JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.99.26.38

194.99.26.38 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 16%: ?

16%

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46475
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.99.26.38

Whois 194.99.26.38

IP Abuse Reports for 194.99.26.38:

This IP address has been reported a total of 14 times from 9 distinct sources. 194.99.26.38 was first reported on February 15th 2021, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-20 01:52:05 (3 days ago)	(mod_security) mod_security (id:225170) triggered by 194.99.26.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 194.99.26.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 21:52:01.498413 2026] [security2:error] [pid 3597:tid 3597] [client 194.99.26.38:20049] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|daruwala.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "daruwala.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajXyQapqfSpqoWRpDGF0gQAAAAg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 tilellit.pro	2026-05-21 15:15:41 (1 month ago)	Fail2Ban banned 194.99.26.38 for security violations in jail wp-armour. Log: 2026/05/21 15:15:41 [er ... show more Fail2Ban banned 194.99.26.38 for security violations in jail wp-armour. Log: 2026/05/21 15:15:41 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 194.99.26.38 \| Target: wplogin" , client: 194.99.26.38, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 TPI-Abuse	2026-05-06 16:56:14 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 194.99.26.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 194.99.26.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 06 12:56:10.236834 2026] [security2:error] [pid 11022:tid 11022] [client 194.99.26.38:16377] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|eastbrooktech.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "eastbrooktech.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aftyqq8MR0qQg4UFOAZhuwAAACU"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-03 14:13:20 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 194.99.26.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 194.99.26.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 03 10:13:13.914914 2026] [security2:error] [pid 23288:tid 23288] [client 194.99.26.38:47533] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|st-johns.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "st-johns.us"] [uri "/wp-json/wp/v2/users"] [unique_id "afdX-X-pWiP45tmOCTAy1wAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2026-05-01 06:14:53 (1 month ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇫🇷 dwmp	2026-02-10 09:41:31 (4 months ago)	194.99.26.38 - - [10/Feb/2026:10:41:09 +0100] "POST /wp-login.php?wp_lang=en_US HTTP/2.0" 200 2185 " ... show more 194.99.26.38 - - [10/Feb/2026:10:41:09 +0100] "POST /wp-login.php?wp_lang=en_US HTTP/2.0" 200 2185 "https://twincontact.it/wp-login.php?wp_lang=en_US" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" 194.99.26.38 - - [10/Feb/2026:10:41:16 +0100] "POST /wp-login.php?wp_lang=en_US HTTP/2.0" 200 2185 "https://twincontact.it/wp-login.php?wp_lang=en_US" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" 194.99.26.38 - - [10/Feb/2026:10:41:30 +0100] "POST /wp-login.php?wp_lang=en_US HTTP/2.0" 200 2185 "https://twincontact.it/wp-login.php?wp_lang=en_US" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" ... show less	Brute-Force
🇫🇷 masterguru	2026-02-05 10:25:32 (4 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 194.99.26.38 (NL/The Netherlands/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 194.99.26.38 (NL/The Netherlands/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇨🇭 backslash	2025-05-27 22:10:03 (1 year ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
Anonymous	2025-03-30 10:30:18 (1 year ago)	This IP was involved in an brute force and password spray attack on 2025/03/30 05:28:08	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-03-28 10:42:24 (1 year ago)	This IP was involved in an brute force and password spray attack on 2025/03/28 05:06:04	Port Scan Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-03-11 23:43:12 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 194.99.26.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 194.99.26.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 11 19:43:08.627569 2025] [security2:error] [pid 7434:tid 7434] [client 194.99.26.38:59767] [client 194.99.26.38] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "redondotile.com"] [uri "/.env"] [unique_id "Z9DKjCnlcI2Igvin53Cb7AAAAAI"], referer: https://tasamm.com/about/ppp101.html show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2024-02-01 03:41:30 (2 years ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TheMadBeaker	2021-02-16 00:19:02 (5 years ago)	Port Scan: TCP/443	Port Scan
🇺🇸 TheMadBeaker	2021-02-15 19:19:02 (5 years ago)	Fail2Ban Ban Triggered HTTP SQL Injection Attempt	Hacking SQL Injection

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 129.121.47.136

🇭🇰 119.12.166.107

🇳🇱 91.92.40.49

🇮🇷 85.198.19.251

🇺🇸 50.2.184.26

🇺🇸 47.77.233.21

🇺🇸 44.184.46.30

🇸🇪 31.59.160.12

🇨🇳 2409:8710:620:ac::219

🇨🇳 223.109.252.144

🇦🇪 217.165.124.244

🇳🇱 204.76.203.36

🇺🇸 145.223.7.32

🇳🇱 132.243.121.237

🇺🇸 66.132.172.119

🇺🇸 64.62.156.108

🇺🇸 44.116.124.240

🇩🇪 43.228.157.10

🇻🇪 38.74.247.144

🇬🇧 31.14.254.89