JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.247.49

216.26.247.49 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.247.49

Whois 216.26.247.49

IP Abuse Reports for 216.26.247.49:

This IP address has been reported a total of 23 times from 10 distinct sources. 216.26.247.49 was first reported on November 10th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-05-07 14:43:51 (1 month ago)	517 requests with url.path *.env	Brute-Force Bad Web Bot
🇨🇭 filou812	2026-01-23 03:24:05 (4 months ago)	url tried is "/installer.php"	Web App Attack
🇺🇸 myagent.site	2026-01-01 02:44:10 (5 months ago)	Blocking for trying to access an exploit file: /old//installer.php	Hacking
Anonymous	2025-12-31 13:34:26 (5 months ago)	wordpress-trap	Web App Attack
🇺🇸 TPI-Abuse	2025-12-30 12:20:34 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 07:20:28.057078 2025] [security2:error] [pid 111538:tid 111542] [client 216.26.247.49:23001] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.rawsynergy.com"] [uri "/.git/HEAD"] [unique_id "aVPDjFXDtQlHeRyg7qj_IAAAAII"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:44 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 09:01:08 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 04:01:01.690910 2025] [security2:error] [pid 31768:tid 31768] [client 216.26.247.49:53579] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thegoldentether.com"] [uri "/.env"] [unique_id "aVJDTc2hKYK4pGcwcO-2ngAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 06:17:40 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:17:33.686500 2025] [security2:error] [pid 32063:tid 32063] [client 216.26.247.49:19503] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jamroomrecording.com"] [uri "/.svn/wc.db"] [unique_id "aVIc_WE3AdHqrjx0w6wjFQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:24:18 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:24:13.891498 2025] [security2:error] [pid 24844:tid 24844] [client 216.26.247.49:48051] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cestcaryntravel.com"] [uri "/.git/HEAD"] [unique_id "aVIQfdMQQB8mHM_reyQw8wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:04:32 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:04:29.899723 2025] [security2:error] [pid 12641:tid 12641] [client 216.26.247.49:46767] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "koreasesame.com"] [uri "/.git/HEAD"] [unique_id "aVIL3WZTzkstsjK5YpAROwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 03:29:55 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.247.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 22:29:51.067603 2025] [security2:error] [pid 20124:tid 20124] [client 216.26.247.49:60017] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sciencehumanitiespress.com"] [uri "/.env"] [unique_id "aVH1ry0JfoJvsXquMBRYbAAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-23 19:56:48 (5 months ago)	Blocking for trying to access an exploit file: /wordpress//installer.php	Hacking
🇩🇪 Carsten	2025-12-19 18:07:59 (5 months ago)	GET [old//installer.php]	Port Scan
🇮🇩 Burayot	2025-12-18 23:23:04 (5 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 216.26.247.49 (-): 2 in the last 36 ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 216.26.247.49 (-): 2 in the last 3600 secs show less	Web App Attack
🇳🇱 JCB	2025-12-18 16:26:00 (5 months ago)	216.26.247.49 - - [17/Dec/2025:22:17:57 +0200] "GET /wordpress/installer.php HTTP/1.1" 404 196 "-" " ... show more 216.26.247.49 - - [17/Dec/2025:22:17:57 +0200] "GET /wordpress/installer.php HTTP/1.1" 404 196 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/361.0.737942756 Mobile/15E148 Safari/604.1" show less	Web App Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇭 222.127.248.61

🇧🇷 177.222.217.35

🇨🇳 171.104.69.174

🇳🇵 103.134.217.34

🇹🇭 45.194.70.253

🇺🇸 20.169.106.149

🇪🇹 196.190.180.18

🇺🇸 137.184.159.183

🇮🇪 109.78.18.255

🇿🇲 74.244.129.24

🇺🇸 66.180.194.227

🇺🇸 64.62.197.182

🇮🇳 59.144.228.132

🇺🇸 20.80.104.232

🇨🇳 14.116.189.74

🇮🇳 223.181.14.186

🇩🇪 209.38.230.191

🇧🇴 190.129.22.103

🇩🇪 167.235.194.54

🇺🇸 162.216.150.69