JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 39.154.12.53

39.154.12.53 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 4%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 39.154.12.53

Whois 39.154.12.53

IP Abuse Reports for 39.154.12.53:

This IP address has been reported a total of 9 times from 3 distinct sources. 39.154.12.53 was first reported on November 20th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 18:14:52 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 14:14:40.478412 2026] [security2:error] [pid 24502:tid 24502] [client 39.154.12.53:17143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.gruponovak.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.gruponovak.com"] [uri "/"] [unique_id "ajLkEOaGu07r0eWHvTHrEAAAABA"], referer: http://www.gruponovak.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-07 02:41:43 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 22:41:33.249192 2026] [security2:error] [pid 1350326:tid 1350326] [client 39.154.12.53:7409] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|longleggedblond.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "longleggedblond.com"] [uri "/"] [unique_id "adRu3Zd7l7_kau6dBzU7cwAAAA0"], referer: http://longleggedblond.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-23 21:35:49 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 16:35:41.006399 2026] [security2:error] [pid 14046:tid 14046] [client 39.154.12.53:12268] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|kerrywoodandson.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kerrywoodandson.com"] [uri "/"] [unique_id "aZzILeJyi7ruhuvUDlysVgAAAA0"], referer: https://kerrywoodandson.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-21 23:21:54 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 21 18:21:42.005962 2026] [security2:error] [pid 13811:tid 13811] [client 39.154.12.53:14065] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|17thstreetrealty.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "17thstreetrealty.com"] [uri "/"] [unique_id "aZo-Bm1ymxtDJoa8SQq3agAAABA"], referer: http://17thstreetrealty.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-20 05:14:08 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 00:13:58.241966 2026] [security2:error] [pid 4715:tid 4715] [client 39.154.12.53:26325] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|ciptaconindotara.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ciptaconindotara.com"] [uri "/"] [unique_id "aW8PFu0uap84HUDOwYY9HQAAABY"], referer: https://ciptaconindotara.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-18 20:24:42 (5 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 18 15:24:33.586019 2026] [security2:error] [pid 2005:tid 2005] [client 39.154.12.53:2418] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.luxurymicrobikini.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.luxurymicrobikini.com"] [uri "/"] [unique_id "aW1BgYtsO58dqcp3ALqzVwAAAAU"], referer: http://www.luxurymicrobikini.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-18 19:24:48 (5 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.12.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 18 14:24:38.750757 2026] [security2:error] [pid 6812:tid 6824] [client 39.154.12.53:4090] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.deeplykneaded.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.deeplykneaded.net"] [uri "/index.html"] [unique_id "aW0zdpMMuGRpEwufhryMKgAAAQo"], referer: http://www.deeplykneaded.net/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-08-31 00:30:47 (9 months ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.12.53 2025-08- ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.12.53 2025-08-30 06:50:37 /config.json show less	Web App Attack
Anonymous	2024-11-20 09:18:01 (1 year ago)	Web attack	Bad Web Bot Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 111.70.11.15

🇨🇳 106.227.75.197

🇳🇱 91.92.40.7

🇨🇦 85.217.149.28

🇧🇪 35.189.230.112

🇧🇷 20.226.32.175

🇳🇱 195.178.110.105

🇮🇩 182.13.96.107

🇳🇱 176.65.139.222

🇳🇱 172.94.9.214

🇨🇴 170.254.229.191

🇧🇪 104.199.55.128

🇦🇫 103.215.210.168

🇫🇷 92.222.229.126

🇨🇿 91.224.90.50

🇳🇱 91.92.40.6

🇻🇳 27.79.45.167

🇺🇸 20.65.195.35

🇳🇱 195.178.110.30

🇳🇱 176.65.148.253