JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.228.39

216.26.228.39 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 10%: ?

10%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.228.39

Whois 216.26.228.39

IP Abuse Reports for 216.26.228.39:

This IP address has been reported a total of 38 times from 14 distinct sources. 216.26.228.39 was first reported on September 26th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 LSPCCU	2026-06-03 20:24:21 (2 days ago)	TSEC Honeypot Network report. Threat score: 66/100. Categories: Hacking. Honeypot: ssh-telnet, cowri ... show more TSEC Honeypot Network report. Threat score: 66/100. Categories: Hacking. Honeypot: ssh-telnet, cowrie. Context: 216. show less	Hacking
🇫🇮 inlink.ltd	2026-05-15 13:51:08 (3 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 08:57:08 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 03:57:04.796971 2026] [security2:error] [pid 23974:tid 23974] [client 216.26.228.39:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thectegroup.net"] [uri "/.env"] [unique_id "aXCU4K1vsSlw3ZDl65bXtwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 00:10:20 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 19:10:09.278398 2026] [security2:error] [pid 12613:tid 12613] [client 216.26.228.39:39947] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "solporpoise.com"] [uri "/.env"] [unique_id "aXAZYa9FPrAGbtQgBJh9ewAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ingroscart.it	2026-01-20 19:37:34 (4 months ago)	(mod_security) mod_security triggered on hostname [redacted] 216.26.228.39 (US/United States/-)	SQL Injection
🇦🇺 MAGIC	2025-12-29 03:09:52 (5 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇮🇹 VHosting	2025-12-23 12:55:11 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇺🇸 TPI-Abuse	2025-11-27 21:08:08 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 16:08:02.560557 2025] [security2:error] [pid 7628:tid 7628] [client 216.26.228.39:51177] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dorismitchell.com"] [uri "/.env"] [unique_id "aSi9snVFd7ARayaTTraiCgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-27 18:57:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 13:57:09.220351 2025] [security2:error] [pid 31427:tid 31427] [client 216.26.228.39:40875] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a1laha.com"] [uri "/.svn/wc.db"] [unique_id "aSifBUxoRBmmDiptZdpoXgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2025-11-25 23:03:29 (6 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-11-24. show less	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-11-24 05:15:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:15:15.791663 2025] [security2:error] [pid 10120:tid 10120] [client 216.26.228.39:31315] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.sourcecodeportal.com"] [uri "/.svn/wc.db"] [unique_id "aSPp4-OOkt2r5HsAcubW1wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:21:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:21:34.006830 2025] [security2:error] [pid 8939:tid 8939] [client 216.26.228.39:45013] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.mprise.com"] [uri "/.env"] [unique_id "aSPdTqEn0MfyZEXUdtarQQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 13:10:53 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇧🇪 madeit	2025-11-04 15:58:39 (7 months ago)		Web App Attack
Anonymous	2025-11-02 17:36:17 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:33:04	Port Scan Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.173

🇺🇬 196.0.120.211

🇵🇱 194.180.49.71

🇩🇪 185.220.101.21

🇵🇰 182.180.121.196

🇶🇦 176.202.206.50

🇺🇸 107.150.146.69

🇨🇦 85.217.149.34

🇺🇸 74.82.47.35

🇰🇷 59.21.37.60

🇧🇪 34.38.174.36

🇭🇰 20.205.34.2

🇸🇬 4.194.4.255

🇺🇸 192.252.209.156

🇮🇩 182.253.156.173

🇳🇱 176.65.148.229

🇩🇪 167.94.146.41

🇩🇪 151.243.11.35

🇺🇸 135.119.236.48

🇨🇳 119.118.235.132