JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 202.96.6.159

202.96.6.159 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 0%: ?

ISP	Beijing Fei Hua Telecommunication
Usage Type	Fixed Line ISP
ASN	AS4808
Domain Name	bta.net.cn
Country	🇨🇳 China
City	Beijing, Beijing

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 202.96.6.159

Whois 202.96.6.159

IP Abuse Reports for 202.96.6.159:

This IP address has been reported a total of 9 times from 6 distinct sources. 202.96.6.159 was first reported on November 26th 2025, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 backslash	2025-12-29 20:15:01 (5 months ago)		Web Spam
🇸🇬 Fn4ticHz	2025-12-15 08:23:19 (5 months ago)	repeated ddos targeted zeroguard.space -- ZeroGuard	DDoS Attack
🇺🇸 TPI-Abuse	2025-12-09 23:49:11 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 202.96.6.159 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 202.96.6.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 18:49:02.945221 2025] [security2:error] [pid 16954:tid 16954] [client 202.96.6.159:34028] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "franknash.com"] [uri "/.env"] [unique_id "aTi1bjQJP-InVr-MQpRstAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 23:26:36 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 202.96.6.159 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 202.96.6.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 18:25:17.635547 2025] [security2:error] [pid 19097:tid 19097] [client 202.96.6.159:48476] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thomaschemical.com"] [uri "/.git/config"] [unique_id "aTiv3dFIaQdpWanx62zdNwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 08:26:08 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 202.96.6.159 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 202.96.6.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 03:25:40.478847 2025] [security2:error] [pid 23809:tid 23809] [client 202.96.6.159:44010] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kugbe.com"] [uri "/.env"] [unique_id "aTfdBCpPC5g_lYIfjV4L8gAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 06:12:29 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 202.96.6.159 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 202.96.6.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 01:11:53.899664 2025] [security2:error] [pid 14724:tid 14724] [client 202.96.6.159:52716] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "robtown.com"] [uri "/.env.production"] [unique_id "aTe9qSF8YQ9MXMKyLt3ApAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-04 07:36:25 (6 months ago)	botnet	DDoS Attack
🇩🇪 Packets-Decreaser.NET	2025-11-29 00:42:48 (6 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 COMPLEX	2025-11-26 21:48:32 (6 months ago)	Triggered Cloudflare WAF (l7ddos) from CN. Action taken: BLOCK ASN: 4808 (CHINA169-BJ China Unicom B ... show more Triggered Cloudflare WAF (l7ddos) from CN. Action taken: BLOCK ASN: 4808 (CHINA169-BJ China Unicom Beijing Province Network) Protocol: HTTP/2 (GET method) Endpoint: / show less	DDoS Attack Bad Web Bot

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 150.107.38.31

🇸🇬 101.44.162.177

🇯🇵 172.253.235.16

🇩🇪 167.94.146.59

🇨🇳 110.177.180.135

🇸🇬 47.79.10.241

🇹🇼 202.39.153.245

🇮🇶 185.24.61.96

🇮🇶 185.24.60.49

🇨🇳 110.177.183.81

🇺🇸 107.197.183.81

🇷🇴 102.129.186.123

🇮🇱 85.250.51.196

🇷🇴 80.94.92.171

🇩🇪 43.228.157.9

🇧🇪 34.62.33.0

🇺🇸 31.57.63.117

🇺🇸 23.95.191.250

🇹🇷 5.11.143.72

🇨🇳 117.137.232.12