JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.26.74.201

212.26.74.201 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 45%: ?

45%

ISP	King Abdul Aziz City for Science and Technology
Usage Type	University/College/School
ASN	AS8895
Domain Name	isu.net.sa
Country	🇸🇦 Saudi Arabia
City	Najran, Najran Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.26.74.201

Whois 212.26.74.201

IP Abuse Reports for 212.26.74.201:

This IP address has been reported a total of 44 times from 28 distinct sources. 212.26.74.201 was first reported on February 26th 2026, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 noise.agency	2026-06-04 10:21:53 (17 hours ago)	(wordpress) Failed wordpress login from 212.26.74.201 (SA/Saudi Arabia/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-04 09:10:05 (18 hours ago)	(mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 05:09:56.043543 2026] [security2:error] [pid 26631:tid 26631] [client 212.26.74.201:64279] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 212.26.74.201 (+1 hits since last alert)\|soonerstone.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "soonerstone.com"] [uri "/xmlrpc.php"] [unique_id "aiFA5AQ40blv2m1SBXI-UwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-19 07:21:02 (2 weeks ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 07:09:11 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 03:09:05.585900 2026] [security2:error] [pid 30503:tid 30503] [client 212.26.74.201:55683] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 212.26.74.201 (+1 hits since last alert)\|theamarals.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theamarals.com"] [uri "/xmlrpc.php"] [unique_id "agwMkfpDGBYXQnk71eeNRQAAACM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-19 07:08:21 (2 weeks ago)	Attac	Brute-Force
Anonymous	2026-05-18 06:28:14 (2 weeks ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-05-17 06:00:11 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 02:00:01.388519 2026] [security2:error] [pid 17456:tid 17456] [client 212.26.74.201:52395] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 212.26.74.201 (+1 hits since last alert)\|incrp.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "incrp.org"] [uri "/xmlrpc.php"] [unique_id "aglZYcSMEmDjQiuEi2k6IQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 10:52:34 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 06:52:25.072540 2026] [security2:error] [pid 25380:tid 25380] [client 212.26.74.201:49889] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 212.26.74.201 (+1 hits since last alert)\|diegogamazo.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "diegogamazo.com"] [uri "/xmlrpc.php"] [unique_id "agMGacV1duqYbAvXjFQTlQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-05-12 09:15:19 (3 weeks ago)	(wordpress) Failed wordpress login from 212.26.74.201 (SA/Saudi Arabia/-)	Brute-Force
🇨🇦 Paulo Henrique dos Santos Nichio	2026-05-12 08:49:30 (3 weeks ago)	(ls_brute) LiteSpeed Brute Force Attack 212.26.74.201 (SA/Saudi Arabia/-): 3 in the last 600 secs; P ... show more (ls_brute) LiteSpeed Brute Force Attack 212.26.74.201 (SA/Saudi Arabia/-): 3 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2026-05-12 05:48:56.814045 [WARN] [366555] [T0] [172.68.234.160:12237:HTTP2-57>212.26.74.201#APVH_www.plmaquinas.ind.br:443] Brute force detected for IP [212.26.74.201], throttle. 2026-05-12 05:49:07.829128 [WARN] [366555] [T0] [172.68.234.160:12237:HTTP2-59>212.26.74.201#APVH_www.plmaquinas.ind.br:443] Brute force detected for IP [212.26.74.201], throttle. 2026-05-12 05:49:17.819838 [WARN] [366555] [T0] [172.68.234.160:12237:HTTP2-61>212.26.74.201#APVH_www.plmaquinas.ind.br:443] Brute force detected for IP [212.26.74.201], throttle. show less	Port Scan
🇺🇸 TPI-Abuse	2026-04-22 05:56:24 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 01:56:18.135573 2026] [security2:error] [pid 1171367:tid 1171367] [client 212.26.74.201:52950] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 212.26.74.201 (+1 hits since last alert)\|lukeschicago.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lukeschicago.com"] [uri "/xmlrpc.php"] [unique_id "aehjAiSuC6uW4BdtcYUJ7QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-21 09:49:05 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 212.26.74.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 05:48:47.688857 2026] [security2:error] [pid 387088:tid 387088] [client 212.26.74.201:49415] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 212.26.74.201 (+1 hits since last alert)\|4115thewestford.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "4115thewestford.com"] [uri "/xmlrpc.php"] [unique_id "aedH_xbtcEv_ZLSxrdrzHwAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-15 06:55:16 (1 month ago)	Automated Apache web app probe detected in the last 24h: cnt=143, uniq_paths=1, err_cnt=0, probes=/. ... show more Automated Apache web app probe detected in the last 24h: cnt=143, uniq_paths=1, err_cnt=0, probes=/.git/config,//xmlrpc.php,/.env,/xmlrpc.php,/wp-login.php* show less	Web App Attack
Anonymous	2026-04-14 23:35:27 (1 month ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇺🇸 WeekendWeb	2026-04-14 19:46:47 (1 month ago)	Wordpress Vunerability attack	Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 47.84.207.67

🇬🇧 198.178.235.37

🇩🇪 167.94.145.17

🇺🇸 146.88.241.174

🇨🇳 106.13.206.106

🇨🇱 104.23.202.210

🇷🇴 80.94.92.167

🇳🇱 45.148.10.152

🇺🇸 20.163.10.186

🇹🇼 198.235.24.37

🇬🇧 193.163.125.132

🇺🇸 185.180.141.8

🇲🇦 160.178.56.251

🇺🇸 147.185.132.61

🇺🇸 143.42.1.185

🇯🇵 133.18.180.27

🇨🇳 116.179.32.151

🇨🇳 115.190.52.176

🇦🇲 109.75.47.10

🇷🇴 80.94.95.173