JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 155.2.191.26

155.2.191.26 was found in our database!

This IP was reported 56 times. Confidence of Abuse is 73%: ?

73%

ISP	Mullvad VPN AB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS136557
Domain Name	mullvad.net
Country	🇺🇸 United States of America
City	Kansas, Ohio

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 155.2.191.26

Whois 155.2.191.26

IP Abuse Reports for 155.2.191.26:

This IP address has been reported a total of 56 times from 18 distinct sources. 155.2.191.26 was first reported on September 17th 2025, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Baking333	2026-06-26 11:23:36 (13 hours ago)	[redacted] 155.2.191.26 - - [26/Jun/2026:12:23:33 +0100] "GET /.[redacted] HTTP/2.0" 307 41 "-" "Moz ... show more [redacted] 155.2.191.26 - - [26/Jun/2026:12:23:33 +0100] "GET /.[redacted] HTTP/2.0" 307 41 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Edg/101.0.1210.47" [redacted] 155.2.191.26 - - [26/Jun/2026:12:23:33 +0100] "GET /.env HTTP/2.0" 307 41 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Edg/101.0.1210.47" show less	Bad Web Bot Web App Attack
🇬🇧 Aetherweb Ark	2026-06-26 11:17:36 (13 hours ago)	(mod_security) mod_security (id:949110) triggered by 155.2.191.26 (US/United States/-): N in the las ... show more (mod_security) mod_security (id:949110) triggered by 155.2.191.26 (US/United States/-): N in the last X secs show less	Web App Attack
Anonymous	2026-06-26 09:06:04 (15 hours ago)	Trying to access config files	Web App Attack
🇵🇱 mkey	2026-06-26 07:31:43 (17 hours ago)	[First: 2026-06-25 19:20:25/1s] HITS=3 Sensitive file probing; sample=GET /backend/.env 404 \| GET /. ... show more [First: 2026-06-25 19:20:25/1s] HITS=3 Sensitive file probing; sample=GET /backend/.env 404 \| GET /.env.backup 404 \| GET /.env.dev 404 show less	Port Scan Hacking Web App Attack
Anonymous	2026-06-26 07:20:05 (17 hours ago)	\| Suspicious URL access.	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-06-26 04:08:20 (20 hours ago)	(mod_security) mod_security (id:210492) triggered by 155.2.191.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 155.2.191.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 00:08:16.097256 2026] [security2:error] [pid 8501:tid 8501] [client 155.2.191.26:57770] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.110"] [uri "/.env.dev"] [unique_id "aj37MCvkqkjuxjJDYjKaYwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Apache	2026-06-26 04:02:04 (20 hours ago)	(mod_security) mod_security (id:210492) triggered by 155.2.191.26 (US/United States/-): 5 in the las ... show more (mod_security) mod_security (id:210492) triggered by 155.2.191.26 (US/United States/-): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇺🇸 aks4226	2026-06-26 02:16:34 (22 hours ago)	Bot search, attacking common web applications.	Web App Attack
🇺🇸 c y	2026-06-26 00:58:14 (23 hours ago)	Security Monitor detected: sensitive_path_access	Port Scan
🇫🇷 dynamix	2026-06-25 15:51:49 (1 day ago)	Multiple WAF Violations	Web App Attack
🇩🇪 CELOS-SOC	2026-06-24 16:30:35 (2 days ago)	Multiple Unauthorized SSLVPN Login Attempts	Hacking Brute-Force
🇺🇸 mkorthuis	2026-06-11 12:16:41 (2 weeks ago)	SSH Brute-Force Attempt	Brute-Force SSH
🇮🇹 VHosting	2026-06-08 17:49:18 (2 weeks ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇩🇪 CELOS-SOC	2026-03-08 00:45:45 (3 months ago)	Multiple Unauthorized SSLVPN Login Attempts	Hacking Brute-Force
🇩🇪 CELOS-SOC	2026-03-05 04:32:10 (3 months ago)	Multiple Unauthorized SSLVPN Login Attempts	Hacking Brute-Force

Showing 1 to 15 of 56 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇴 179.58.200.131

🇺🇸 147.185.132.63

🇺🇸 137.184.147.41

🇧🇬 79.124.49.226

🇳🇱 77.91.71.25

🇧🇷 45.205.1.243

🇳🇱 45.148.10.141

🇩🇪 43.157.98.118

🇺🇸 20.118.232.75

🇹🇼 198.235.24.32

🇳🇱 193.176.31.218

🇺🇸 192.210.194.2

🇳🇮 190.143.254.175

🇧🇬 185.253.160.7

🇨🇱 181.160.155.9

🇿🇦 147.136.65.205

🇧🇩 103.4.145.50

🇳🇱 91.92.40.23

🇳🇱 81.19.216.119

🇧🇬 79.124.56.250