JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.26.112.6

159.26.112.6 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 100%: ?

100%

ISP	PV-SL-HOSTED-Marseille-Network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS208172
Domain Name	ip.me
Country	🇫🇷 France
City	Marseille, Provence-Alpes-Cote d'Azur

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.26.112.6

Whois 159.26.112.6

IP Abuse Reports for 159.26.112.6:

This IP address has been reported a total of 32 times from 19 distinct sources. 159.26.112.6 was first reported on October 26th 2025, and the most recent report was 19 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 MPL	2026-06-20 08:36:43 (19 hours ago)	tcp/80 (10 or more attempts)	Port Scan
🇪🇸 alferez	2026-06-20 06:46:17 (21 hours ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇫🇷 Duggy_Tuxy🧱	2026-06-20 04:05:27 (1 day ago)	[HP02-SRV02-FR] Blocked by SysWarden Firewall (Web Attack)	Web App Attack Hacking Port Scan
🇺🇸 TPI-Abuse	2026-06-20 03:43:27 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 159.26.112.6 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 159.26.112.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 23:43:23.478335 2026] [security2:error] [pid 10216:tid 10216] [client 159.26.112.6:4461] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.13"] [uri "/.env"] [unique_id "ajYMWzJTYhW00MsxgIoTkAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-06-20 03:15:54 (1 day ago)	Try to access /.env	Web App Attack
🇩🇪 bescared	2026-06-20 02:42:50 (1 day ago)	F2B - Malicious activity detected. URL Probing. -151302cd-	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 02:03:50 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 159.26.112.6 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 159.26.112.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 22:03:46.350205 2026] [security2:error] [pid 27835:tid 27835] [client 159.26.112.6:10358] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.62"] [uri "/.env"] [unique_id "ajX1AvKHiJIQGO31XEAZNgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 centurion	2026-06-20 01:30:49 (1 day ago)	Blocked by UFW on ns03 [80/tcp] Source port: 57008 TTL: 55 Packet length: 60 TOS: 0x00 This report ... show more Blocked by UFW on ns03 [80/tcp] Source port: 57008 TTL: 55 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
Anonymous	2026-06-20 00:28:12 (1 day ago)	159.26.112.6 - - [20/Jun/2026:00:28:12 +0000] "GET /.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; Li ... show more 159.26.112.6 - - [20/Jun/2026:00:28:12 +0000] "GET /.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 159.26.112.6 - - [20/Jun/2026:00:28:12 +0000] "POST / HTTP/1.1" 405 568 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" ... show less	Web App Attack
🇯🇵 VXG-NET	2026-06-20 00:13:06 (1 day ago)	port=80, indicator_type=info-leak	Hacking
🇺🇸 Starburst SysOp Team	2026-06-19 23:44:59 (1 day ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-iad5-2)	Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-19 18:51:37 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 159.26.112.6 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 159.26.112.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:51:31.446355 2026] [security2:error] [pid 9719:tid 9719] [client 159.26.112.6:28281] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.36"] [uri "/.env"] [unique_id "ajWPs76FIVEhtizXOH2rhwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 kumiko	2026-06-19 18:05:10 (1 day ago)	[2026-06-19 21:05:10] Probing for dotfiles "GET /.env HTTP/1.1" 403	Bad Web Bot Web App Attack
🇩🇪 ghostwarriors	2026-06-19 17:50:28 (1 day ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇨🇭 TheCoon	2026-06-19 17:15:01 (1 day ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 177.87.31.172

🇩🇪 213.209.159.228

🇩🇪 194.88.98.119

🇪🇸 188.26.209.217

🇮🇩 180.247.62.122

🇳🇱 176.65.148.244

🇮🇶 169.224.28.74

🇬🇧 162.158.216.162

🇲🇾 113.210.90.157

🇻🇳 113.186.37.69

🇮🇩 106.0.48.27

🇺🇸 98.253.70.89

🇺🇸 98.167.78.182

🇫🇮 65.108.253.57

🇺🇸 47.88.20.3

🇭🇳 45.181.87.55

🇳🇱 45.142.193.164

🇸🇬 2620:171:f4:f0:9999::245

🇧🇷 186.200.104.66

🇩🇪 172.71.172.15