JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 115.56.116.209

115.56.116.209 was found in our database!

This IP was reported 5 times. Confidence of Abuse is 4%: ?

ISP	China Unicom Henan province network
Usage Type	Fixed Line ISP
ASN	AS4837
Hostname(s)	hn.kd.ny.adsl
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Zhengzhou, Henan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 115.56.116.209

Whois 115.56.116.209

IP Abuse Reports for 115.56.116.209:

This IP address has been reported a total of 5 times from 2 distinct sources. 115.56.116.209 was first reported on February 14th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-26 01:54:07 (2 days ago)	(mod_security) mod_security (id:210831) triggered by 115.56.116.209 (hn.kd.ny.adsl): 1 in the last 3 ... show more (mod_security) mod_security (id:210831) triggered by 115.56.116.209 (hn.kd.ny.adsl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 21:54:04.226911 2026] [security2:error] [pid 17557:tid 17557] [client 115.56.116.209:18649] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|precisionk-9.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "precisionk-9.com"] [uri "/"] [unique_id "aj3bvJJV_gaCqex60NbPBwAAAB4"], referer: http://precisionk-9.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 19:04:13 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 115.56.116.209 (hn.kd.ny.adsl): 1 in the last 3 ... show more (mod_security) mod_security (id:210831) triggered by 115.56.116.209 (hn.kd.ny.adsl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 15:04:06.468671 2026] [security2:error] [pid 19205:tid 19205] [client 115.56.116.209:32594] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|3dcounty.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "3dcounty.com"] [uri "/index.cgi"] [unique_id "ag4FptKUQxGclKISTTVt0gAAAAQ"], referer: https://3dcounty.com/index.cgi show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-18 21:47:13 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 115.56.116.209 (hn.kd.ny.adsl): 1 in the last 3 ... show more (mod_security) mod_security (id:210831) triggered by 115.56.116.209 (hn.kd.ny.adsl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 18 17:47:08.541591 2026] [security2:error] [pid 9036:tid 9036] [client 115.56.116.209:32403] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|robertseyewear.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "robertseyewear.com"] [uri "/"] [unique_id "aguI3A2a2Cv_vHq0ssUoyAAAABY"], referer: http://robertseyewear.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 20:12:18 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 115.56.116.209 (hn.kd.ny.adsl): 1 in the last 3 ... show more (mod_security) mod_security (id:949110) triggered by 115.56.116.209 (hn.kd.ny.adsl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 16:12:11.773761 2026] [security2:error] [pid 8861:tid 8861] [client 115.56.116.209:33134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tribalgamingtech.net"] [uri "/"] [unique_id "agohG_CX2f_AMrnfNs5tEAAAAAA"], referer: http://tribalgamingtech.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-02-14 23:57:01 (4 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/115.56.116.209 2026-02-14 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/115.56.116.209 2026-02-14 00:58:25 /robots.txt show less	Web App Attack

Showing 1 to 5 of 5 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 124.18.182.99

🇨🇦 4.206.92.183

🇲🇽 189.132.114.30

🇺🇸 107.150.104.176

🇳🇱 81.19.216.104

🇧🇬 78.128.114.58

🇺🇸 66.132.186.138

🇧🇪 34.34.137.7

🇮🇩 202.145.0.61

🇧🇷 189.85.117.255

🇬🇧 188.240.59.30

🇩🇪 165.22.85.27

🇳🇱 91.92.40.204

🇷🇺 90.151.171.109

🇬🇧 78.153.140.148

🇺🇸 76.218.69.255

🇺🇸 71.12.42.216

🇺🇸 40.77.167.154

🇷🇴 2.57.121.25

🇮🇳 103.155.33.6