JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.119.41.197

212.119.41.197 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 22%: ?

22%

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS35830
Domain Name	finegroupservers.com
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.119.41.197

Whois 212.119.41.197

IP Abuse Reports for 212.119.41.197:

This IP address has been reported a total of 14 times from 10 distinct sources. 212.119.41.197 was first reported on December 2nd 2020, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-18 03:53:31 (3 weeks ago)	"POST /xmlrpc.php HTTP/1.1"	Hacking Web App Attack
🇪🇸 el-brujo	2026-05-17 01:56:11 (3 weeks ago)	Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Wget/1. ... show more Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Wget/1.21.4 Action: managed_challenge Source: firewallManaged ASN Description: Fast Servers (Pty) Ltd Country: US Method: POST Timestamp: 2026-05-17T01:56:11Z ruleId: 5de7edfa648c4d6891dc3e7f84534ffa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 22:14:49 (3 weeks ago)	(mod_security) mod_security (id:210350) triggered by 212.119.41.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 212.119.41.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 18:14:41.915888 2026] [security2:error] [pid 15291:tid 15321] [client 212.119.41.197:24297] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|rainbowbb.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "rainbowbb.com"] [uri "/"] [unique_id "agea0dO7fmN9UhRbV8gs3gAAAAE"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-12 09:20:56 (4 weeks ago)	212.119.41.197 - - [12/May/2026:12:20:53 +0300] "POST /administrator/xmlrpc.php HTTP/1.1" 404 3305 " ... show more 212.119.41.197 - - [12/May/2026:12:20:53 +0300] "POST /administrator/xmlrpc.php HTTP/1.1" 404 3305 "-" "curl/8.6.0" 212.119.41.197 - - [12/May/2026:12:20:55 +0300] "POST /administrator/xmlrpc.php HTTP/1.1" 404 3306 "-" "Wget/1.21.4" ... show less	Web App Attack
🇧🇪 voormedia	2026-05-02 08:29:54 (1 month ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇨🇦 wil.com	2024-09-24 08:59:58 (1 year ago)	GlobalProtect login attempts with user jkoepke.	VPN IP Brute-Force
Anonymous	2024-09-22 12:48:51 (1 year ago)	This IP was involved in an brute force and password spray attack on 2024/09/22 07:45:18	Port Scan Brute-Force Exploited Host Web App Attack
🇺🇸 ChamberofCommerce.com	2024-08-13 19:39:40 (1 year ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 TPI-Abuse	2024-06-22 12:03:37 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 212.119.41.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 212.119.41.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 22 08:03:33.833286 2024] [security2:error] [pid 22269] [client 212.119.41.197:11163] [client 212.119.41.197] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|elimer.com.ve\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "elimer.com.ve"] [uri "/wp-json/wp/v2/users"] [unique_id "Zna9lV9OrVal6HUwTC4OEAAAAAY"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2022-12-06 23:58:40 (3 years ago)	honeypot	Bad Web Bot
🇨🇭 backslash	2021-11-12 00:35:38 (4 years ago)	honeypot, robots.txt	Bad Web Bot
🇨🇭 backslash	2021-02-05 09:18:33 (5 years ago)		Brute-Force
Anonymous	2020-12-02 01:00:37 (5 years ago)	botnet	Web App Attack
Anonymous	2020-12-02 01:00:37 (5 years ago)	botnet	Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇴 200.189.27.76

🇺🇸 185.191.171.6

🇮🇩 182.9.33.120

🇧🇷 177.66.141.8

🇬🇧 87.236.176.243

🇧🇷 45.205.1.242

🇺🇸 3.19.14.210

🇧🇪 178.51.27.184

🇺🇸 172.191.74.151

🇺🇸 154.39.79.49

🇨🇳 101.96.192.45

🇺🇿 95.46.211.142

🇸🇬 94.231.206.5

🇺🇸 71.6.135.131

🇰🇷 43.164.131.52

🇸🇬 43.134.110.191

🇺🇸 20.253.48.149

🇩🇪 2.27.20.149

🇲🇽 186.96.145.241

🇺🇸 147.185.132.252