JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.26.192.20

194.26.192.20 was found in our database!

This IP was reported 1,133 times. Confidence of Abuse is 100%: ?

100%

ISP	1337 Services GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS210558
Hostname(s)	Sochill
Domain Name	as210558.net
Country	🇳🇱 Netherlands
City	Lelystad, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.26.192.20

Whois 194.26.192.20

IP Abuse Reports for 194.26.192.20:

This IP address has been reported a total of 1,133 times from 363 distinct sources. 194.26.192.20 was first reported on February 25th 2026, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 TheCoon	2026-03-04 13:30:01 (2 months ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇩🇪 Lino Project	2026-03-04 11:38:30 (2 months ago)	194.26.192.20 - - [04/Mar/2026:12:38:29 +0100] "GET /.env HTTP/1.1" 403 3642 "-" "Mozilla/5.0 (X11; ... show more 194.26.192.20 - - [04/Mar/2026:12:38:29 +0100] "GET /.env HTTP/1.1" 403 3642 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 194.26.192.20 - - [04/Mar/2026:12:38:29 +0100] "GET /.env HTTP/1.1" 403 3642 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-04 11:13:34 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 194.26.192.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 194.26.192.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 04 06:13:20.423036 2026] [security2:error] [pid 25258:tid 25258] [client 194.26.192.20:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.hollyranch.com"] [uri "/.env"] [unique_id "aagT0PGMiBRzEyijqtNqlgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 etu brutus	2026-03-04 10:57:22 (2 months ago)	194.26.192.20 Blocked by [Attack Vector List] ...	Hacking Brute-Force Exploited Host
🇳🇱 debestelapp	2026-03-04 08:20:43 (2 months ago)		Web App Attack
🇮🇩 Burayot	2026-03-04 08:03:44 (2 months ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 194.26.192.20 (NL/Netherlands/Sochil ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 194.26.192.20 (NL/Netherlands/Sochill): 1 in the last 3600 secs show less	Web App Attack
Anonymous	2026-03-04 06:11:21 (2 months ago)	<jail> banned by fail2ban	Brute-Force Web App Attack
🇧🇪 madeit	2026-03-04 05:02:37 (2 months ago)		Web App Attack
🇩🇪 conseilgouz	2026-03-04 04:05:21 (2 months ago)	coe-17 : Block hidden directories=>/.env(/)	Hacking
Anonymous	2026-03-04 01:19:51 (3 months ago)	Probing to gain illegal access	Web App Attack
🇫🇷 ✨	2026-03-04 00:59:04 (3 months ago)	Domain : gestioncgt.es Rule : env 2026-03-04 00:57:27 *hidden-privacy* GET /.env - 80 - 194.26.1 ... show more Domain : gestioncgt.es Rule : env 2026-03-04 00:57:27 *hidden-privacy* GET /.env - 80 - 194.26.192.20 HTTP/1.1 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 - gestioncgt.es 301 0 0 515 231 13 - - show less	Hacking SQL Injection
🇱🇻 garmtech.com	2026-03-04 00:40:45 (3 months ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇲🇾 Rizzy	2026-03-03 23:42:34 (3 months ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇫🇮 cleverest.eu	2026-03-03 21:20:18 (3 months ago)	MimirWAF has 4 incidents from 1 distinct domain => {"bad_request_uri / env_probe","blacklisted_acces ... show more MimirWAF has 4 incidents from 1 distinct domain => {"bad_request_uri / env_probe","blacklisted_access / definite_repeat_offender"} show less	Brute-Force Web App Attack
🇷🇴 iulianh	2026-03-03 20:51:16 (3 months ago)	Aggressive XML-RPC / .env Prober	Brute-Force SSH

Showing 1051 to 1065 of 1133 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇬 41.33.91.226

🇬🇧 2a00:1450:4009:c0f::12d

🇮🇳 223.184.149.189

🇺🇸 195.184.76.112

🇬🇧 191.101.59.86

🇺🇸 172.234.199.75

🇺🇸 162.216.150.163

🇺🇸 162.216.149.27

🇭🇰 154.83.13.181

🇹🇼 114.32.151.97

🇧🇩 103.137.73.173

🇭🇰 101.36.121.72

🇺🇸 45.79.181.223

🇮🇩 43.129.33.244

🇦🇷 179.60.228.74

🇮🇩 103.24.212.42

🇷🇺 92.124.142.179

🇱🇹 81.30.98.158

🇺🇸 66.132.186.182

🇺🇸 65.49.1.106