JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.234.199

216.26.234.199 was found in our database!

This IP was reported 33 times. Confidence of Abuse is 34%: ?

34%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.234.199

Whois 216.26.234.199

IP Abuse Reports for 216.26.234.199:

This IP address has been reported a total of 33 times from 21 distinct sources. 216.26.234.199 was first reported on September 28th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 sssrit	2026-06-14 08:45:59 (2 days ago)	216.26.234.199 - - [14/Jun/2026:10:44:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "https://www.fac ... show more 216.26.234.199 - - [14/Jun/2026:10:44:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "https://www.facebook.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" 216.26.234.199 - - [14/Jun/2026:10:45:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "https://www.google.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" ... show less	Web App Attack
🇩🇪 iNetWorker	2026-06-13 07:12:14 (3 days ago)	trolling for resource vulnerabilities	Web App Attack
🇬🇷 setupgr	2026-06-13 04:11:18 (3 days ago)	(mod_security) mod_security (id:900001) triggered by 216.26.234.199: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 216.26.234.199: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sat Jun 13 07:11:15.910057 2026] [security2:error] [pid 568633:tid 568693] [client 216.26.234.199:58897] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.asteriassantorini.com"] [severity "CRITICAL"] [tag "security"] [hostname "mail.asteriassantorini.com"] [uri "/wp-login.php"] [unique_id "aizYYwwee1nHdDysdvf3jgAAAQc"], referer: https://mail.asteriassantorini.com/wp-login.php show less	Port Scan
🇬🇷 setupgr	2026-06-12 14:30:58 (4 days ago)	(mod_security) mod_security (id:900001) triggered by 216.26.234.199: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 216.26.234.199: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 17:30:56.219591 2026] [security2:error] [pid 326673:tid 326832] [client 216.26.234.199:32273] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.doityourself.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.doityourself.gr"] [uri "/wp-login.php"] [unique_id "aiwYII3XoGur1n4mJeRMxwAAAYI"], referer: https://mail.doityourself.gr/wp-login.php show less	Port Scan
🇩🇪 FeG Deutschland	2026-06-12 14:04:37 (4 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 dtorrer	2026-06-11 22:21:42 (4 days ago)	Brute-force general attack.	Brute-Force
🇪🇸 librebit	2026-05-17 06:35:39 (4 weeks ago)	Brute force	Brute-Force
🇪🇸 librebit	2026-05-13 22:50:48 (1 month ago)	RDWeb scan	Web App Attack
Anonymous	2026-03-28 07:39:06 (2 months ago)	Forum/form spam	Web Spam
🇺🇸 cyfordtechnologies.com	2026-03-27 15:43:34 (2 months ago)	High-abuse ASN prefix: 216.26. : Reported by Cyford API	Web App Attack
🇳🇱 homeshowdomain.nl	2026-01-02 22:59:33 (5 months ago)	Auto-ban: >3000 req/min op 2026-01-02	Hacking Web App Attack SSH
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:22 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-27 21:24:14 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.234.199 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.234.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 16:24:08.624593 2025] [security2:error] [pid 4573:tid 4592] [client 216.26.234.199:23175] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "catch-22productions.com"] [uri "/.git/HEAD"] [unique_id "aVBOeHM4MRc4Fzor1cVweAAAAQ8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 20:48:31 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.234.199 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.234.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 15:48:23.961051 2025] [security2:error] [pid 17763:tid 17763] [client 216.26.234.199:43093] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "theopinionatedowl.com"] [uri "/.env"] [unique_id "aVBGF-oVDued1IpGs0cT4gAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 20:13:12 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.234.199 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.234.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 15:13:05.819448 2025] [security2:error] [pid 17790:tid 17826] [client 216.26.234.199:54041] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "runawaydixie.com"] [uri "/.env"] [unique_id "aVA90cKtBq4ge66LoNSFDAAAAJE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 33 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 218.51.148.194

🇲🇽 189.217.202.123

🇨🇳 183.92.115.107

🇺🇸 172.56.160.180

🇺🇸 162.0.211.124

🇷🇴 141.98.83.240

🇨🇳 112.124.67.212

🇨🇳 110.40.203.195

🇳🇱 91.92.40.204

🇩🇪 88.198.96.203

🇺🇸 66.132.172.200

🇺🇸 20.169.83.157

🇺🇸 18.116.101.220

🇨🇳 14.103.112.105

🇧🇬 193.24.211.107

🇯🇵 154.31.117.98

🇰🇷 146.56.187.157

🇰🇷 125.177.229.27

🇰🇷 106.246.89.72

🇮🇳 106.219.153.237