JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.239.85

216.26.239.85 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 17%: ?

17%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.239.85

Whois 216.26.239.85

IP Abuse Reports for 216.26.239.85:

This IP address has been reported a total of 16 times from 8 distinct sources. 216.26.239.85 was first reported on November 11th 2025, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-13 05:26:30 (23 hours ago)	(mod_security) mod_security (id:900001) triggered by 216.26.239.85: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 216.26.239.85: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sat Jun 13 08:26:25.443656 2026] [security2:error] [pid 568634:tid 568721] [client 216.26.239.85:45989] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: ions.gr"] [severity "CRITICAL"] [tag "security"] [hostname "ions.gr"] [uri "/wp-login.php"] [unique_id "aizqAWhA1AVliy02kiGczQAAAc4"], referer: https://ions.gr/wp-login.php show less	Port Scan
🇩🇪 FeG Deutschland	2026-06-11 17:41:46 (2 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 Victor López	2026-06-11 09:57:53 (2 days ago)	vpardilalaw.com 216.26.239.85 - - [11/Jun/2026:04:57:22 -0500] "POST /wp-login.php HTTP/1.1" 200 208 ... show more vpardilalaw.com 216.26.239.85 - - [11/Jun/2026:04:57:22 -0500] "POST /wp-login.php HTTP/1.1" 200 2081 "https://vpardilalaw.com/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; rv:118.0) Gecko/20100101 Firefox/118.0" vpardilalaw.com 216.26.239.85 - - [11/Jun/2026:04:57:33 -0500] "POST /wp-login.php HTTP/1.1" 200 2081 "https://vpardilalaw.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" vpardilalaw.com 216.26.239.85 - - [11/Jun/2026:04:57:53 -0500] "POST /wp-login.php HTTP/1.1" 200 2081 "https://vpardilalaw.com/wp-login.php" "Mozilla/5.0 (Windows NT 11.0; Win64; x64; rv:118.0) Gecko/20100101 Firefox/118.0" ... show less	Hacking Web App Attack
🇦🇺 oncord	2026-03-12 06:30:24 (3 months ago)	Form spam	Web Spam
🇬🇧 gurnip	2026-02-19 08:25:24 (3 months ago)	Contact form spam of type 'other'.	Web Spam
🇦🇺 oncord	2026-02-15 07:24:37 (3 months ago)	Form spam	Web Spam
🇬🇧 oncord	2026-02-12 06:18:06 (4 months ago)	Form spam	Web Spam
🇦🇺 oncord	2026-02-11 01:40:48 (4 months ago)	Form spam	Web Spam
🇮🇩 Burayot	2025-12-09 19:49:20 (6 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 216.26.239.85 (BR/Brazil/-): 1 in t ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 216.26.239.85 (BR/Brazil/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 08:33:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 03:33:52.671920 2025] [security2:error] [pid 11520:tid 11520] [client 216.26.239.85:44107] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "quicksmogsandiego.com"] [uri "/.git/HEAD"] [unique_id "aTfe8Hmc_AHWf_T3ZUDLYwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 15:38:49 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 10:38:44.569797 2025] [security2:error] [pid 11557:tid 11557] [client 216.26.239.85:49871] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wcvfr.org"] [uri "/.env"] [unique_id "aTWfhON9B_gd7WXLICrW_AAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 16:42:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 11:42:22.283774 2025] [security2:error] [pid 1678:tid 1678] [client 216.26.239.85:23005] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "delucchi.net"] [uri "/.env"] [unique_id "aTRc7oYuA4zCjUh1R1nooAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 08:18:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 03:18:40.864992 2025] [security2:error] [pid 30762:tid 30762] [client 216.26.239.85:24649] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "joevallone.com"] [uri "/.svn/wc.db"] [unique_id "aTKVYCn7q3OBIFZpDgJHnwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 05:55:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 00:55:19.060380 2025] [security2:error] [pid 12105:tid 12105] [client 216.26.239.85:9033] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "safetyfastclub.com"] [uri "/.git/HEAD"] [unique_id "aTJzx2C30RHqHaDhXcLFXgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 02:33:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.239.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 21:33:15.121768 2025] [security2:error] [pid 32714:tid 32714] [client 216.26.239.85:49969] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "leighcunningham.com"] [uri "/.svn/wc.db"] [unique_id "aTJEa2s-QuAoUADjRaK0YQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.62.96.42

🇨🇴 206.84.80.53

🇯🇴 176.29.28.6

🇩🇪 155.117.127.214

🇺🇸 100.29.192.38

🇷🇺 85.95.166.40

🇺🇸 66.132.186.210

🇳🇱 45.148.10.147

🇳🇱 45.148.10.141

🇻🇪 38.74.254.172

🇬🇧 34.142.27.198

🇺🇦 31.134.118.100

🇮🇪 18.202.80.171

🇬🇧 217.33.45.122

🇫🇷 176.133.121.90

🇳🇱 176.65.139.195

🇫🇮 147.185.133.147

🇨🇳 113.58.234.199

🇨🇳 110.241.53.245

🇺🇸 65.49.1.43