JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.241.164

216.26.241.164 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 42%: ?

42%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.241.164

Whois 216.26.241.164

IP Abuse Reports for 216.26.241.164:

This IP address has been reported a total of 17 times from 12 distinct sources. 216.26.241.164 was first reported on October 1st 2025, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 F242	2026-06-14 19:08:31 (6 hours ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇬🇷 setupgr	2026-06-14 12:17:15 (13 hours ago)	(mod_security) mod_security (id:900001) triggered by 216.26.241.164: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 216.26.241.164: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jun 14 15:17:13.927788 2026] [security2:error] [pid 921871:tid 922026] [client 216.26.241.164:58413] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.fashionfragonard.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.fashionfragonard.gr"] [uri "/wp-login.php"] [unique_id "ai6bye2clReoPvlJKlgO1wAAAMo"], referer: https://mail.fashionfragonard.gr/wp-login.php show less	Port Scan
🇩🇪 FeG Deutschland	2026-06-13 03:30:01 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇬🇷 setupgr	2026-06-12 15:35:59 (2 days ago)	(mod_security) mod_security (id:900001) triggered by 216.26.241.164: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 216.26.241.164: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 18:35:54.200948 2026] [security2:error] [pid 351529:tid 351566] [client 216.26.241.164:52817] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.pankoskal.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.pankoskal.gr"] [uri "/wp-login.php"] [unique_id "aiwnWmm9gdo9fuJjoHgWcAAAAUo"], referer: https://mail.pankoskal.gr/wp-login.php show less	Port Scan
🇬🇧 spamverify.com	2026-06-12 04:11:20 (2 days ago)	Honeypot Hit: WordPress Login	Web Spam Blog Spam Bad Web Bot Web App Attack
🇲🇽 octageeks.com	2026-06-11 04:22:56 (3 days ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇫🇷 cityhunter_rhone	2026-06-06 12:06:08 (1 week ago)	Fail2Ban offender in jail [recidive] — 2 total attempts — tracked by mercurius-guide.com security sy ... show more Fail2Ban offender in jail [recidive] — 2 total attempts — tracked by mercurius-guide.com security system. show less	SSH Brute-Force
🇬🇧 PeravixGroup	2026-05-22 13:25:32 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇨🇳 ThreatBook.io	2026-04-18 23:37:25 (1 month ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/216.26.241.164 2026-0 ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/216.26.241.164 2026-04-18 19:34:06 /book/index.php?c=search&catid=23%20and%20(select%201%20from%20(select%20count(),concat(md5(1),floor(rand(0)2))x%20from%20information_schema.tables%20group%20by%20x)a) 2026-04-18 15:34:50 /druid/index.html show less	Web App Attack
🇨🇳 ThreatBook.io	2026-02-09 23:34:26 (4 months ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/216.26.241.164 2026-02 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/216.26.241.164 2026-02-09 09:38:51 /v3/api-docs 2026-02-09 09:38:48 /v2/api-docs 2026-02-09 09:38:50 /swagger/docs/v1 2026-02-09 09:38:50 /api/swagger.json 2026-02-09 09:38:48 /prod-api/v2/api-docs 2026-02-09 09:38:49 /swagger/v1/swagger.json show less	Web App Attack
🇳🇱 homeshowdomain.nl	2025-11-25 22:59:33 (6 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-11-24. show less	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-11-24 05:09:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:09:02.252513 2025] [security2:error] [pid 18194:tid 18288] [client 216.26.241.164:12199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "achillconsulting.com"] [uri "/.env"] [unique_id "aSPobu9urIyQu8V3f-3kGgAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:13:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:13:34.574013 2025] [security2:error] [pid 15794:tid 15814] [client 216.26.241.164:58693] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.stratifiedstudios.com"] [uri "/.svn/wc.db"] [unique_id "aSPbbk33WdBY9AO05A3xaAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 03:24:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 22:24:19.462139 2025] [security2:error] [pid 12978:tid 12978] [client 216.26.241.164:33627] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.integritysecurity.us"] [uri "/.svn/wc.db"] [unique_id "aSPP4zvbowoJd7XDZI4SgQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-15 03:13:48 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.241.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.241.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 14 22:13:38.079392 2025] [security2:error] [pid 23506:tid 23506] [client 216.26.241.164:56151] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bernard.gonzalez.com"] [uri "/.env"] [unique_id "aRfv4g7H1YZ6YjG9gZqY_QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.241

🇵🇦 181.197.43.206

🇻🇳 160.191.244.158

🇯🇵 54.248.17.61

🇺🇸 8.229.249.112

🇧🇪 198.235.24.195

🇫🇮 147.185.133.128

🇺🇸 146.88.240.154

🇨🇳 101.126.129.179

🇨🇦 85.217.149.72

🇱🇹 77.90.185.62

🇨🇦 66.92.161.48

🇺🇸 50.217.255.171

🇮🇷 46.100.8.21

🇳🇱 45.148.10.152

🇸🇬 43.134.96.24

🇮🇩 36.79.232.215

🇺🇸 20.106.48.199

🇯🇵 14.9.125.129

🇹🇼 198.235.24.103