JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2.26.122.149

2.26.122.149 was found in our database!

This IP was reported 5 times. Confidence of Abuse is 17%: ?

17%

ISP	VPSPay - vpspay.cloud
Usage Type	Data Center/Web Hosting/Transit
ASN	AS201988
Domain Name	vpspay.cloud
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2.26.122.149

Whois 2.26.122.149

IP Abuse Reports for 2.26.122.149:

This IP address has been reported a total of 5 times from 5 distinct sources. 2.26.122.149 was first reported on May 16th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇭🇷 melochef	2026-05-17 19:28:08 (1 month ago)	ModSecurity: Access denied with code 403 (phase 2). [id "949110"] [msg "Inbound Anomaly Score Exceed ... show more ModSecurity: Access denied with code 403 (phase 2). [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "OWASP_CRS/4.0"] [hostname "waf.cdn-edge.net"] [uri "/wp-includes/wlwmanifest.xml"] [unique_id "bbc08b3a181e88f9"] 2.26.122.149 - - [15/May/2026:19:58:25 +0000] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 403 678 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇸🇪 Victor Hernandez	2026-05-17 19:15:07 (1 month ago)	Fail2Ban (traefik-botsearch): Ban 2.26.122.149 after 16 failures 2.26.122.149 - - [14/May/2026:14:12 ... show more Fail2Ban (traefik-botsearch): Ban 2.26.122.149 after 16 failures 2.26.122.149 - - [14/May/2026:14:12:32 +0000] "GET /swagger.json HTTP/1.1" 404 23181 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" 2.26.122.149 - - [14/May/2026:14:12:32 +0000] "GET /.git/config HTTP/1.1" 403 9301 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" show less	Web App Attack
🇯🇵 Gowtham A	2026-05-17 01:36:50 (1 month ago)	CrowdSec: crowdsecurity/http-sensitive-files 2.26.122.149 - - [16/May/2026:01:22:03 +0000] "GET /ecp ... show more CrowdSec: crowdsecurity/http-sensitive-files 2.26.122.149 - - [16/May/2026:01:22:03 +0000] "GET /ecp/default.aspx HTTP/1.1" 401 10920 "-" "Mozilla/5.0 zgrab/0.x" 5 alerts in 52s \| Action: ban 4h show less	Web App Attack
🇷🇴 Adar P	2026-05-16 22:34:10 (1 month ago)	ModSecurity: Access denied with code 403 (phase 2). [id "941100"] [msg "XSS Attack Detected via libi ... show more ModSecurity: Access denied with code 403 (phase 2). [id "941100"] [msg "XSS Attack Detected via libinjection"] [severity "CRITICAL"] [tag "OWASP_CRS"] [ver "OWASP_CRS/4.0.0"] 2.26.122.149 - - [15/May/2026:08:31:21 +0000] "GET /v2/_catalog HTTP/1.1" 403 1297 "-" "python-requests/2.31.0" Unique ID: f9d4ae81 show less	Hacking Web App Attack
🇷🇴 dlcoerks	2026-05-16 22:08:44 (1 month ago)	AS201988 VPSPay bulletproof hosting. Active in SNI spoofing, hosting phishing kits, C2 infrastructur ... show more AS201988 VPSPay bulletproof hosting. Active in SNI spoofing, hosting phishing kits, C2 infrastructure, and proxy/VPN abuse services. show less	Hacking Exploited Host

Showing 1 to 5 of 5 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.251.123.104

🇨🇳 123.178.210.82

🇭🇰 118.193.47.212

🇫🇷 51.68.107.146

🇸🇬 47.84.191.52

🇺🇸 195.184.76.238

🇨🇳 180.76.112.91

🇺🇸 165.227.93.100

🇻🇳 125.212.244.35

🇹🇭 110.49.6.37

🇧🇬 78.128.113.74

🇲🇾 47.254.200.51

🇸🇬 47.128.61.196

🇳🇱 31.220.3.165

🇺🇸 20.119.99.184

🇰🇷 220.84.137.99

🇺🇸 165.227.21.39

🇺🇸 66.132.195.73

🇸🇰 46.229.232.72

🇺🇸 13.89.125.26