JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.228.149

216.26.228.149 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 51%: ?

51%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.228.149

Whois 216.26.228.149

IP Abuse Reports for 216.26.228.149:

This IP address has been reported a total of 36 times from 20 distinct sources. 216.26.228.149 was first reported on September 26th 2025, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 paulshipley.com.au	2026-06-12 10:26:24 (3 hours ago)	furst.com.au:443 216.26.228.149 - - [12/Jun/2026:20:26:23 +1000] "GET /?author=3 HTTP/1.1" 404 5093 ... show more furst.com.au:443 216.26.228.149 - - [12/Jun/2026:20:26:23 +1000] "GET /?author=3 HTTP/1.1" 404 5093 "https://www.google.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web App Attack
🇲🇽 octageeks.com	2026-06-12 04:23:55 (9 hours ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇲🇹 Malta	2026-06-11 22:55:47 (15 hours ago)	216.26.228.149 - - [12/Jun/2026:00:55:47 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Lin ... show more 216.26.228.149 - - [12/Jun/2026:00:55:47 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇮🇩 zam	2026-06-11 20:08:30 (17 hours ago)	216.26.228.149 - - [11/Jun/2026:20:08:04 +0000] "POST /wp-login.php HTTP/1.1" 301 277	Web App Attack
🇫🇷 ELYAZ	2026-06-10 15:58:18 (1 day ago)	(y4) Failed scan -byebye- from 216.26.228.149 (US/United States/-): (CF_ENABLE)	Hacking
🇦🇺 HJ5Ss4Ju	2026-06-10 03:10:38 (2 days ago)	Blocked by Wordfence (SID 6)	Web App Attack
🇪🇸 librebit	2026-06-09 17:20:29 (2 days ago)	Brute force	Brute-Force
🇩🇪 4server	2026-05-13 04:49:33 (4 weeks ago)	[WedMay1306:49:29.9955372026][security2:error][pid1110677:tid1110793][client216.26.228.149:0]ModSecu ... show more [WedMay1306:49:29.9955372026][security2:error][pid1110677:tid1110793][client216.26.228.149:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"scuolaviva.ch\"][uri\"/.aws/credentials\"][unique_id\"agQC2dUNn1GVZDD8qaRaNwAAAQs\"] show less	Port Scan Brute-Force Web App Attack
🇨🇭 4server	2026-05-12 18:09:07 (4 weeks ago)	[TueMay1220:08:59.6563332026][security2:error][pid2870990:tid2871136][client216.26.228.149:0]ModSecu ... show more [TueMay1220:08:59.6563332026][security2:error][pid2870990:tid2871136][client216.26.228.149:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"hosting-ticino-svizzera.ch\"][uri\"/.env\"][unique_id\"agNsu-5LObcKq0OkX8TZIwAAAEQ\"] show less	Hacking Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:56 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-26 12:25:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 07:25:48.418792 2025] [security2:error] [pid 7954:tid 7954] [client 216.26.228.149:29123] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.handcraftedparquet.com"] [uri "/.env"] [unique_id "aSbxzFXuxmgKyAEQd_wAMAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 06:42:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:42:34.629015 2025] [security2:error] [pid 12307:tid 12307] [client 216.26.228.149:22517] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.debhill.com"] [uri "/.svn/wc.db"] [unique_id "aSahWqlaMZ25QrwwGzIQsQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:24:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:24:07.745156 2025] [security2:error] [pid 18802:tid 18802] [client 216.26.228.149:60581] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.cvtheory.com"] [uri "/.git/HEAD"] [unique_id "aSZkx9dIoTx9n1cVuFvQHgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:55:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:55:19.145180 2025] [security2:error] [pid 6322:tid 6322] [client 216.26.228.149:48157] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.thephysicsroom.com"] [uri "/.git/HEAD"] [unique_id "aSZP9-xk7PSUxPqBpq45bAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.227

🇵🇱 195.116.145.127

🇳🇱 176.65.139.248

🇺🇸 172.71.155.163

🇧🇷 168.194.36.207

🇺🇸 162.217.162.114

🇮🇹 151.60.207.98

🇺🇸 147.224.184.137

🇰🇿 109.248.156.49

🇮🇳 106.219.228.118

🇮🇩 103.110.34.131

🇮🇳 103.47.217.130

🇱🇺 64.89.160.135

🇫🇷 51.75.247.232

🇺🇸 47.204.213.187

🇳🇱 45.148.10.157

🇺🇸 44.66.63.124

🇨🇳 14.103.122.182

🇨🇳 218.63.249.247

🇲🇻 202.153.82.16