JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.70.234.102

194.70.234.102 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 9%: ?

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46475
Domain Name	finegroupservers.com
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.70.234.102

Whois 194.70.234.102

IP Abuse Reports for 194.70.234.102:

This IP address has been reported a total of 10 times from 6 distinct sources. 194.70.234.102 was first reported on October 29th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-06 06:05:24 (2 weeks ago)	194.70.234.102 - - [06/Jun/2026:06:05:22 +0000] "GET /cgi-bin/welcome.cgi HTTP/1.1" 302 733 "() { Re ... show more 194.70.234.102 - - [06/Jun/2026:06:05:22 +0000] "GET /cgi-bin/welcome.cgi HTTP/1.1" 302 733 "() { Referer; }; echo -e \"Content-Type: text/plain\\n\"; echo -e \"\\0141\\0141\\0141\\0141\\0141\\0141\\0141\\0141\\0163\\0150\\0145\\0154\\0154\\0163\\0150\\0157\\0143\\0153\"" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 19:24:09 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 15:24:00.891001 2026] [security2:error] [pid 27680:tid 27680] [client 194.70.234.102:26843] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|sydat.abramczuk.me\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sydat.abramczuk.me"] [uri "/s3cmd.ini"] [unique_id "afEJUJy-lh2bqve1rLo0lQAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 07:19:35 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 03:19:27.124776 2026] [security2:error] [pid 10486:tid 10486] [client 194.70.234.102:52543] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.beyondleanbook.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.beyondleanbook.com"] [uri "/s3cmd.ini"] [unique_id "afBffyyEip20j47VuWz4bgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 04:50:29 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 00:50:23.845616 2026] [security2:error] [pid 13776:tid 13776] [client 194.70.234.102:44007] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.alecmcatee.com\|F\|4"] [data "EmailWolf"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.alecmcatee.com"] [uri "/"] [unique_id "afA8j-S5JpEVt0m3JHYVYQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 14:05:39 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 10:05:31.517201 2026] [security2:error] [pid 31897:tid 31897] [client 194.70.234.102:13939] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.cor-ex.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.cor-ex.com"] [uri "/s3cmd.ini"] [unique_id "ae9tKyIN2cRiGbQ-o8sxFgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 02:07:05 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210831) triggered by 194.70.234.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 22:06:59.098802 2026] [security2:error] [pid 24434:tid 24434] [client 194.70.234.102:20335] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|utahproaudio.com\|F\|4"] [data "Microsoft URL"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "utahproaudio.com"] [uri "/"] [unique_id "ae7Ew7HBT-55vQmmLpcSawAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇿 Tripwire	2025-11-23 09:18:10 (7 months ago)	Wordpress login attempts	Brute-Force Web App Attack
🇨🇭 backslash	2025-11-19 16:25:06 (7 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇹🇷 pamircil	2025-08-20 13:11:17 (10 months ago)	🍯 WinnieThePooh Honeypot : GET request to '/wp-config.php.backup' on (http/80)💀	Hacking Brute-Force SSH
🇺🇸 MHuiG	2024-10-29 02:45:57 (1 year ago)	The IP has triggered Cloudflare WAF. action: managed_challenge source: firewallCustom clientAsn: 517 ... show more The IP has triggered Cloudflare WAF. action: managed_challenge source: firewallCustom clientAsn: 51765 clientASNDescription: CREANOVA-AS Oy Creanova Hosting Solutions Ltd. clientCountryName: US clientIP: 194.70.234.102 clientRequestHTTPHost: github.mhuig.top clientRequestHTTPMethodName: GET clientRequestHTTPProtocol: HTTP/1.1 clientRequestPath: / clientRequestQuery: datetime: 2024-10-29T02:23:33Z rayName: 8d9fb447a8ce02c1 ruleId: f4a2c940dd7944e58e72d246ea29b5af userAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Open Proxy VPN IP Port Scan Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 2a05:d012:54b:1d02:d930:8225:484f:8f32

🇫🇮 147.185.133.46

🇨🇳 124.117.195.94

🇦🇪 92.99.51.61

🇸🇪 83.233.149.204

🇳🇱 77.83.39.197

🇺🇸 54.185.245.120

🇸🇪 13.60.67.109

🇧🇷 205.210.31.201

🇳🇱 160.119.76.19

🇫🇷 51.83.10.173

🇳🇱 45.148.10.37

🇫🇷 167.86.119.81

🇻🇳 118.71.20.55

🇻🇳 116.110.219.115

🇰🇷 59.21.37.60

🇷🇺 46.39.254.221

🇸🇬 43.172.194.71

🇺🇸 3.224.62.45

🇬🇧 185.195.232.180