JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.26.192.48

194.26.192.48 was found in our database!

This IP was reported 315 times. Confidence of Abuse is 0%: ?

ISP	1337 Services GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS210558
Hostname(s)	194.26.192.48.powered.by.rdp.sh
Domain Name	as210558.net
Country	🇳🇱 Netherlands
City	Lelystad, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.26.192.48

Whois 194.26.192.48

IP Abuse Reports for 194.26.192.48:

This IP address has been reported a total of 315 times from 105 distinct sources. 194.26.192.48 was first reported on September 28th 2023, and the most recent report was 7 months ago.

Old Reports: The most recent abuse report for this IP address is from 7 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Ba-Yu	2025-10-28 16:41:07 (7 months ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇫🇷 Rat_Crusher	2025-10-27 12:22:57 (7 months ago)	Searching for: GET /.env	Bad Web Bot
🇨🇿 Countryman	2025-10-27 12:14:37 (7 months ago)	repeated unauthorized connection attempts, host sweep, port scan	Port Scan
Anonymous	2025-10-27 11:31:14 (7 months ago)	Botnet activity detected: Wide horizontal scanner, Slow horizontal with regular pattern, Multiple sc ... show more Botnet activity detected: Wide horizontal scanner, Slow horizontal with regular pattern, Multiple scan indicators, Horizontal with multiple indicators, Multiple non-service patterns, Coordinated attack participant, Coordinated non-service scan, Horizontal scanner on non-service ports, Horizontal scan with SYN retry. Total 54 blocks. show less	DDoS Attack Port Scan Hacking
🇺🇸 TPI-Abuse	2025-10-27 09:51:06 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 194.26.192.48 (194.26.192.48.powered.by.rdp.sh) ... show more (mod_security) mod_security (id:210492) triggered by 194.26.192.48 (194.26.192.48.powered.by.rdp.sh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 27 05:50:58.652279 2025] [security2:error] [pid 677:tid 677] [client 194.26.192.48:51555] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.214"] [uri "/.env"] [unique_id "aP9AgkYlVo8zPou6gnnnMQAAACk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-27 09:09:31 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 194.26.192.48 (194.26.192.48.powered.by.rdp.sh) ... show more (mod_security) mod_security (id:210492) triggered by 194.26.192.48 (194.26.192.48.powered.by.rdp.sh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 27 05:09:27.460446 2025] [security2:error] [pid 27519:tid 27519] [client 194.26.192.48:53315] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.13"] [uri "/.git/"] [unique_id "aP82x4HzAzKE20dNPZmFnwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-27 08:30:31 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 194.26.192.48 (194.26.192.48.powered.by.rdp.sh) ... show more (mod_security) mod_security (id:210492) triggered by 194.26.192.48 (194.26.192.48.powered.by.rdp.sh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 27 04:30:28.154432 2025] [security2:error] [pid 32714:tid 32714] [client 194.26.192.48:64514] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.56"] [uri "/.git/"] [unique_id "aP8tpCzP0UyK31YUmVFyuAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-27 08:05:22 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 194.26.192.48 (194.26.192.48.powered.by.rdp.sh) ... show more (mod_security) mod_security (id:210492) triggered by 194.26.192.48 (194.26.192.48.powered.by.rdp.sh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 27 04:05:17.550064 2025] [security2:error] [pid 31792:tid 31792] [client 194.26.192.48:50374] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.49"] [uri "/.env"] [unique_id "aP8nvTv72aenoLUxwndUiAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 hbrks	2025-10-27 03:24:35 (7 months ago)	2 attack(s) detected, such as these: {"event":"nginx_block","ip":"194.26.192.48","host":"185.207.107 ... show more 2 attack(s) detected, such as these: {"event":"nginx_block","ip":"194.26.192.48","host":"185.207.107.155","request":"GET /.git/ HTTP/1.1","user_agent":"","reason":"404","timestamp":"2025-10-27T03:24:35 00:00","logentry":"185.207.107.155 194.26.192.48 - - [27/Oct/2025:03:24:35 0000] GET /.git/ HTTP/1.1 404 146 - - - matched:-"} * Report Details : https://p4u.xyz/HHANN940PUI/1 IP Details *: https://p4u.xyz/HHANN940PUI/2 show less	Web Spam Hacking Bad Web Bot
🇩🇪 raspi4	2025-10-26 22:39:56 (7 months ago)	Fail2Ban Ban Triggered	Brute-Force Web App Attack
🇺🇸 MPL	2025-10-26 21:38:56 (7 months ago)	tcp/80 (16 or more attempts)	Port Scan
🇺🇸 MPL	2025-10-26 21:38:56 (7 months ago)	tcp/80 (8 or more attempts)	Port Scan
🇬🇧 Starburst SysOp Team	2025-10-26 16:36:25 (7 months ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-sou2-5)	Hacking Bad Web Bot
🇪🇸 loadsoporte	2025-10-26 11:46:51 (7 months ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇨🇿 Countryman	2025-10-26 08:37:43 (7 months ago)	repeated unauthorized connection attempts, host sweep, port scan	Port Scan

Showing 1 to 15 of 315 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.95

🇮🇷 185.231.181.16

🇺🇸 104.194.94.98

🇺🇸 104.28.214.113

🇺🇸 103.203.57.11

🇷🇴 80.94.92.167

🇺🇸 68.183.105.175

🇸🇬 47.84.131.60

🇺🇸 37.123.193.133

🇳🇱 5.187.35.26

🇨🇳 175.43.162.228

🇨🇱 170.82.129.8

🇮🇳 152.32.159.180

🇹🇼 128.1.141.6

🇮🇪 63.33.11.75

🇳🇱 45.148.10.141

🇯🇵 43.153.137.73

🇺🇸 23.95.186.165

🇬🇧 188.166.146.192

🇫🇮 147.185.133.82