JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.226.238

216.26.226.238 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.226.238

Whois 216.26.226.238

IP Abuse Reports for 216.26.226.238:

This IP address has been reported a total of 44 times from 17 distinct sources. 216.26.226.238 was first reported on September 26th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-11 10:25:39 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-08 01:51:25 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇺🇸 cyfordtechnologies.com	2026-03-24 04:36:33 (2 months ago)	High-abuse ASN prefix: 216.26. : Reported by Cyford API	Web App Attack
Anonymous	2026-03-16 21:15:44 (3 months ago)	Forum/form spam	Web Spam
🇮🇹 mgarofano80	2026-01-14 00:26:12 (5 months ago)		Brute-Force Web App Attack
Anonymous	2026-01-09 16:30:09 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-12-29 04:20:09 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.226.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.226.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:20:04.463224 2025] [security2:error] [pid 12755:tid 12771] [client 216.26.226.238:50819] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "goodfridaygolf.com"] [uri "/.svn/wc.db"] [unique_id "aVIBdD-RvesYlg9nPSPgQAAAAE0"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Burayot	2025-12-13 22:21:43 (6 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 216.26.226.238 (US/United States/-) ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 216.26.226.238 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇨🇭 backslash	2025-12-09 18:25:05 (6 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-27 03:53:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.226.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.226.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 22:53:43.323372 2025] [security2:error] [pid 16778:tid 16778] [client 216.26.226.238:16801] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.sipa.com.hk"] [uri "/.git/HEAD"] [unique_id "aSfLR5ehlLTYuHlVeDgZGgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 16:33:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.226.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.226.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 11:33:50.027810 2025] [security2:error] [pid 20967:tid 20967] [client 216.26.226.238:53231] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.g-peopleland.com"] [uri "/.git/HEAD"] [unique_id "aScr7rFSyKA00jOZjdm9lwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 Shaik Sai Meera	2025-11-26 08:35:14 (6 months ago)	IM360 WAF: Hidden file access	Brute-Force
🇺🇸 TPI-Abuse	2025-11-25 07:07:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.226.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.226.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:07:11.888320 2025] [security2:error] [pid 3801:tid 3801] [client 216.26.226.238:52923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.mixmediallc.com"] [uri "/.git/HEAD"] [unique_id "aSVVn0kBnsFeIXdipm7jHgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Thaliruth	2025-11-25 06:24:28 (6 months ago)	default:80 216.26.226.238 - - [25/Nov/2025:07:24:28 +0100] "GET /.aws/credentials HTTP/1.0" 404 426 ... show more default:80 216.26.226.238 - - [25/Nov/2025:07:24:28 +0100] "GET /.aws/credentials HTTP/1.0" 404 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" 216.26.226.238 - - [25/Nov/2025:07:24:28 +0100] "GET /.aws/credentials HTTP/1.1" 404 262 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 212.47.77.200

🇬🇧 198.244.183.232

🇺🇸 147.185.132.243

🇺🇸 147.185.132.240

🇺🇸 137.184.217.238

🇨🇳 119.96.193.72

🇨🇳 103.236.60.34

🇷🇴 80.94.95.242

🇺🇸 45.79.104.47

🇫🇷 45.8.133.184

🇮🇹 2a00:1450:4025:1807::121

🇨🇳 218.203.203.232

🇵🇱 194.180.48.33

🇺🇸 162.216.150.182

🇺🇸 150.107.36.119

🇺🇸 147.185.132.251

🇺🇸 147.185.132.210

🇺🇸 147.185.132.204

🇯🇵 103.163.220.237

🇨🇳 101.126.153.162