JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.238.216

216.26.238.216 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 13%: ?

13%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.238.216

Whois 216.26.238.216

IP Abuse Reports for 216.26.238.216:

This IP address has been reported a total of 30 times from 11 distinct sources. 216.26.238.216 was first reported on September 26th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 LiftUp Hosting	2026-06-05 00:16:02 (1 day ago)	Honeypot hit: HTTP/1.1 request on 8546 POST / User-Agent: Go-http-client/1.1 Accept-Encoding: gzip ... show more Honeypot hit: HTTP/1.1 request on 8546 POST / User-Agent: Go-http-client/1.1 Accept-Encoding: gzip POST Data: {"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}; 8546 [2] TCP show less	Hacking Bad Web Bot
🇪🇸 librebit	2026-05-17 06:14:39 (2 weeks ago)	Brute force	Brute-Force
🇩🇪 LRob.fr	2026-04-04 07:00:26 (2 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2026-01-15 11:49:03 (4 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 21:46:57 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 16:46:52.577063 2025] [security2:error] [pid 12248:tid 12248] [client 216.26.238.216:41937] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "register-yacht-spain.com"] [uri "/.env"] [unique_id "aVBTzHoybuWulkNisbI-SgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 20:04:10 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 15:04:03.460137 2025] [security2:error] [pid 9795:tid 9795] [client 216.26.238.216:37235] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bostonamerican.com"] [uri "/.env"] [unique_id "aVA7swGL4tja8MuevzAXJAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 21:11:08 (6 months ago)	(mod_security) mod_security (id:210740) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210740) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 16:10:37.778818 2025] [security2:error] [pid 18384:tid 18384] [client 216.26.238.216:50799] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy\|\|advancedmotorsports.com\|F\|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "advancedmotorsports.com"] [uri "/contact/guestbook.php"] [unique_id "aS9VzQSm6D1ypezGOiz-cQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 04:51:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 23:51:18.130402 2025] [security2:error] [pid 194525:tid 194545] [client 216.26.238.216:28235] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "echrony.com"] [uri "/.git/HEAD"] [unique_id "aS5wRlXB52HMSZ5lzSkGNAAAAMc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 08:41:39 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 03:41:32.576486 2025] [security2:error] [pid 9606:tid 9646] [client 216.26.238.216:51223] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "barnettbusinessgroup.mailporte.com"] [uri "/.svn/wc.db"] [unique_id "aSa9PCFyBWeOsnO3zv5pbwAAAIE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:28:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:28:30.599995 2025] [security2:error] [pid 28609:tid 28609] [client 216.26.238.216:56159] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arriagarealestate.com"] [uri "/.env"] [unique_id "aSVanmYOvivd4dfBMhkxzgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:39:57 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:39:52.001836 2025] [security2:error] [pid 18178:tid 18178] [client 216.26.238.216:41177] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.comobarbershop.com"] [uri "/.env"] [unique_id "aSVPOLAZJrNc4dh7OptCfgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:22:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:22:09.753904 2025] [security2:error] [pid 19493:tid 19493] [client 216.26.238.216:31479] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.evolute.io"] [uri "/.git/HEAD"] [unique_id "aSVLETkOTSiILkHhy6pFgQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:49:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:49:15.796763 2025] [security2:error] [pid 20520:tid 20520] [client 216.26.238.216:39839] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.thn.bz"] [uri "/.svn/wc.db"] [unique_id "aSVDWxsuSf6HmxuThiHy6AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:19:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:18:59.990795 2025] [security2:error] [pid 2847:tid 2847] [client 216.26.238.216:47669] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.4ehardware.com"] [uri "/.env"] [unique_id "aSU8QxLqxva5XdIX9s1RoQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:52:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.238.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:51:56.042865 2025] [security2:error] [pid 816172:tid 816172] [client 216.26.238.216:37911] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.fiveoceansconsulting.com"] [uri "/.svn/wc.db"] [unique_id "aSU17PPUbhkD8XpCL9SHBgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 30 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 184.83.177.177

🇰🇷 112.216.129.27

🇳🇱 107.189.24.77

🇺🇸 107.150.102.47

🇷🇴 92.118.39.236

🇺🇸 54.82.5.19

🇬🇧 35.203.211.48

🇺🇸 13.216.111.154

🇬🇧 2a02:4780:f:1b56::1

🇲🇽 201.103.214.31

🇺🇸 150.107.38.245

🇨🇳 106.12.144.153

🇳🇱 81.19.216.126

🇷🇴 80.94.92.186

🇮🇹 79.7.192.59

🇳🇱 77.83.39.227

🇩🇪 213.209.159.231

🇩🇪 194.187.176.237

🇩🇪 51.224.201.197

🇷🇴 2.57.121.112