JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.247.131

216.26.247.131 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 30%: ?

30%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.247.131

Whois 216.26.247.131

IP Abuse Reports for 216.26.247.131:

This IP address has been reported a total of 12 times from 8 distinct sources. 216.26.247.131 was first reported on October 10th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 london2038.com	2026-06-24 10:18:42 (3 days ago)	Detected by WP fail2ban 2026-06-24T12:18:42.514107+02:00 wordpress: Authentication attempt from 216. ... show more Detected by WP fail2ban 2026-06-24T12:18:42.514107+02:00 wordpress: Authentication attempt from 216.26.247.131 show less	Brute-Force Web App Attack
🇫🇷 ELYAZ	2026-06-23 15:13:57 (4 days ago)	(y4) Failed scan -byebye- from 216.26.247.131 (ES/Spain/-): (CF_ENABLE)	Hacking
🇩🇪 Tha_14	2026-06-12 12:43:52 (2 weeks ago)	Attempt to log in with non-existing username: [email protected]	Bad Web Bot
Anonymous	2026-06-11 18:26:13 (2 weeks ago)	2026-06-11T20:26:13.442634+02:00 zanati wp(bikeschool.co.za)[1043097]: Blocked authentication attemp ... show more 2026-06-11T20:26:13.442634+02:00 zanati wp(bikeschool.co.za)[1043097]: Blocked authentication attempt for administrator from 216.26.247.131 ... show less	Web App Attack
🇦🇺 oncord	2026-06-04 21:54:30 (3 weeks ago)	Form spam	Web Spam
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:46 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 08:54:20 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 03:54:15.448216 2025] [security2:error] [pid 23391:tid 23391] [client 216.26.247.131:17637] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "elgautobody.com"] [uri "/.git/HEAD"] [unique_id "aVJBt8jpenKtMm3Vtm4oXAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 07:59:39 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 02:59:35.278975 2025] [security2:error] [pid 15953:tid 15953] [client 216.26.247.131:17671] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hakanararat.com"] [uri "/.env"] [unique_id "aVI05x7jdaE5MX5LRlB4agAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:04:34 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:04:30.304757 2025] [security2:error] [pid 659:tid 659] [client 216.26.247.131:40761] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cymbelescircles.com"] [uri "/.svn/wc.db"] [unique_id "aVIL3v166mHJ5lYXel60qQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-27 20:55:15 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 15:55:11.227669 2025] [security2:error] [pid 21122:tid 21122] [client 216.26.247.131:16059] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dceabronwilliams.com"] [uri "/.env"] [unique_id "aSi6ryBeF3fKriq04zjNUgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-02 18:37:48 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 06:57:54	Port Scan Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-10-10 13:46:04 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 216.26.247.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 10 09:45:58.242752 2025] [security2:error] [pid 21633:tid 21633] [client 216.26.247.131:19149] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gp-cm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gp-cm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aOkOFvUy35FK184_2w9R_wAAAAU"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 125.229.177.196

🇷🇺 94.233.127.218

🇺🇸 91.230.168.250

🇺🇸 43.135.135.17

🇩🇪 31.70.67.141

🇲🇽 187.216.224.85

🇰🇷 115.68.208.117

🇮🇳 103.109.181.126

🇺🇸 66.132.172.154

🇰🇷 59.26.208.34

🇮🇳 49.43.241.11

🇺🇦 46.149.191.249

🇭🇺 2a10:c800:1:9cc6::1

🇪🇹 196.188.187.205

🇬🇧 194.50.235.132

🇯🇵 138.2.38.49

🇨🇳 124.77.202.1

🇰🇷 110.14.190.221

🇳🇱 45.156.87.253

🇳🇱 45.148.10.151