JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.26.104.211

159.26.104.211 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 65%: ?

65%

ISP	PV-SL-HOSTED-Frankfurt-Network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS208172
Domain Name	ip.me
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.26.104.211

Whois 159.26.104.211

IP Abuse Reports for 159.26.104.211:

This IP address has been reported a total of 21 times from 13 distinct sources. 159.26.104.211 was first reported on June 3rd 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 23p02732	2026-06-04 03:47:14 (6 days ago)	Mailserver and mailaccount attacks	Brute-Force Bad Web Bot Exploited Host Web App Attack
🇩🇪 ut-addicted.com	2026-06-04 03:42:54 (6 days ago)	\[04/Jun/2026:05:42:52 +0200\] aiD0PESUsE0BZF1xf9DhmgAAANI 159.26.104.211 47934 78.46.187.162 80 \[0 ... show more \[04/Jun/2026:05:42:52 +0200\] aiD0PESUsE0BZF1xf9DhmgAAANI 159.26.104.211 47934 78.46.187.162 80 \[04/Jun/2026:05:42:52 +0200\] aiD0PIFCIXw7iw-elhO7XAAAAJg 159.26.104.211 16117 78.46.187.162 80 \[04/Jun/2026:05:42:52 +0200\] aiD0PESUsE0BZF1xf9DhmwAAAMo 159.26.104.211 12453 78.46.187.162 443 show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 03:42:07 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:42:03.478812 2026] [security2:error] [pid 10419:tid 10434] [client 159.26.104.211:58372] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.82"] [uri "/.env"] [unique_id "aiD0C7l81E6GtYsJdkwMMAAAAUw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 03:24:14 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:24:09.478599 2026] [security2:error] [pid 16398:tid 16398] [client 159.26.104.211:59093] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.73"] [uri "/.env"] [unique_id "aiDv2VRmd_SUC2GJ-nieUQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-04 03:08:29 (6 days ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 03:06:58 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:06:51.615682 2026] [security2:error] [pid 22946:tid 22946] [client 159.26.104.211:16159] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.5"] [uri "/.env"] [unique_id "aiDry2vDJ_jAXQ5tmTTpPQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Tamsy	2026-06-04 03:06:57 (6 days ago)	HTTPD - Web Application vulnerability scan	Web App Attack
Anonymous	2026-06-04 03:06:03 (6 days ago)	Trying to access config files	Web App Attack
🇫🇮 mnazibo	2026-06-04 03:00:05 (6 days ago)	Date: 04/Jun/2026 05:33:00 \| Reported IP: 159.26.104.211 mod_security \| id: 930130 \| DE/group.my_dom ... show more Date: 04/Jun/2026 05:33:00 \| Reported IP: 159.26.104.211 mod_security \| id: 930130 \| DE/group.my_domain/- \| Connections: 1 \| Blocked: Permanent Block: [LF_MODSEC] \| URIs: /.env \| Logs: Restricted File Access Attempt show less	SQL Injection Brute-Force Bad Web Bot
🇫🇷 Coco Bongo	2026-06-04 02:52:27 (6 days ago)	159.26.104.211 [redacted] (--- United States -) - - [04/Jun/2026:04:52:20 +0200] "GET /.env HTTP/1.1 ... show more 159.26.104.211 [redacted] (--- United States -) - - [04/Jun/2026:04:52:20 +0200] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81. ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 02:50:37 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 22:50:32.401177 2026] [security2:error] [pid 8258:tid 8258] [client 159.26.104.211:31028] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.167"] [uri "/.env"] [unique_id "aiDn-BN-MVt4T1eLYMVW9QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 02:27:21 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 22:27:14.939352 2026] [security2:error] [pid 3119:tid 3119] [client 159.26.104.211:34744] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.245"] [uri "/.env"] [unique_id "aiDigh8k6g9VAa3cvpgcfwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ingroscart.it	2026-06-04 02:16:43 (6 days ago)	(PERMBLOCK) 159.26.104.211 (DE/Germany/-) has had more than 4 temp blocks	Hacking
🇺🇸 TPI-Abuse	2026-06-04 02:11:42 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 159.26.104.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 22:11:38.085038 2026] [security2:error] [pid 28760:tid 28861] [client 159.26.104.211:19064] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.18"] [uri "/.env"] [unique_id "aiDe2khvfmd5W_VLWGfgvgAAAg4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Honeypot-EU-Fru	2026-06-04 02:08:24 (6 days ago)	159.26.104.211 - - [redacted] [04/Jun/2026:04:08:24 +0200] "GET /.env HTTP/1.1" 404 188 "-" "Mozilla ... show more 159.26.104.211 - - [redacted] [04/Jun/2026:04:08:24 +0200] "GET /.env HTTP/1.1" 404 188 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.3 ... show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a13:9500:16b:a871::1:0

🇳🇱 176.65.139.64

🇺🇸 172.203.245.156

🇺🇸 167.172.152.94

🇮🇩 163.7.11.155

🇺🇸 104.223.92.205

🇿🇦 102.252.1.25

🇺🇸 52.230.182.110

🇯🇵 20.78.148.25

🇪🇹 196.189.124.229

🇨🇳 183.36.35.206

🇵🇾 181.94.227.174

🇪🇨 181.39.158.27

🇩🇪 142.93.104.175

🇨🇳 121.40.210.59

🇨🇳 112.123.107.196

🇺🇸 107.200.216.77

🇧🇩 103.144.104.5

🇳🇱 91.92.42.7

🇮🇹 83.224.180.87