JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.250.239

216.26.250.239 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.250.239

Whois 216.26.250.239

IP Abuse Reports for 216.26.250.239:

This IP address has been reported a total of 12 times from 8 distinct sources. 216.26.250.239 was first reported on October 18th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-04-21 10:23:54 (1 month ago)	[TueApr2112:23:49.5101822026][security2:error][pid3025358:tid3025372][client216.26.250.239:0]ModSecu ... show more [TueApr2112:23:49.5101822026][security2:error][pid3025358:tid3025372][client216.26.250.239:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"feldenkraisticino.ch\"][uri\"/backup.sql\"][unique_id\"aedQNRhJ3UcICK2T19yLuAAAAQs\"] show less	Port Scan Brute-Force Web App Attack
🇦🇱 cheatmaster.store	2026-02-27 02:03:32 (3 months ago)	Automated report: This IP address has been identified as an active public open proxy. Classification ... show more Automated report: This IP address has been identified as an active public open proxy. Classification: Open Proxy \| Spoofing \| VPN/Anonymizer \| Bad Web Bot. Country: Canada Threat level: High. This host is listed across multiple public proxy databases and poses a risk of abuse, credential stuffing, scraping, and spoofed traffic. Reported by automated threat intelligence pipeline. Do not whitelist without manual verification. show less	Web Spam Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-01-07 17:16:24 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 07 12:16:18.819699 2026] [security2:error] [pid 23392:tid 23392] [client 216.26.250.239:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chaitanyaconsult.in"] [uri "/.env"] [unique_id "aV6U4l_CqDeA3EHcOlwTIQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-30 18:35:39 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 13:35:16.301632 2025] [security2:error] [pid 26970:tid 26970] [client 216.26.250.239:10885] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.lsd36.com"] [uri "/.git/HEAD"] [unique_id "aVQbZDiFau5cBW92z9LkAQAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-24 13:20:20 (6 months ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:43:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:42:55.384107 2025] [security2:error] [pid 620:tid 620] [client 216.26.250.239:28373] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "workshop.modelengines.info"] [uri "/.svn/wc.db"] [unique_id "aSQMf01gxbo8ZZyGQTxEVQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:21:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:21:04.004164 2025] [security2:error] [pid 612:tid 612] [client 216.26.250.239:57375] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "americanexportimport.com"] [uri "/.svn/wc.db"] [unique_id "aSP5ULsh4EEAEgehOy_NegAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:03:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.250.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:03:10.727311 2025] [security2:error] [pid 7750:tid 7750] [client 216.26.250.239:44513] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.mylert.org"] [uri "/.svn/wc.db"] [unique_id "aSP1Hm96teJHiagxR1pm2wAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-01 21:35:15 (7 months ago)	[redacted] 216.26.250.239 - - [01/Nov/2025:22:35:03 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" " ... show more [redacted] 216.26.250.239 - - [01/Nov/2025:22:35:03 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) GSA/48.0.193557427 Mobile/15E216 Safari/604.1" [redacted] 216.26.250.239 - - [01/Nov/2025:22:35:04 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G570M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.64 Mobile Safari/537.36" [redacted] 216.26.250.239 - - [01/Nov/2025:22:35:05 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Linux; Android 7.1.1; SAMSUNG SM-J250M Build/NMF26X) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/7.4 Chrome/59.0.3071.125 Mobile Safari/537.36" [redacted] 216.26.250.239 - - [01/Nov/2025:22:35:07 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (iPad; CPU OS 10_0_2 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10 ... show less	Hacking Web App Attack
🇩🇪 Marc	2025-10-29 21:07:36 (7 months ago)		Brute-Force
🇫🇷 IRISIO	2025-10-20 08:34:12 (7 months ago)	scans/SQL injection/spam posts : 4 queries	SQL Injection Web App Attack
🇩🇪 Carsten	2025-10-18 09:34:55 (7 months ago)	GET [api/v1/repos/search?page=1&sort=updated&order=desc&limit=1]	Port Scan

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇴 181.115.147.5

🇺🇸 162.35.160.87

🇵🇰 103.115.199.18

🇨🇳 101.126.155.86

🇺🇸 66.132.224.24

🇨🇳 14.103.112.42

🇺🇸 172.245.225.106

🇻🇳 156.229.22.183

🇨🇴 129.222.203.206

🇮🇳 128.185.220.90

🇨🇳 122.114.241.136

🇸🇬 114.119.156.56

🇸🇬 114.119.134.178

🇮🇳 106.51.24.27

🇰🇪 102.215.15.119

🇩🇪 80.91.79.223

🇲🇰 77.29.135.151

🇬🇧 31.14.254.41

🇻🇳 14.224.190.200

🇺🇸 194.62.107.38