JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.255.122

216.26.255.122 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 28%: ?

28%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.255.122

Whois 216.26.255.122

IP Abuse Reports for 216.26.255.122:

This IP address has been reported a total of 23 times from 10 distinct sources. 216.26.255.122 was first reported on December 2nd 2025, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 MAGIC	2026-06-12 02:36:32 (4 hours ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇬🇷 setupgr	2026-06-12 00:47:00 (6 hours ago)	(mod_security) mod_security (id:900001) triggered by 216.26.255.122: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 216.26.255.122: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 03:46:59.421818 2026] [security2:error] [pid 52835:tid 52909] [client 216.26.255.122:44705] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: tavernadimitris.com"] [severity "CRITICAL"] [tag "security"] [hostname "tavernadimitris.com"] [uri "/wp-login.php"] [unique_id "aitXA2TUdRqWy5D9zgOwswAAABE"], referer: https://tavernadimitris.com/wp-login.php show less	Port Scan
🇺🇸 dtorrer	2026-06-11 18:11:35 (13 hours ago)	Brute-force general attack.	Brute-Force
🇩🇪 georgengelmann	2026-05-22 04:30:58 (3 weeks ago)	Failed login attempt for admin	Brute-Force Web App Attack
🇱🇻 garmtech.com	2026-05-13 21:24:58 (4 weeks ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-24.216.26.255.122.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-24.216.26.255.122.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇮🇩 securejdprop	2026-02-15 23:14:42 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus D ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus DROP Listed Traffic Inbound group 59). Ip 216.26.255.122 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-02-15 23:14:41.480938896 +0000 UTC show less	Hacking Web App Attack
🇯🇵 Valhalla	2026-02-11 19:22:22 (4 months ago)	/test/.git/config	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 03:01:50 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 22:01:45.339777 2026] [security2:error] [pid 1674384:tid 1674384] [client 216.26.255.122:17659] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jhonbens.com"] [uri "/.env"] [unique_id "aWr7mVgka22BMYrSRhmvQgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 02:26:49 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 21:26:42.654801 2026] [security2:error] [pid 14041:tid 14041] [client 216.26.255.122:26291] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.keeftone.com"] [uri "/.env"] [unique_id "aWrzYuFvLrgWbWoCPyvdYQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 19:07:24 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 14:07:18.771114 2026] [security2:error] [pid 31183:tid 31183] [client 216.26.255.122:36293] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.lyldevelopers.com"] [uri "/.env"] [unique_id "aWqMZrHKpjKQ7hEGnkhdcwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 Valhalla	2025-12-27 23:41:09 (5 months ago)	/.env	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 21:36:01 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 16:35:58.834915 2025] [security2:error] [pid 31662:tid 31662] [client 216.26.255.122:55359] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thegolfhole.com"] [uri "/.svn/wc.db"] [unique_id "aVBRPqaxYcmW1yjGpfGk6AAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 20:21:58 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 15:21:52.910526 2025] [security2:error] [pid 15002:tid 15002] [client 216.26.255.122:30089] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bonegym.com"] [uri "/.env"] [unique_id "aVA_4B-ZX30rWroVqGRRPAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 17:16:09 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 12:16:02.381525 2025] [security2:error] [pid 2083:tid 2083] [client 216.26.255.122:30245] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crowmoonmarketing.com"] [uri "/.env"] [unique_id "aVAUUjwRyZ4iYImTSXhOoQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-27 16:02:27 (5 months ago)	Blocking for trying to access an exploit file: /.env	Hacking

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇸 213.6.180.14

🇬🇧 188.240.59.15

🇮🇳 182.95.48.122

🇮🇳 59.91.43.5

🇮🇪 54.155.84.127

🇳🇱 45.148.10.157

🇺🇸 20.64.106.18

🇯🇵 8.216.4.132

🇧🇷 205.210.31.207

🇮🇶 188.64.139.147

🇦🇺 170.64.184.249

🇮🇳 143.110.177.177

🇩🇪 69.5.169.102

🇧🇪 34.62.20.180

🇺🇸 20.190.190.193

🇭🇰 223.197.196.92

🇷🇴 92.118.39.236

🇫🇷 91.231.89.169

🇹🇷 91.151.95.146

🇫🇷 89.116.31.97