JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.248.156

216.26.248.156 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 35%: ?

35%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.248.156

Whois 216.26.248.156

IP Abuse Reports for 216.26.248.156:

This IP address has been reported a total of 13 times from 10 distinct sources. 216.26.248.156 was first reported on October 30th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇽 octageeks.com	2026-06-16 04:11:37 (1 day ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇩🇪 FeG Deutschland	2026-06-15 20:05:29 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇲🇹 Malta	2026-06-14 12:25:05 (2 days ago)	216.26.248.156 - - [14/Jun/2026:14:25:04 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintos ... show more 216.26.248.156 - - [14/Jun/2026:14:25:04 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; rv:119.0) Gecko/20100101 Firefox/119.0" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇬🇷 setupgr	2026-06-14 12:17:45 (2 days ago)	(mod_security) mod_security (id:900001) triggered by 216.26.248.156: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 216.26.248.156: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jun 14 15:17:41.212289 2026] [security2:error] [pid 921889:tid 922063] [client 216.26.248.156:48807] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.fashionfragonard.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.fashionfragonard.gr"] [uri "/wp-login.php"] [unique_id "ai6b5SykT1eM1OfD7bvu7wAAAUg"], referer: https://mail.fashionfragonard.gr/wp-login.php show less	Port Scan
🇬🇷 setupgr	2026-06-12 15:38:54 (4 days ago)	(mod_security) mod_security (id:900001) triggered by 216.26.248.156: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 216.26.248.156: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 18:38:52.796235 2026] [security2:error] [pid 351529:tid 351570] [client 216.26.248.156:51375] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.pankoskal.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.pankoskal.gr"] [uri "/wp-login.php"] [unique_id "aiwoDGm9gdo9fuJjoHgWmQAAAU4"], referer: https://mail.pankoskal.gr/wp-login.php show less	Port Scan
🇫🇷 pm33	2026-06-10 19:31:12 (6 days ago)	Wordpress login attempts	Brute-Force
🇨🇳 ThreatBook.io	2026-05-07 02:02:39 (1 month ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/216.26.248.156 2026-0 ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/216.26.248.156 2026-05-06 13:06:43 / 2026-05-06 13:06:50 / show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 10:31:19 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.248.156 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.248.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:31:16.837399 2025] [security2:error] [pid 24176:tid 24176] [client 216.26.248.156:55609] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "basse.lahamradio.com"] [uri "/.svn/wc.db"] [unique_id "aSbW9OrhHrpJpzEh_e0TZQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:41:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.248.156 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.248.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:41:49.353540 2025] [security2:error] [pid 5318:tid 5325] [client 216.26.248.156:12229] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.xavidominguez.com"] [uri "/.env"] [unique_id "aSZMzYtQIEBqnJukf2K_EQAAAIU"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-25 22:30:31 (6 months ago)	Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing ... show more Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 17:53:07 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.248.156 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.248.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 12:53:02.006745 2025] [security2:error] [pid 7912:tid 7912] [client 216.26.248.156:45373] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.ozera.com"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aRTJft1skLphfanfLb9nNAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2025-11-01 08:59:03 (7 months ago)	216.26.248.156 - - [01/Nov/2025:02:59:03 -0600] "POST /wp-login.php HTTP/1.1" 301 162 "-" "Mozilla/5 ... show more 216.26.248.156 - - [01/Nov/2025:02:59:03 -0600] "POST /wp-login.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0" ... show less	Brute-Force
Anonymous	2025-10-30 14:01:37 (7 months ago)	WordPress Brute Force	Brute-Force

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇹 212.24.108.147

🇩🇪 116.202.213.58

🇭🇰 103.243.26.174

🇨🇳 49.73.82.152

🇦🇺 134.199.166.95

🇭🇰 118.193.32.119

🇷🇸 109.207.41.213

🇩🇪 69.5.169.15

🇮🇪 54.154.161.87

🇰🇷 15.165.59.222

🇻🇳 14.249.70.94

🇺🇸 66.132.172.231

🇺🇸 64.62.156.131

🇩🇪 47.91.90.160

🇧🇷 45.177.208.21

🇨🇳 42.233.102.245

🇮🇩 34.34.223.108

🇮🇪 3.252.98.187

🇧🇷 205.210.31.169

🇧🇷 164.163.25.162