThreatBook.io	2025-03-20 00:26:52 (1 year ago)	ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/39.154.11.80 2025-03 ... show more ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/39.154.11.80 2025-03-19 09:03:49 / show less	Web App Attack
🇿🇦 IrisFlower	2023-04-21 20:40:21 (3 years ago)	Unauthorized connection attempt detected from IP address 39.154.11.80 to port 443 [J]	Port Scan Hacking

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 36.80.185.124

🇺🇸 173.194.92.185

🇭🇰 165.154.1.18

🇨🇳 106.75.156.189

🇭🇰 103.244.88.62

🇧🇬 78.128.114.58

🇩🇪 69.5.169.245

🇺🇸 64.62.156.100

🇷🇴 2.57.121.25

🇺🇸 206.189.168.209

🇩🇪 202.61.236.85

🇫🇷 193.248.217.118

🇬🇧 161.35.43.242

🇺🇸 138.122.193.39

🇺🇸 45.3.62.185

🇺🇸 193.36.224.171

🇩🇪 94.26.106.80

🇬🇧 74.125.40.147

🇮🇳 59.88.100.68

🇰🇪 41.60.235.30