JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.112.19.26

212.112.19.26 was found in our database!

This IP was reported 663 times. Confidence of Abuse is 0%: ?

ISP	PRIVATE INTERNET ACCESS, Inc Url: https://privateinternetaccess.com/
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42708
Domain Name	privateinternetaccess.com
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.112.19.26

Whois 212.112.19.26

IP Abuse Reports for 212.112.19.26:

This IP address has been reported a total of 663 times from 125 distinct sources. 212.112.19.26 was first reported on March 14th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-04-16 10:27:25 (2 months ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇮 Ticlem	2026-04-14 13:53:55 (2 months ago)	2026-04-14T15:23:55.913844+02:00 clement-turlure kernel: [24318.337185] [UFW BLOCK] IN=enp0s31f6 OUT ... show more 2026-04-14T15:23:55.913844+02:00 clement-turlure kernel: [24318.337185] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:f7:16:fb:d0:07:ca:8d:22:75:08:00 SRC=212.112.19.26 DST=95.216.21.136 LEN=143 TOS=0x00 PREC=0x00 TTL=57 ID=23692 PROTO=UDP SPT=31934 DPT=6881 LEN=123 2026-04-14T15:38:54.241806+02:00 clement-turlure kernel: [25216.674612] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:f7:16:fb:d0:07:ca:8d:22:75:08:00 SRC=212.112.19.26 DST=95.216.21.136 LEN=143 TOS=0x00 PREC=0x00 TTL=57 ID=48998 PROTO=UDP SPT=28911 DPT=6881 LEN=123 2026-04-14T15:53:55.255662+02:00 clement-turlure kernel: [26117.697974] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:f7:16:fb:d0:07:ca:8d:22:75:08:00 SRC=212.112.19.26 DST=95.216.21.136 LEN=143 TOS=0x00 PREC=0x00 TTL=57 ID=58315 PROTO=UDP SPT=2530 DPT=6881 LEN=123 ... show less	Port Scan
🇬🇧 consul.to	2026-04-11 00:03:03 (2 months ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 Charlesiv	2026-04-08 00:08:14 (2 months ago)	Triggered Cloudflare WAF (firewallCustom) from SE. Action taken: BLOCK ASN: 42708 (GLESYS glesys.com ... show more Triggered Cloudflare WAF (firewallCustom) from SE. Action taken: BLOCK ASN: 42708 (GLESYS glesys.com) Protocol: HTTP/1.1 (GET method) Endpoint: /license.txt Timestamp: 2026-04-07T23:12:58Z Ray ID: 9e8cb85f48d79a3e UA: Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0 Paros/3.2.13 show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-07 23:10:21 (2 months ago)	(mod_security) mod_security (id:210801) triggered by 212.112.19.26 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210801) triggered by 212.112.19.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 07 19:10:14.641777 2026] [security2:error] [pid 1580573:tid 1580573] [client 212.112.19.26:42128] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|nextlevelcharge.com\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "nextlevelcharge.com"] [uri "/license.txt"] [unique_id "adWO1hB9nhZ1MVgS6wXtyAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-07 22:53:29 (2 months ago)	(mod_security) mod_security (id:210801) triggered by 212.112.19.26 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210801) triggered by 212.112.19.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 07 18:53:23.416590 2026] [security2:error] [pid 2125080:tid 2125080] [client 212.112.19.26:26959] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|chaletofsanmarcoowners.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "chaletofsanmarcoowners.net"] [uri "/license.txt"] [unique_id "adWK47XSiduAkA2QDOPIUwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-07 22:32:54 (2 months ago)	(mod_security) mod_security (id:210801) triggered by 212.112.19.26 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210801) triggered by 212.112.19.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 07 18:32:48.144325 2026] [security2:error] [pid 2485032:tid 2485052] [client 212.112.19.26:16648] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|certifiedprojectmanager.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "certifiedprojectmanager.net"] [uri "/license.txt"] [unique_id "adWGEPVs5jSZZQ06TR0UdwAAAQ8"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-03-29 14:15:25 (2 months ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-03-25 03:53:02 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 celestialcity	2026-03-15 14:07:08 (3 months ago)	Blocked by UFW on celestialcityeu [26767/tcp] \| SPT: 61308 \| TTL: 51 \| LEN: 60 \| TOS: 0x08 • Reporte ... show more Blocked by UFW on celestialcityeu [26767/tcp] \| SPT: 61308 \| TTL: 51 \| LEN: 60 \| TOS: 0x08 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 int8	2026-03-15 14:04:21 (3 months ago)	2026-03-15T14:04:21.363303723Z Minecraft server scanner: status request	Port Scan
🇩🇪 zUnlegit	2026-03-15 14:03:11 (3 months ago)	2026-03-15 14:02:52: Minecraft server scan detected from 212.112.19.26 on port 25565 of mailserver	Port Scan
🇬🇧 consul.to	2026-03-11 00:12:30 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 ✨	2026-02-21 00:12:11 (4 months ago)	Rule : RDP UserAccount : ADMINISTRATOR S-1-0-0 - - 0x0 S-1-0-0 ADMINISTRATOR - 0xc000006d %#13 0xc0 ... show more Rule : RDP UserAccount : ADMINISTRATOR S-1-0-0 - - 0x0 S-1-0-0 ADMINISTRATOR - 0xc000006d %#13 0xc000006a 3 NtLmSsp NTLM - - - 0 0x0 - 212.112.19.26 0 show less	SSH Brute-Force
Anonymous	2025-12-01 10:28:08 (6 months ago)	Web Server atack ...	DDoS Attack Web Spam Bad Web Bot Web App Attack

Showing 1 to 15 of 663 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 143.42.1.52

🇧🇷 201.55.133.173

🇦🇺 172.105.185.53

🇨🇳 111.26.167.166

🇳🇱 91.92.42.227

🇳🇱 91.92.40.43

🇺🇸 62.132.18.53

🇵🇰 223.123.73.155

🇲🇽 200.77.172.159

🇪🇹 196.188.187.205

🇳🇱 195.178.110.30

🇧🇷 186.194.65.9

🇩🇪 167.94.145.19

🇺🇸 165.227.93.100

🇦🇲 82.199.197.245

🇳🇱 50.7.233.211

🇨🇳 220.243.137.204

🇩🇪 195.230.103.244

🇩🇪 193.233.74.227

🇺🇸 47.253.5.130