JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 173.239.196.156

173.239.196.156 was found in our database!

This IP was reported 73 times. Confidence of Abuse is 55%: ?

55%

ISP	Avast Software
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	avast.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 173.239.196.156

Whois 173.239.196.156

IP Abuse Reports for 173.239.196.156:

This IP address has been reported a total of 73 times from 35 distinct sources. 173.239.196.156 was first reported on June 3rd 2023, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 RLDD	2026-06-29 23:15:10 (11 hours ago)	High volume WP login attempts -ove	Brute-Force
🇫🇷 masterguru	2026-06-29 13:27:18 (21 hours ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-196)	Hacking
🇺🇸 TPI-Abuse	2026-06-28 20:58:53 (1 day ago)	(mod_security) mod_security (id:240000) triggered by 173.239.196.156 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240000) triggered by 173.239.196.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 16:58:46.282363 2026] [security2:error] [pid 17676:tid 17690] [client 173.239.196.156:31499] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|sandbarsteve.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "sandbarsteve.com"] [uri "/images/stories/themes.php"] [unique_id "akGLBjHgxf6EQ2lEpFDATAAAAUg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-28 02:32:12 (2 days ago)	Multiple WAF Violations	Web App Attack
🇳🇱 Site.eu	2026-06-27 00:51:28 (3 days ago)	Excessive 404/403 errors	Brute-Force
🇳🇱 ConsulHosting	2026-06-26 23:51:04 (3 days ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇫🇷 Octopuce	2026-06-26 21:27:37 (3 days ago)	Aggressive web search of vulnerable pages: /default.php /wp-includes/assets/info.php /wp-includes/cl ... show more Aggressive web search of vulnerable pages: /default.php /wp-includes/assets/info.php /wp-includes/class.api.php /wp-admin/chosen.php /autoload_ ... show less	Web App Attack
🇬🇧 consul.to	2026-06-23 06:06:35 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 masterguru	2026-06-23 01:41:38 (1 week ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-197)	Hacking
🇫🇷 masterguru	2026-06-22 10:22:17 (1 week ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-193)	Hacking
🇬🇧 consul.to	2026-06-22 01:16:35 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-06-20 18:05:01 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 22:09:35 (1 week ago)	(mod_security) mod_security (id:240000) triggered by 173.239.196.156 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240000) triggered by 173.239.196.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 18:09:27.759273 2026] [security2:error] [pid 16850:tid 16850] [client 173.239.196.156:61459] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|dictionaryoffish.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "dictionaryoffish.com"] [uri "/images/stories/themes.php"] [unique_id "ajMbF0ifTucduRdVlGAmkAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 demonsword	2026-06-13 10:51:12 (2 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.cyberghostvpn.com:443 show less	Open Proxy Port Scan
Anonymous	2026-03-02 14:40:39 (3 months ago)	ALFA.TEaM.Web.Shell	Web App Attack

Showing 1 to 15 of 73 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.30

🇬🇧 193.163.125.177

🇺🇸 192.178.119.158

🇩🇪 185.220.101.191

🇦🇷 181.23.60.97

🇱🇾 102.68.131.186

🇧🇪 198.235.24.230

🇺🇸 195.184.76.20

🇩🇪 159.100.6.125

🇯🇵 153.246.252.201

🇮🇹 147.45.51.177

🇷🇺 77.88.47.8

🇺🇸 66.132.186.239

🇫🇷 62.210.113.113

🇨🇳 14.103.115.213

🇺🇸 216.73.160.51

🇷🇺 213.170.75.150

🇳🇱 204.76.203.214

🇧🇷 187.62.87.235

🇺🇸 143.42.1.34