JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.18.127.201

212.18.127.201 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 15%: ?

15%

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	finegroupservers.com
Country	🇫🇮 Finland
City	Vantaa, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.18.127.201

Whois 212.18.127.201

IP Abuse Reports for 212.18.127.201:

This IP address has been reported a total of 10 times from 7 distinct sources. 212.18.127.201 was first reported on September 30th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-22 14:19:14 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 212.18.127.201 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.18.127.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 10:19:10.202908 2026] [security2:error] [pid 25301:tid 25301] [client 212.18.127.201:37055] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "psychiatryabuse.com"] [uri "/wp-config.php.bak"] [unique_id "ahBl3nGxaOXMD8ScBVABYgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-22 10:53:27 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 212.18.127.201 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.18.127.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 06:53:22.271627 2026] [security2:error] [pid 31452:tid 31452] [client 212.18.127.201:65531] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.groovedoctors.com"] [uri "/wp-config.php.bak"] [unique_id "ahA1ou6JvYbVKhkqsmBssgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 19:37:52 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 212.18.127.201 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.18.127.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 15:37:45.889506 2026] [security2:error] [pid 7788:tid 7788] [client 212.18.127.201:29551] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rochesterhistorical.org"] [uri "/wp-config.txt"] [unique_id "ag4NiX2gLJK2p_pWEQ6IXQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 11:50:11 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 212.18.127.201 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.18.127.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 07:50:03.603394 2026] [security2:error] [pid 10035:tid 10035] [client 212.18.127.201:42919] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "advantagept.org"] [uri "/wp-config.php.bak"] [unique_id "ag2f6-dEsFRTZrZOrEAHOQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-05-15 15:06:17 (3 weeks ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-04-15 22:45:12 (1 month ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇫🇷 masterguru	2026-02-03 15:05:09 (4 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 212.18.127.201 (NL/The Netherlands/-): 1 in th ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 212.18.127.201 (NL/The Netherlands/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇨🇦 wil.com	2025-04-01 10:55:37 (1 year ago)	GlobalProtect login attempts with user SSANGUINET.	VPN IP Brute-Force
🇨🇿 lp	2024-11-19 22:26:46 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 212.18.127.201 2024-11-19T21:48:29+01 ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 212.18.127.201 2024-11-19T21:48:29+01:00 vpn Access-Reject 'ip226' station: 212.18.127.201 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇷🇺 sms.ru	2024-09-30 15:15:06 (1 year ago)	SMS pumping attack from foreign country	DDoS Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 201.137.46.4

🇫🇷 176.191.43.176

🇨🇳 113.121.47.46

🇮🇩 103.74.5.44

🇺🇸 68.183.103.48

🇩🇪 34.185.235.232

🇺🇸 34.150.164.0

🇧🇪 207.175.73.215

🇷🇺 185.16.214.226

🇺🇸 178.128.72.200

🇨🇴 170.254.229.191

🇳🇱 91.92.42.34

🇺🇸 82.180.174.123

🇹🇭 49.228.100.195

🇭🇰 45.131.179.125

🇦🇺 34.116.123.41

🇬🇧 195.140.214.28

🇮🇩 157.20.207.165

🇨🇳 123.10.166.32

🇨🇳 118.89.122.179