JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 169.239.183.156

169.239.183.156 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 100%: ?

100%

ISP	HA-VPS-NET
Usage Type	Data Center/Web Hosting/Transit
ASN	AS329184
Domain Name	hostafrica.co.za
Country	🇿🇦 South Africa
City	Johannesburg, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 169.239.183.156

Whois 169.239.183.156

IP Abuse Reports for 169.239.183.156:

This IP address has been reported a total of 38 times from 25 distinct sources. 169.239.183.156 was first reported on June 13th 2026, and the most recent report was 31 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-17 15:24:03 (31 minutes ago)	apache vulnerability scan	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 15:06:42 (48 minutes ago)	(mod_security) mod_security (id:225170) triggered by 169.239.183.156 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 169.239.183.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 11:06:34.826010 2026] [security2:error] [pid 11984:tid 11984] [client 169.239.183.156:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|abdulhameeds.art\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "abdulhameeds.art"] [uri "/ar/wp-json/wp/v2/users/"] [unique_id "ajK3-ktNHKOKLU5LiRRWkgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇱 Dolphi	2026-06-17 13:22:17 (2 hours ago)	POST //xmlrpc.php	Brute-Force Web App Attack
🇩🇪 macrob	2026-06-17 03:15:22 (12 hours ago)	2026/06/17 03:15:20 [error] 2759505#2759505: 311266778 access forbidden by rule, client: 169.239.18 ... show more 2026/06/17 03:15:20 [error] 2759505#2759505: 311266778 access forbidden by rule, client: 169.239.183.156, server: antzfund.com, request: "GET /wp-includes/wlwmanifest.xml HTTP/1.1", host: "antzfund.com" 2026/06/17 03:15:20 [error] 2759505#2759505: 311266786 access forbidden by rule, client: 169.239.183.156, server: antzfund.com, request: "GET /xmlrpc.php?rsd HTTP/1.1", host: "antzfund.com" 2026/06/17 03:15:20 [error] 2759505#2759505: 311266778 access forbidden by rule, client: 169.239.183.156, server: antzfund.com, request: "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1", host: "antzfund.com" ... show less	Web App Attack
🇫🇷 Baking333	2026-06-16 22:54:39 (17 hours ago)	[redacted] 169.239.183.156 - - [16/Jun/2026:23:54:31 +0100] "GET /.env HTTP/1.1" 302 5293 0/162813 " ... show more [redacted] 169.239.183.156 - - [16/Jun/2026:23:54:31 +0100] "GET /.env HTTP/1.1" 302 5293 0/162813 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" [redacted] 169.239.183.156 - - [16/Jun/2026:23:54:37 +0100] "GET /.env HTTP/1.1" 302 5293 0/59272 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-15 22:27:22 (1 day ago)		Brute-Force Web App Attack
Anonymous	2026-06-15 21:21:20 (1 day ago)	(caddyscan) Scanner path probe from 169.239.183.156 (ZA/South Africa/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 169.239.183.156 (ZA/South Africa/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 169.239.183.156 - - [15/Jun/2026:21:21:08 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 169.239.183.156 - - [15/Jun/2026:21:21:10 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 169.239.183.156 - - [15/Jun/2026:21:21:13 +0000] "GET /.env.save HTTP/1.1" [REDACTED] 200 2627 169.239.183.156 - - [15/Jun/2026:21:21:15 +0000] "GET /.env.php HTTP/1.1" [REDACTED] 200 2627 169.239.183.156 - - [15/Jun/2026:21:21:17 +0000] "GET /beta/.env HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-15 17:17:45 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 169.239.183.156 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 169.239.183.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:17:40.722352 2026] [security2:error] [pid 31028:tid 31028] [client 169.239.183.156:54858] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.abundancecompany.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.abundancecompany.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajAztMf0eru988fxpgwC-QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-15 16:46:45 (1 day ago)	[redacted] 169.239.183.156 - - [15/Jun/2026:17:46:44 +0100] "GET //wp-includes/[redacted] HTTP/1.1" ... show more [redacted] 169.239.183.156 - - [15/Jun/2026:17:46:44 +0100] "GET //wp-includes/[redacted] HTTP/1.1" 302 5293 0/37958 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" [redacted] 169.239.183.156 - - [15/Jun/2026:17:46:44 +0100] "GET //[redacted]?rsd HTTP/1.1" 302 1564 0/37030 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" show less	Bad Web Bot Web App Attack
🇳🇿 Antinson	2026-06-15 13:10:47 (2 days ago)	High error rate and elevated request volume targeting cPanel servers	Bad Web Bot
🇳🇱 Roderic	2026-06-15 12:36:33 (2 days ago)	(wordpress-404) Searching for non-existent wordpress installs from 169.239.183.156 (ZA/South Africa/ ... show more (wordpress-404) Searching for non-existent wordpress installs from 169.239.183.156 (ZA/South Africa/-/-/-/[redacted]) show less	Brute-Force
🇩🇪 Kreapptivo	2026-06-15 11:41:42 (2 days ago)	[15/Jun/2026:13:41:39 +0200] Web-Request: "GET //wp-includes/wlwmanifest.xml", User-Agent: "Mozilla/ ... show more [15/Jun/2026:13:41:39 +0200] Web-Request: "GET //wp-includes/wlwmanifest.xml", User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" show less	Bad Web Bot Web App Attack
Anonymous	2026-06-15 10:54:07 (2 days ago)	Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1	Hacking Web App Attack
Anonymous	2026-06-15 10:27:38 (2 days ago)	169.239.183.156 - - [15/Jun/2026:12:27:33 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 434 ... show more 169.239.183.156 - - [15/Jun/2026:12:27:33 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 434 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 169.239.183.156 - - [15/Jun/2026:12:27:33 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 273 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 169.239.183.156 - - [15/Jun/2026:12:27:37 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 434 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 169.239.183.156 - - [15/Jun/2026:12:27:37 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 273 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" 169.239.183.156 - - [15/Jun/2026:12:27:37 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 4 ... show less	Brute-Force Web App Attack
🇺🇸 agenciahypelab.com.br	2026-06-15 09:49:08 (2 days ago)	WordPress login brute-force detectado e bloqueado pelo CSF/LFD. Trigger: LF_TRIGGER	Brute-Force SSH

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 167.94.146.33

🇺🇸 138.91.107.7

🇺🇸 108.62.58.217

🇳🇬 102.88.137.213

🇻🇳 45.117.177.47

🇺🇸 3.91.250.248

🇺🇸 216.25.89.95

🇳🇱 195.178.110.30

🇵🇭 160.20.41.26

🇺🇸 154.16.115.17

🇺🇸 148.135.78.155

🇺🇸 20.221.72.24

🇺🇸 2400:cb00:1273:1000:cca6:5ffc:ca05:50c0

🇵🇱 194.180.49.145

🇷🇴 193.46.255.86

🇨🇳 180.141.31.164

🇮🇩 103.166.10.244

🇧🇩 103.119.94.10

🇧🇷 45.164.251.106

🇧🇷 43.164.194.33