JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.247.40

216.26.247.40 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 38%: ?

38%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.247.40

Whois 216.26.247.40

IP Abuse Reports for 216.26.247.40:

This IP address has been reported a total of 22 times from 11 distinct sources. 216.26.247.40 was first reported on November 10th 2025, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-16 03:06:55 (13 hours ago)	Login Too Frequent (7)	Brute-Force Web App Attack
🇺🇸 bpolson	2026-06-15 17:12:03 (23 hours ago)	WordPress Hacking/Scanning. (s1)	Hacking Web App Attack
🇲🇹 Malta	2026-06-15 15:26:53 (1 day ago)	216.26.247.40 - - [15/Jun/2026:17:26:53 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linu ... show more 216.26.247.40 - - [15/Jun/2026:17:26:53 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇫🇷 ELYAZ	2026-06-12 02:36:19 (4 days ago)	(y4) Failed scan -byebye- from 216.26.247.40 (ES/Spain/-): (CF_ENABLE)	Hacking
🇧🇪 cmbplf	2026-06-01 23:48:52 (2 weeks ago)	2.515 requests with url.path //xmlrpc.php	Brute-Force Bad Web Bot
🇬🇧 Mendip_Defender	2026-05-27 06:39:00 (2 weeks ago)	216.26.247.40 - - [27/May/2026:07:38:56 +0100] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 4954 ... show more 216.26.247.40 - - [27/May/2026:07:38:56 +0100] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 4954 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" 216.26.247.40 - - [27/May/2026:07:38:57 +0100] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 4954 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" 216.26.247.40 - - [27/May/2026:07:38:57 +0100] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 4954 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" ... show less	Hacking Web App Attack
🇧🇪 cmbplf	2026-03-17 20:15:59 (2 months ago)	2.713 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
Anonymous	2026-01-05 20:16:35 (5 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-11-26 12:43:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 07:43:33.952563 2025] [security2:error] [pid 29623:tid 29654] [client 216.26.247.40:38709] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "juantrece.emehache.net"] [uri "/.env"] [unique_id "aSb19YamKqIvYwWAxHiDFQAAAM4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 12:12:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 07:12:22.376576 2025] [security2:error] [pid 25211:tid 25211] [client 216.26.247.40:53843] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.phantomquailkennel.com"] [uri "/.env"] [unique_id "aSbupoikZVBk8VymMFo9tQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 10:53:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:53:41.241693 2025] [security2:error] [pid 5863:tid 5863] [client 216.26.247.40:13391] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.momihom.com"] [uri "/.git/HEAD"] [unique_id "aSbcNZBzKMIx56TwK8W4dAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 09:56:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 04:56:43.985829 2025] [security2:error] [pid 3198:tid 3198] [client 216.26.247.40:17307] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.diamondtrailerserv.com"] [uri "/.git/HEAD"] [unique_id "aSbO2_vodarQuEuhdC-CVAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 sockominfo	2025-11-26 03:32:54 (6 months ago)	[WAZUH] Access to sensitive files detected w/ specific boundary.	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:03:32 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:03:28.904770 2025] [security2:error] [pid 10878:tid 10878] [client 216.26.247.40:25505] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.stoutmen.com"] [uri "/.git/HEAD"] [unique_id "aSZuAEiNteMIPdyjDXQivwAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:07:33 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:07:29.075733 2025] [security2:error] [pid 1694:tid 1694] [client 216.26.247.40:45509] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.casaniagara.com.mx"] [uri "/.svn/wc.db"] [unique_id "aSZEwSNgzo0ckXzkcZ4slgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇪 190.89.31.31

🇱🇹 45.227.254.170

🇳🇱 193.25.217.247

🇵🇪 191.97.63.220

🇧🇷 187.45.135.82

🇳🇱 185.223.235.4

🇺🇸 174.64.199.92

🇩🇿 154.248.114.153

🇵🇰 110.38.247.155

🇮🇱 87.71.5.165

🇩🇪 37.221.198.200

🇮🇷 31.14.82.5

🇪🇹 196.189.155.89

🇺🇸 74.82.47.38

🇺🇸 66.132.172.241

🇽🇰 46.99.179.139

🇬🇷 5.55.68.152

🇺🇸 206.82.6.58

🇩🇪 194.88.98.101

🇨🇱 181.42.178.61