JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.26.255.138

216.26.255.138 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 4%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.26.255.138

Whois 216.26.255.138

IP Abuse Reports for 216.26.255.138:

This IP address has been reported a total of 11 times from 5 distinct sources. 216.26.255.138 was first reported on September 29th 2025, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 04:54:20 (4 hours ago)	Web App Attack	Web App Attack
🇫🇷 Sklurk	2026-06-17 03:27:53 (3 days ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:44:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:44:27.920219 2025] [security2:error] [pid 13286:tid 13286] [client 216.26.255.138:22951] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.aarce.me"] [uri "/.git/HEAD"] [unique_id "aSU0K_5CdhAMkduVlryiVAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:03:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:03:18.334615 2025] [security2:error] [pid 30241:tid 30241] [client 216.26.255.138:13003] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.prosucomexico.com"] [uri "/.git/HEAD"] [unique_id "aSUqhh2wMWncBTi4qHtENAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:43:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:43:09.000674 2025] [security2:error] [pid 28390:tid 28390] [client 216.26.255.138:27037] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.limobusstlouis.com"] [uri "/.env"] [unique_id "aSUlzaikyjRZjidTBqZuGQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:05:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:05:29.183423 2025] [security2:error] [pid 24827:tid 24827] [client 216.26.255.138:60525] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.louiebluemartini.com"] [uri "/.svn/wc.db"] [unique_id "aSUA2Ue7zwR0XaCGUFdC2gAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:29:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:22:23.101017 2025] [security2:error] [pid 4592:tid 4592] [client 216.26.255.138:29659] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.efavorboxes.com"] [uri "/.env"] [unique_id "aST2v2vcV35OWpYLHlNhyAAAAFs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:04:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 216.26.255.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:04:38.141484 2025] [security2:error] [pid 1590769:tid 1590793] [client 216.26.255.138:34289] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gapm.aafm.us"] [uri "/.env"] [unique_id "aSTylmGwGZE4_DDLbJbK8wAAAJY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 tecnicorioja	2025-10-27 23:01:34 (7 months ago)	wp-login attack [27/Oct/2025:12:25:55	Brute-Force Web App Attack
🇩🇪 cloudmax	2025-10-26 05:52:06 (7 months ago)	Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnera ... show more Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnerability probing show less	Port Scan
Anonymous	2025-09-29 03:29:03 (8 months ago)	2025-09-29T05:28:57.265609 localhost.localdomain sshd[178266]: Failed password for root from 216.26. ... show more 2025-09-29T05:28:57.265609 localhost.localdomain sshd[178266]: Failed password for root from 216.26.255.138 port 37647 ssh2 2025-09-29T05:29:02.231771 localhost.localdomain sshd[178266]: Connection closed by authenticating user root 216.26.255.138 port 37647 [preauth] ... show less	Brute-Force SSH

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 2404:6800:4005:c00::129

🇺🇸 216.25.89.135

🇧🇷 191.36.235.43

🇱🇹 185.2.228.48

🇫🇮 147.185.133.55

🇳🇱 81.19.216.101

🇺🇸 38.48.114.185

🇪🇨 193.30.14.164

🇳🇱 176.65.139.216

🇺🇸 169.136.208.64

🇵🇹 148.63.176.20

🇮🇳 103.171.39.147

🇨🇿 78.44.32.30

🇨🇳 39.64.110.106

🇰🇪 2605:59c1:449f:3a08:9c8c:b564:b1c1:88bf

🇮🇳 180.211.113.210

🇧🇷 179.102.26.14

🇪🇸 90.162.116.66

🇳🇱 45.148.10.151

🇳🇱 204.76.203.36