JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.237.207

216.26.237.207 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 7%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.237.207

Whois 216.26.237.207

IP Abuse Reports for 216.26.237.207:

This IP address has been reported a total of 29 times from 12 distinct sources. 216.26.237.207 was first reported on September 26th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 ctrlpew	2026-05-19 01:01:03 (3 weeks ago)	WordPress login brute-force botnet targeting ctrlpew.com. Distributed IPs cycling every 3 seconds wi ... show more WordPress login brute-force botnet targeting ctrlpew.com. Distributed IPs cycling every 3 seconds with UA rotation. All attempts against non-existent usernames. 2026-05-18. show less	Brute-Force Web App Attack
Anonymous	2026-04-22 15:15:53 (1 month ago)	Attempt to scan vulnerabilities	Hacking
Anonymous	2026-04-13 23:28:27 (2 months ago)	Attempt to scan vulnerabilities	Hacking
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:32 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-29 00:42:46 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 19:42:39.860603 2025] [security2:error] [pid 1226:tid 1226] [client 216.26.237.207:15355] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aboutahome.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aboutahome.net"] [uri "/dump.sql"] [unique_id "aSpBf1lJXW8njwE7zPK2IgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇬 Stoyko Stoykov	2025-11-25 19:07:20 (6 months ago)	216.26.237.207 - - [25/Nov/2025:21:07:20 +0200] "GET /.aws/credentials HTTP/1.1" 301 162 "-" "Mozill ... show more 216.26.237.207 - - [25/Nov/2025:21:07:20 +0200] "GET /.aws/credentials HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:01:48 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:01:45.097788 2025] [security2:error] [pid 16444:tid 16444] [client 216.26.237.207:39557] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.arapi.org"] [uri "/.svn/wc.db"] [unique_id "aSVUWWj9doonuLbtzSDpywAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:55:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:55:52.449135 2025] [security2:error] [pid 20046:tid 20046] [client 216.26.237.207:27681] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.daydar.net"] [uri "/.env"] [unique_id "aSU22Hpn2_qnzuKB9JZrOAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:12:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:12:39.230311 2025] [security2:error] [pid 1232:tid 1232] [client 216.26.237.207:20101] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.ecomim.com"] [uri "/.svn/wc.db"] [unique_id "aSUst72XNIOrsOaDgpbekgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:58:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:58:38.578473 2025] [security2:error] [pid 13343:tid 13343] [client 216.26.237.207:36085] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.avaliantlife.com"] [uri "/.git/HEAD"] [unique_id "aSUNToklOjR90hNvs2ni2gAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:24:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:24:18.368704 2025] [security2:error] [pid 614298:tid 614298] [client 216.26.237.207:24367] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.windtime.com"] [uri "/.git/HEAD"] [unique_id "aSUFQnnm6MTRZ6KpCU5gmQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:50:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.237.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:50:10.077715 2025] [security2:error] [pid 12755:tid 12755] [client 216.26.237.207:51067] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.certifiedfarmersmarkets.org"] [uri "/.env"] [unique_id "aST9QhFS082sXB2plpmK2wAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-13 20:32:27 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-02 17:05:17 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:17:28	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-10-17 16:29:00 (7 months ago)	Unauthorized connection attempt	Brute-Force

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.65

🇩🇪 167.94.145.25

🇮🇳 163.61.33.117

🇸🇪 162.158.183.79

🇺🇸 104.243.133.18

🇳🇱 204.76.203.219

🇧🇷 177.92.162.246

🇩🇪 167.94.146.33

🇫🇷 141.94.101.142

🇮🇩 137.59.125.100

🇧🇩 118.179.163.225

🇺🇸 103.153.182.184

🇸🇪 90.238.40.198

🇰🇿 81.91.184.91

🇬🇧 45.43.166.12

🇶🇦 20.173.116.24

🇻🇳 14.225.7.70

🇭🇰 8.210.214.44

🇲🇽 187.191.48.4

🇨🇦 173.32.106.25