JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.228.253

216.26.228.253 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.228.253

Whois 216.26.228.253

IP Abuse Reports for 216.26.228.253:

This IP address has been reported a total of 34 times from 13 distinct sources. 216.26.228.253 was first reported on September 27th 2025, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-04-05 07:30:13 (2 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-03-23 10:17:17 (2 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇬🇧 relianoid.com	2026-02-19 03:48:56 (3 months ago)	POST Abuse detected by Relianoid OSS Load Balancer - relianoid.com	Web Spam
🇺🇸 TPI-Abuse	2026-01-21 14:14:08 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 09:14:03.867256 2026] [security2:error] [pid 24097:tid 24097] [client 216.26.228.253:13021] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ssion.com"] [uri "/.env"] [unique_id "aXDfK_zQv8rtaQ6Cp4mr7wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 12:04:58 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 07:04:51.596097 2026] [security2:error] [pid 6466:tid 6466] [client 216.26.228.253:59703] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rnance.com"] [uri "/.env"] [unique_id "aXDA4_JTe1-7FAs8_I1U4QAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Swiptly	2026-01-21 08:37:43 (4 months ago)	Bot scanning for environment files .env .env/\* ...	Web App Attack
🇺🇸 myagent.site	2026-01-20 21:44:51 (4 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 TPI-Abuse	2026-01-20 21:40:50 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 16:40:02.808297 2026] [security2:error] [pid 1844620:tid 1844620] [client 216.26.228.253:31959] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sandiegobeachrentals.com"] [uri "/.svn/wc.db"] [unique_id "aW_2MuWAIyTT6lcIsYbRSwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-20 20:37:31 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 15:37:24.426765 2026] [security2:error] [pid 19539:tid 19563] [client 216.26.228.253:43817] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "la.productions"] [uri "/.git/HEAD"] [unique_id "aW_nhBa5KDJ1DLrbZvIfdwAAAFY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-05 07:14:51 (5 months ago)	(mod_security) mod_security triggered on hostname [redacted] 216.26.228.253 (US/United States/-)	SQL Injection
🇧🇪 taivas.nl	2025-12-25 05:32:25 (5 months ago)	Many_bad_calls	Web App Attack
🇧🇪 taivas.nl	2025-12-24 12:02:11 (5 months ago)	Bad_requests	Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-03 00:04:17 (6 months ago)	(mod_security) mod_security (id:210740) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210740) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 19:04:12.318529 2025] [security2:error] [pid 24131:tid 24131] [client 216.26.228.253:40081] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy\|\|oliverhardy.com\|F\|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "oliverhardy.com"] [uri "/"] [unique_id "aS9-fAUi8Nr2aZvNsczKfwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 03:48:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 22:48:28.959880 2025] [security2:error] [pid 4248:tid 4248] [client 216.26.228.253:18255] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.fanarch.xyz"] [uri "/.svn/wc.db"] [unique_id "aSPVjGHVfyioFeQpDiUSvQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-13 21:04:57 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇪 200.25.47.113

🇺🇸 45.71.17.175

🇺🇸 45.40.143.166

🇧🇮 197.157.194.126

🇬🇧 195.206.182.220

🇩🇪 195.201.119.80

🇵🇱 194.180.48.31

🇨🇳 180.103.119.98

🇻🇳 157.66.80.97

🇸🇬 151.192.57.118

🇦🇹 146.70.116.111

🇨🇳 124.222.85.146

🇳🇱 81.19.216.112

🇺🇸 71.6.236.207

🇺🇸 66.228.53.204

🇸🇬 47.79.11.126

🇳🇱 45.128.199.150

🇮🇳 45.112.149.170

🇨🇴 38.225.230.76

🇺🇸 2604:a880:400:d1:0:4:8bf8:1