JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.228.90

216.26.228.90 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 10%: ?

10%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.228.90

Whois 216.26.228.90

IP Abuse Reports for 216.26.228.90:

This IP address has been reported a total of 31 times from 14 distinct sources. 216.26.228.90 was first reported on September 28th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 FeG Deutschland	2026-05-21 23:04:59 (2 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇬🇧 PeravixGroup	2026-05-07 06:23:07 (1 month ago)	Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Sever ... show more Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇵🇱 sefinek.net	2026-02-22 02:10:26 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (G ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (GET) \| Endpoint: /genshin-stella-mod \| UA: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 eacontent	2026-01-22 10:37:00 (4 months ago)	4x eg 216.26.228.90 - - [16/Jan/2026:02:28:06 -0500] "GET /config.php%7C/.env%7Csettings.py HTTP/1.1 ... show more 4x eg 216.26.228.90 - - [16/Jan/2026:02:28:06 -0500] "GET /config.php%7C/.env%7Csettings.py HTTP/1.1" 404 34 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240&Win32" show less	Hacking
🇮🇹 VHosting	2026-01-20 13:55:05 (4 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 04:53:55 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 23:53:52.942267 2026] [security2:error] [pid 1937:tid 1937] [client 216.26.228.90:52309] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.tex-fun.com"] [uri "/.env"] [unique_id "aWsV4Cj56OUjCedICPVAjgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2025-12-19 22:21:13 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2025-12-04 02:14:32 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-25 05:29:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:28:56.129387 2025] [security2:error] [pid 32264:tid 32264] [client 216.26.228.90:50357] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dekosh.koshland.us"] [uri "/.env"] [unique_id "aSU-mKbhaeE-vIp6WDtZiAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:56:59 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:56:55.888291 2025] [security2:error] [pid 1816810:tid 1816951] [client 216.26.228.90:21319] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.tbdesigned.com"] [uri "/.svn/wc.db"] [unique_id "aSU3F5GZcKt2mCqV6A_AwAAAAkg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:38:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:38:50.744665 2025] [security2:error] [pid 16553:tid 16553] [client 216.26.228.90:27107] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.urlpick.com"] [uri "/.env"] [unique_id "aSUy2lDRcJXoJwfWI7HEGwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:04:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:04:28.465953 2025] [security2:error] [pid 27362:tid 27362] [client 216.26.228.90:44759] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.ericgwin.com"] [uri "/.git/HEAD"] [unique_id "aSUqzN55601CXOGE98-xZQAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:45:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:44:57.361509 2025] [security2:error] [pid 21655:tid 21655] [client 216.26.228.90:52827] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.heavenly-creatures.com"] [uri "/.svn/wc.db"] [unique_id "aSUmOYZ2XO6KMrufa5-sRgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:28:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.228.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:28:40.784376 2025] [security2:error] [pid 11980:tid 11980] [client 216.26.228.90:57723] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.pleasantridgeorganicfarm.com"] [uri "/.git/HEAD"] [unique_id "aSUUWMz9b2UFNtsgUv8O0wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-21 17:27:02 (6 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 19-27.216.26.228.90.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 19-27.216.26.228.90.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 216.213.158.112

🇵🇰 202.70.139.241

🇻🇳 180.93.251.158

🇬🇧 178.128.32.203

🇺🇸 170.187.165.139

🇮🇳 122.187.229.35

🇮🇷 78.39.88.236

🇷🇺 78.36.41.213

🇵🇰 39.43.36.123

🇨🇦 20.104.72.215

🇭🇰 2.59.153.172

🇷🇴 2.57.122.234

🇨🇳 223.107.72.234

🇭🇰 220.246.47.145

🇩🇪 213.176.67.121

🇲🇦 154.144.225.226

🇧🇪 130.211.71.113

🇧🇪 35.195.172.69

🇧🇪 35.195.83.229

🇩🇪 34.141.99.68