JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.241.13

216.26.241.13 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 30%: ?

30%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.241.13

Whois 216.26.241.13

IP Abuse Reports for 216.26.241.13:

This IP address has been reported a total of 16 times from 9 distinct sources. 216.26.241.13 was first reported on October 21st 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 LRNP	2026-06-06 19:23:07 (1 day ago)	_:80 216.26.241.13 - - [06/Jun/2026:19:23:06 +0000] "GET http://xenon.lpoujol.fr/.env HTTP/1.1" 404 ... show more _:80 216.26.241.13 - - [06/Jun/2026:19:23:06 +0000] "GET http://xenon.lpoujol.fr/.env HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇳🇱 ParaBug	2026-06-06 09:54:21 (1 day ago)	216.26.241.13 - - [06/Jun/2026:11:54:20 +0200] "GET http://51-15-23-24.rev.poneytelecom.eu/.env HTTP ... show more 216.26.241.13 - - [06/Jun/2026:11:54:20 +0200] "GET http://51-15-23-24.rev.poneytelecom.eu/.env HTTP/1.1" 403 440 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Phishing Brute-Force Web App Attack
🇫🇮 inlink.ltd	2026-06-06 03:38:57 (2 days ago)	dot file probe	Web App Attack
Anonymous	2026-05-14 10:08:01 (3 weeks ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇬🇧 PeravixGroup	2026-05-11 05:32:21 (3 weeks ago)	Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran. ... show more Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran.cloud show less	FTP Brute-Force Brute-Force
🇨🇦 SSH-Admin	2026-02-07 17:12:28 (4 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇨🇦 SSH-Admin	2025-12-27 13:45:08 (5 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:25:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:25:30.149225 2025] [security2:error] [pid 21263:tid 21263] [client 216.26.241.13:36087] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.kdgsf.xyz"] [uri "/.env"] [unique_id "aSQkilO9C_mBhVQ2JTXg1wAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:02:57 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:02:50.413697 2025] [security2:error] [pid 25319:tid 25319] [client 216.26.241.13:13509] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.agenesis7.com"] [uri "/.env"] [unique_id "aSQfOhXC2oSoyJVDgSPJzwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:51:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:50:22.860291 2025] [security2:error] [pid 3492139:tid 3492139] [client 216.26.241.13:24127] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.dreamhomeappraisalservices.com"] [uri "/.env"] [unique_id "aSQOPu9eGj4rRsYY0803_AAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:19:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:18:57.979723 2025] [security2:error] [pid 21709:tid 21709] [client 216.26.241.13:26399] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.richardnash.com"] [uri "/.svn/wc.db"] [unique_id "aSQG4Rb1g6JwrQb4u2Jl0wAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:54:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:54:19.187145 2025] [security2:error] [pid 10696:tid 10833] [client 216.26.241.13:13009] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.resort4pets.com"] [uri "/.env"] [unique_id "aSPk-yJafRnFKTiRlooamwAAAVc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:39:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:39:01.028377 2025] [security2:error] [pid 3425:tid 3425] [client 216.26.241.13:27013] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.jimgrenier.com"] [uri "/.svn/wc.db"] [unique_id "aSPhZd-vEiAM_2tpRonefQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mind5t0rm	2025-11-20 11:11:28 (6 months ago)	(WPLOGIN) WP Login Attack 216.26.241.13 (BR/Brazil/-): 3 in the last 3600 secs; Ports: ; Direction: ... show more (WPLOGIN) WP Login Attack 216.26.241.13 (BR/Brazil/-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 216.26.241.13 - - [20/Nov/2025:18:11:14 +0700] "GET /wp-login.php HTTP/2.0" 200 3023 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0" 216.26.241.13 - - [20/Nov/2025:18:11:20 +0700] "GET /wp-login.php?wp_lang=en_US HTTP/2.0" 200 3163 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" 216.26.241.13 - - [20/Nov/2025:18:11:23 +0700] "POST /wp-login.php?wp_lang=en_US HTTP/2.0" 200 3157 "https://zerowaterthailand.com/wp-login.php?wp_lang=en_US" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" show less	Port Scan
Anonymous	2025-11-02 23:48:00 (7 months ago)	Unauthorized connection attempt	Brute-Force

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 140.235.0.223

🇫🇮 45.82.110.150

🇨🇳 223.88.22.211

🇭🇰 199.45.154.177

🇦🇷 186.22.16.8

🇮🇷 185.126.200.110

🇩🇪 165.245.215.23

🇺🇸 154.83.197.83

🇺🇸 147.185.132.169

🇭🇰 118.26.39.178

🇨🇳 113.138.219.245

🇲🇲 103.105.174.246

🇺🇸 96.44.160.195

🇵🇱 95.214.53.157

🇺🇸 34.74.21.132

🇬🇧 31.14.254.15

🇯🇵 20.78.0.33

🇨🇳 14.103.112.179

🇳🇱 5.255.123.158

🇨🇳 218.85.78.113