JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.159.99.79

192.159.99.79 was found in our database!

This IP was reported 101 times. Confidence of Abuse is 63%: ?

63%

ISP	1337 Services GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS210558
Domain Name	as210558.net
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.159.99.79

Whois 192.159.99.79

IP Abuse Reports for 192.159.99.79:

This IP address has been reported a total of 101 times from 67 distinct sources. 192.159.99.79 was first reported on October 13th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-05-27 11:00:30 (1 week ago)	Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk- ... show more Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk-login jail show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 10:31:49 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 06:31:34.633985 2026] [security2:error] [pid 16079:tid 16079] [client 192.159.99.79:17126] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|wolter-hausser.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wolter-hausser.com"] [uri "/dump.sql"] [unique_id "ahV2hlSrUihTGi1zcStxZgAAABU"], referer: wolter-hausser.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 05:17:48 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 01:17:33.814964 2026] [security2:error] [pid 27616:tid 27616] [client 192.159.99.79:46430] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|marykaydesign.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "marykaydesign.net"] [uri "/dump.sql"] [unique_id "ahUs7eBXA4UqEt5OaVTZQgAAAAE"], referer: marykaydesign.net/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 04:31:37 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 00:31:22.440040 2026] [security2:error] [pid 21028:tid 21028] [client 192.159.99.79:56676] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|onlyincanada-eh.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "onlyincanada-eh.com"] [uri "/dump.sql"] [unique_id "ahUiGoNhemSpNgNXVi3gkgAAACc"], referer: onlyincanada-eh.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 16:46:14 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 12:45:56.986897 2026] [security2:error] [pid 17691:tid 17691] [client 192.159.99.79:63236] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jennyfiore.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jennyfiore.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahR8xEMGTC0JDoYUds73twAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-05-25 04:41:06 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 22:16:40 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 18:16:24.122556 2026] [security2:error] [pid 6451:tid 6451] [client 192.159.99.79:36978] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|remedialconcepts.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "remedialconcepts.com"] [uri "/dump.sql"] [unique_id "ahN4uOiZHq9vVxBXTH4X3QAAACg"], referer: remedialconcepts.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 13:37:50 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 09:37:33.024994 2026] [security2:error] [pid 25317:tid 25317] [client 192.159.99.79:51390] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|networkparanoia.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "networkparanoia.com"] [uri "/dump.sql"] [unique_id "ahL_HeJ8FthUTzvBZeOnGAAAAA4"], referer: networkparanoia.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-22 10:09:50 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 192.159.99.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 06:09:34.113892 2026] [security2:error] [pid 25087:tid 25087] [client 192.159.99.79:22038] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|tcomputerguy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tcomputerguy.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ahArXuxy-zeZhHqFatjemgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 etu brutus	2026-05-22 07:56:03 (2 weeks ago)	192.159.99.79 Blocked by [Attack Vector List] ...	Hacking Brute-Force Exploited Host
Anonymous	2026-05-22 05:00:37 (2 weeks ago)	2026-05-21 21:01:00,733 fail2ban.actions [3625835]: NOTICE [tor] Ban 192.159.99.79 2026-05-2 ... show more 2026-05-21 21:01:00,733 fail2ban.actions [3625835]: NOTICE [tor] Ban 192.159.99.79 2026-05-22 00:00:20,070 fail2ban.actions [3625835]: NOTICE [tor] Ban 192.159.99.79 2026-05-22 03:00:12,574 fail2ban.actions [3625835]: NOTICE [tor] Ban 192.159.99.79 2026-05-22 05:00:43,948 fail2ban.actions [3625835]: NOTICE [tor] Ban 192.159.99.79 2026-05-22 08:00:36,866 fail2ban.actions [3625835]: NOTICE [tor] Ban 192.159.99.79 show less	Brute-Force
🇧🇷 ICS Labs	2026-05-12 00:45:05 (3 weeks ago)	ICS Labs identified 192.159.99.79 as a malicious indicator from threat intelligence.	Hacking
🇯🇵 demonsword	2026-05-11 23:53:50 (3 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: egrul.nalog.ru:443 show less	Open Proxy Port Scan
🇬🇧 relianoid.com	2026-05-11 06:10:45 (3 weeks ago)	POST Abuse detected by Relianoid OSS Load Balancer - relianoid.com	Web Spam
🇩🇪 IVski	2026-05-10 09:46:53 (3 weeks ago)	IVski WAF \| Suspicious activity detected - generic bot or scanner pattern	Port Scan Brute-Force Web App Attack

Showing 1 to 15 of 101 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇬 93.94.141.115

🇳🇿 121.73.162.164

🇺🇸 74.7.228.250

🇱🇹 45.227.254.170

🇳🇱 45.148.10.183

🇬🇧 45.82.76.126

🇳🇱 176.65.139.31

🇩🇪 167.94.145.25

🇨🇳 150.255.181.221

🇺🇸 147.185.132.75

🇨🇳 113.45.160.98

🇸🇬 103.13.206.100

🇫🇷 85.204.70.112

🇺🇸 66.132.195.83

🇨🇦 216.126.86.38

🇺🇸 205.210.31.94

🇮🇷 176.65.238.254

🇨🇳 123.160.235.95

🇨🇦 54.39.203.18

🇨🇳 27.8.127.165