JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.99.26.202

194.99.26.202 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 17%: ?

17%

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46475
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.99.26.202

Whois 194.99.26.202

IP Abuse Reports for 194.99.26.202:

This IP address has been reported a total of 15 times from 11 distinct sources. 194.99.26.202 was first reported on May 28th 2021, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tilellit.pro	2026-06-28 09:17:31 (17 hours ago)	Fail2Ban banned 194.99.26.202 for security violations in jail wp-armour. Log: 2026/06/28 09:17:31 [e ... show more Fail2Ban banned 194.99.26.202 for security violations in jail wp-armour. Log: 2026/06/28 09:17:31 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 194.99.26.202 \| Target: wplogin" , client: 194.99.26.202, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇫🇷 tilellit.pro	2026-06-27 11:59:31 (1 day ago)	Fail2Ban banned 194.99.26.202 for security violations in jail wp-armour. Log: 2026/06/27 11:59:30 [e ... show more Fail2Ban banned 194.99.26.202 for security violations in jail wp-armour. Log: 2026/06/27 11:59:30 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 194.99.26.202 \| Target: wplogin" , client: 194.99.26.202, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 kosada.com	2026-06-09 02:48:59 (2 weeks ago)	Web password guessing	Brute-Force
🇺🇸 TPI-Abuse	2026-05-13 01:53:55 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 194.99.26.202 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 194.99.26.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 21:53:52.205581 2026] [security2:error] [pid 27378:tid 27378] [client 194.99.26.202:61341] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|heinsohn.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "heinsohn.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agPZsPGHLTpCAfvyq2zC7AAAAAU"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-01-14 21:20:05 (5 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 194.99.26.202 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 194.99.26.202 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇩🇪 Hazzard	2025-12-27 20:26:53 (6 months ago)	(wordpress) Failed wordpress login from 194.99.26.202 (US/United States/-/-/-/[redacted])	Brute-Force
Anonymous	2025-07-13 07:06:42 (11 months ago)	PARMACOM WEBEXPLOIT 194.99.26.202 (194.99.26.202)	Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 22:55:01 (1 year ago)	(mod_security) mod_security (id:217200) triggered by 194.99.26.202 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:217200) triggered by 194.99.26.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 18:54:53.885060 2025] [security2:error] [pid 2894938:tid 2894938] [client 194.99.26.202:38627] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header\|\|www.twinls.com\|F\|2"] [data "/xmlrpc.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "www.twinls.com"] [uri "/xmlrpc.php"] [unique_id "aDo3PV17oPLyS_cTjZTwhgAAACc"], referer: https://www.twinls.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 sms.ru	2024-09-22 04:15:06 (1 year ago)	SMS pumping attack from foreign country	DDoS Attack
Anonymous	2024-05-31 08:40:17 (2 years ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2024-05-28 14:40:35 (2 years ago)	(mod_security) mod_security (id:225170) triggered by 194.99.26.202 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 194.99.26.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 28 10:40:30.345133 2024] [security2:error] [pid 16855] [client 194.99.26.202:17757] [client 194.99.26.202] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|stkm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stkm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZlXs3uV8fd883oR5ZE6jegAAAAM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇹🇼 kk_it_man	2022-09-01 22:00:09 (3 years ago)		Hacking
🇩🇪 Sklurk	2022-08-21 17:44:29 (3 years ago)		Web App Attack
Anonymous	2021-05-28 15:45:00 (5 years ago)	Credential Stuffing	Brute-Force
Anonymous	2021-05-28 15:45:00 (5 years ago)	Credential Stuffing	Brute-Force

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇲 38.51.130.177

🇨🇳 223.112.5.139

🇺🇸 216.180.246.21

🇻🇪 190.97.245.36

🇪🇸 188.26.220.48

🇲🇽 187.190.27.147

🇺🇸 134.16.43.120

🇦🇷 45.186.30.5

🇺🇸 34.230.221.101

🇨🇳 220.181.108.147

🇺🇸 209.97.147.194

🇵🇷 209.91.209.220

🇵🇱 194.180.49.219

🇺🇸 147.185.132.67

🇨🇳 120.201.53.112

🇺🇸 104.243.35.45

🇨🇦 85.217.149.46

🇦🇷 45.162.20.120

🇳🇱 45.148.10.147

🇺🇸 45.130.83.204