JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.249.27

216.26.249.27 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.249.27

Whois 216.26.249.27

IP Abuse Reports for 216.26.249.27:

This IP address has been reported a total of 21 times from 12 distinct sources. 216.26.249.27 was first reported on October 7th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇬 pa4080	2026-05-14 20:28:54 (1 month ago)	Detected by ModSecurity. Request URI: /wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-setti ... show more Detected by ModSecurity. Request URI: /wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings show less	Web App Attack
🇫🇷 dynamix	2026-02-15 11:15:08 (4 months ago)	Multiple WAF Violations	Web App Attack
🇨🇭 Origon	2026-02-15 05:06:17 (4 months ago)	http-sensitive-files - IP: 216.26.249.27 - time="2026-02-15T06:06:17+01:00" level=info msg="(555f66 ... show more http-sensitive-files - IP: 216.26.249.27 - time="2026-02-15T06:06:17+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 216.26.249.27 (IT/200373) : 4h ban on Ip 216.26.249.27" module=db show less	Web App Attack
🇺🇸 myagent.site	2026-02-15 03:49:51 (4 months ago)	Blocking for trying to access an exploit file: /.env.save	Hacking
🇬🇧 consul.to	2026-02-15 01:12:33 (4 months ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-02-15 00:52:54 (4 months ago)	216.26.249.27 - - [15/Feb/2026:01:52:54 +0100] "GET /api/.git/config HTTP/1.1" 301 169 "-" "Mozilla/ ... show more 216.26.249.27 - - [15/Feb/2026:01:52:54 +0100] "GET /api/.git/config HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" show less	Web App Attack
🇳🇱 wlt-blocker	2026-01-05 00:10:08 (5 months ago)	Unauthorized access to webpage admin	Web App Attack
Anonymous	2026-01-03 13:43:38 (5 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2026.01.03 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2026.01.03 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-11-26 12:05:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 07:05:40.323059 2025] [security2:error] [pid 19199:tid 19199] [client 216.26.249.27:48727] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.andiamorun.com"] [uri "/.env"] [unique_id "aSbtFN9_0urbDIohfvtXHwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 10:10:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:09:55.801647 2025] [security2:error] [pid 2246:tid 2246] [client 216.26.249.27:55347] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.title37.com"] [uri "/.git/HEAD"] [unique_id "aSbR8-t3E8vrrcQjhPY-BAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 09:33:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 04:33:31.528914 2025] [security2:error] [pid 7134:tid 7134] [client 216.26.249.27:19449] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dogdom.gulftelecom.com"] [uri "/.git/HEAD"] [unique_id "aSbJa3U7F-Q0KS8ErJw-wgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 06:02:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:02:01.463336 2025] [security2:error] [pid 3599211:tid 3599234] [client 216.26.249.27:22821] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nobletitles.aafm.us"] [uri "/.svn/wc.db"] [unique_id "aSaX2SWBb6LubLi-gSEVbgAAAFU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:28:15 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:28:08.599199 2025] [security2:error] [pid 27137:tid 27137] [client 216.26.249.27:55673] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.hightechautoandtruck.com"] [uri "/.svn/wc.db"] [unique_id "aSaP6IT0Vvjty7x3fseA_AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:17:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:17:20.334015 2025] [security2:error] [pid 12695:tid 12695] [client 216.26.249.27:54389] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gilgoinn.com"] [uri "/.git/HEAD"] [unique_id "aSZHENvVoYxvDpKmPEvj2gAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:06:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 216.26.249.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:06:29.949090 2025] [security2:error] [pid 27886:tid 27886] [client 216.26.249.27:49905] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.cidv.com"] [uri "/.env"] [unique_id "aSUPJRVYu22BRToOOkqt7AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 183.96.62.29

🇫🇮 178.20.210.208

🇷🇺 95.47.246.223

🇩🇪 69.5.169.93

🇲🇾 47.250.160.119

🇺🇸 20.168.120.44

🇨🇳 175.7.224.67

🇨🇳 123.249.126.59

🇺🇸 107.167.34.125

🇻🇳 103.124.94.144

🇩🇪 94.26.106.90

🇨🇦 51.79.67.63

🇺🇸 44.250.151.206

🇳🇱 34.32.148.179

🇭🇰 210.6.24.6

🇧🇷 187.85.145.206

🇵🇹 181.214.6.76

🇳🇱 146.103.1.15

🇺🇸 107.173.36.187

🇺🇸 96.69.66.101