JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.252.9

216.26.252.9 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 33%: ?

33%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.252.9

Whois 216.26.252.9

IP Abuse Reports for 216.26.252.9:

This IP address has been reported a total of 18 times from 15 distinct sources. 216.26.252.9 was first reported on November 12th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-12 15:38:14 (1 day ago)	(mod_security) mod_security (id:900001) triggered by 216.26.252.9: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 216.26.252.9: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 18:38:09.892520 2026] [security2:error] [pid 351324:tid 351525] [client 216.26.252.9:55523] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.pankoskal.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.pankoskal.gr"] [uri "/wp-login.php"] [unique_id "aiwn4a6PDvwc_i5kBP4zWwAAANg"], referer: https://mail.pankoskal.gr/wp-login.php show less	Port Scan
🇬🇷 setupgr	2026-06-12 01:10:48 (2 days ago)	(mod_security) mod_security (id:900001) triggered by 216.26.252.9: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 216.26.252.9: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 04:10:45.174923 2026] [security2:error] [pid 53054:tid 53097] [client 216.26.252.9:56857] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: tavernadimitris.com"] [severity "CRITICAL"] [tag "security"] [hostname "tavernadimitris.com"] [uri "/wp-login.php"] [unique_id "aitclen8ZOKItT2VFMoo6wAAAVA"], referer: https://tavernadimitris.com/wp-login.php show less	Port Scan
🇫🇷 pm33	2026-06-10 16:21:36 (3 days ago)	Wordpress login attempts	Brute-Force
🇫🇷 ELYAZ	2026-06-10 06:13:30 (3 days ago)	(y4) Failed scan -byebye- from 216.26.252.9 (FR/France/-): (CF_ENABLE)	Hacking
🇦🇺 MAGIC	2026-06-10 01:24:52 (4 days ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2026-05-25 16:53:55 (2 weeks ago)	SSL Weakness Scan	Hacking
🇺🇸 SiliSoftware	2026-05-24 14:26:56 (2 weeks ago)	/wp-includes/wlwmanifest.xml	Web App Attack
🇫🇷 SpaceHost-Server	2026-02-24 23:43:46 (3 months ago)		Brute-Force Web App Attack
🇹🇷 rtbh.com.tr	2026-02-24 20:11:44 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇫🇷 SpaceHost-Server	2026-02-23 23:40:13 (3 months ago)		Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-01-08 12:12:04 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.252.9 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 216.26.252.9 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 08 07:11:56.748381 2026] [security2:error] [pid 7706:tid 7706] [client 216.26.252.9:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kryptonome.com"] [uri "/.svn/wc.db"] [unique_id "aV-fDA4REKyG5zOoybsBzwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-05 20:12:55 (5 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
🇵🇱 sefinek.net	2026-01-02 13:22:20 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko/20100101 Firefox/114.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 Packets-Decreaser.NET	2025-12-31 01:00:56 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 05:51:34 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.252.9 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 216.26.252.9 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:51:27.141648 2025] [security2:error] [pid 2660271:tid 2660282] [client 216.26.252.9:41573] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "councilofforeignministers.com"] [uri "/.env"] [unique_id "aVIW37y5r8TcoL1xTBj97AAAAEk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 185.180.141.38

🇳🇱 176.65.139.56

🇩🇪 172.70.243.171

🇸🇪 158.173.241.141

🇩🇪 69.5.169.121

🇺🇸 54.211.39.46

🇺🇸 45.92.229.112

🇧🇪 35.195.94.179

🇻🇳 14.225.173.146

🇺🇸 3.17.167.183

🇺🇸 216.25.89.113

🇰🇷 210.222.46.15

🇸🇬 159.223.38.158

🇸🇪 158.174.211.17

🇺🇸 147.185.132.87

🇦🇪 145.241.123.102

🇺🇸 64.62.156.135

🇺🇸 54.213.179.206

🇺🇸 50.173.128.94

🇺🇸 50.6.228.32