JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.233.27

216.26.233.27 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 23%: ?

23%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.233.27

Whois 216.26.233.27

IP Abuse Reports for 216.26.233.27:

This IP address has been reported a total of 35 times from 12 distinct sources. 216.26.233.27 was first reported on September 27th 2025, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Holger	2026-06-13 13:11:39 (13 hours ago)	WordPress WebAttack	Brute-Force Web App Attack
🇫🇮 inlink.ltd	2026-05-25 22:20:23 (2 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇺🇸 TPI-Abuse	2026-05-04 13:57:55 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 04 09:57:50.437883 2026] [security2:error] [pid 20869:tid 20869] [client 216.26.233.27:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.helpsavepets.org"] [uri "/.env"] [unique_id "afil3vwGj-CRRZ_7SY02rwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-05-03 06:50:37 (1 month ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇬🇧 poundawebsiteltd	2026-04-28 14:50:14 (1 month ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 216.26.233.27 - - [28/Apr/2026:1 ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 216.26.233.27 - - [28/Apr/2026:15:50:12 +0100] GET /s3cmd.ini HTTP/1.1 403 2777 - Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.5(0x17000523) NetType/4G Language/zh_CN show less	Web App Attack
🇱🇻 garmtech.com	2026-03-10 00:56:40 (3 months ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇪🇸 10dencehispahard SL	2026-01-26 10:21:49 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇬🇧 Steve	2026-01-23 23:37:40 (4 months ago)	Abuse of XMLRPC	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 23:20:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 18:19:58.101486 2025] [security2:error] [pid 32515:tid 32515] [client 216.26.233.27:38577] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "love-n-promises.com"] [uri "/.svn/wc.db"] [unique_id "aTddHuyLW9Z14JDsh35sFgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 15:00:15 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 10:00:09.340999 2025] [security2:error] [pid 6777:tid 6777] [client 216.26.233.27:35997] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ferienwohnungen-eva.com"] [uri "/.git/HEAD"] [unique_id "aTbn-Y0KQ72-vWYkDlppmwAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 02:51:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 21:50:55.652407 2025] [security2:error] [pid 28047:tid 28047] [client 216.26.233.27:17801] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "technologymoods.com"] [uri "/.svn/wc.db"] [unique_id "aTY9D4Zefbb5l5TMMHUKLwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2025-12-07 23:03:11 (6 months ago)	Auto-ban: >3000 req/min op 2025-12-07	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-12-07 20:42:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 15:42:44.791771 2025] [security2:error] [pid 17962:tid 17962] [client 216.26.233.27:39627] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "xmlprotocol.com"] [uri "/.git/HEAD"] [unique_id "aTXmxKIPfSKhuyAnLKF9XwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 17:47:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 12:47:12.655405 2025] [security2:error] [pid 12217:tid 12217] [client 216.26.233.27:35845] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sacoriverjazz.org"] [uri "/.svn/wc.db"] [unique_id "aTW9oLyo8XGos9JGU3qcWgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 13:39:23 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.233.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 08:39:18.697176 2025] [security2:error] [pid 26362:tid 26384] [client 216.26.233.27:30113] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "internationalbusinessschool.org"] [uri "/.env"] [unique_id "aTWDhs6T0xqNPOCnMKbQpAAAAJI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 222.246.240.162

🇨🇳 222.176.201.14

🇺🇸 147.185.132.187

🇨🇳 123.160.174.81

🇮🇩 43.165.194.10

🇺🇸 35.252.244.91

🇳🇱 206.189.109.91

🇬🇧 193.163.125.172

🇬🇧 185.247.137.58

🇭🇰 152.32.129.154

🇫🇮 147.185.133.137

🇸🇬 107.150.112.233

🇮🇳 103.111.228.36

🇮🇳 64.227.133.187

🇨🇳 60.174.35.18

🇳🇱 45.148.10.152

🇺🇸 8.231.34.86

🇨🇳 222.86.168.224

🇨🇳 219.139.119.202

🇧🇷 205.210.31.211