JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 217.160.25.65

217.160.25.65 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 35%: ?

35%

ISP	IONOS SE
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8560
Domain Name	ionos.com
Country	🇩🇪 Germany
City	Koln, North Rhine-Westphalia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 217.160.25.65

Whois 217.160.25.65

IP Abuse Reports for 217.160.25.65:

This IP address has been reported a total of 17 times from 15 distinct sources. 217.160.25.65 was first reported on January 4th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Lunix	2026-06-06 06:00:11 (2 weeks ago)		Brute-Force Web App Attack
🇺🇸 jcbriar	2026-06-06 03:58:21 (2 weeks ago)	Searching for vulnerable scripts	Hacking Web App Attack
🇺🇸 Som1ght3n	2026-06-06 02:06:18 (2 weeks ago)	The IP attempted to access the sensitive web application configuration file "/.env.bak" via an HTTP ... show more The IP attempted to access the sensitive web application configuration file "/.env.bak" via an HTTP GET request. show less	Web App Attack
🇪🇸 masterguru	2026-06-06 01:52:58 (2 weeks ago)	. Matched phrase "/.env" at REQUEST_URI. (210492-159)	Web App Attack
🇺🇸 masterguru	2026-06-05 23:36:12 (2 weeks ago)	Host header is a numeric IP address. Pattern match "^ (920350-147)	Hacking Bad Web Bot
🇧🇪 boxed-it	2026-05-28 04:25:40 (3 weeks ago)	GET /.env (Tarpitted for 28s, wasted 1.76kB)	Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 04:19:26 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 217.160.25.65 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 217.160.25.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 00:19:22.431616 2026] [security2:error] [pid 9589:tid 9636] [client 217.160.25.65:57122] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.86"] [uri "/.env"] [unique_id "ahfCSu8xB6zKF9gQcvUVrwAAANI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-05-28 00:12:46 (3 weeks ago)	tcp/80 (3 or more attempts)	Port Scan
🇷🇸 Scan	2026-05-28 00:04:31 (3 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇩🇪 Reinhard	2026-05-10 07:50:18 (1 month ago)	Collecting information for hacking, but too many attacks.	Hacking
🇫🇷 MeduzaCTI	2026-04-11 13:33:29 (2 months ago)	Indicator Report Indicator: 217.160.25.65 Reporter: Vegeta Description: Covenant C2 Found Tags: FOF ... show more Indicator Report Indicator: 217.160.25.65 Reporter: Vegeta Description: Covenant C2 Found Tags: FOFA,Covenant,C2 Source: MeduzaCTI Platform Reference: https://meduzacti.com show less	Hacking
🇺🇸 chronos	2026-03-09 06:17:47 (3 months ago)	[AUTORAVALT][[09/03/2026 - 03:17:47 -03:00 UTC] Attack from [217.160.25.65] Action: BLocKed DDoS At ... show more [AUTORAVALT][[09/03/2026 - 03:17:47 -03:00 UTC] Attack from [217.160.25.65] Action: BLocKed DDoS Attack -> Participating in distributed denial-of-service. Phishing -> Phishing websites and/or email. Web Spam -> Comment/forum spam, HTTP referer spam, or other CMS spam. Blog Spam -> CMS blog comment spam. Web App Attack -> Attempts to probe for or exploit instal] ... show less	DDoS Attack Phishing Web Spam Blog Spam Web App Attack
🇫🇷 ingroscart.it	2026-03-08 07:18:31 (3 months ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 217.160.25.65 (DE/German ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 217.160.25.65 (DE/Germany/-) show less	Port Scan
🇺🇸 chronos	2026-03-08 00:19:50 (3 months ago)	[AUTORAVALT][[07/03/2026 - 21:19:50 -03:00 UTC] Attack from [217.160.25.65] Action: BLocKed DDoS At ... show more [AUTORAVALT][[07/03/2026 - 21:19:50 -03:00 UTC] Attack from [217.160.25.65] Action: BLocKed DDoS Attack -> Participating in distributed denial-of-service. Phishing -> Phishing websites and/or email. Web Spam -> Comment/forum spam, HTTP referer spam, or other CMS spam. Blog Spam -> CMS blog comment spam. Web App Attack -> Attempts to probe for or exploit instal] ... show less	DDoS Attack Phishing Web Spam Blog Spam Web App Attack
🇫🇷 omartin	2026-03-07 14:52:09 (3 months ago)	Critical Vulnerability Scan detected	Hacking Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 220.246.47.146

🇫🇷 185.177.72.51

🇳🇱 89.21.67.148

🇷🇴 80.94.92.166

🇳🇱 64.225.72.42

🇩🇪 5.231.242.141

🇰🇷 210.206.24.237

🇮🇳 203.192.249.107

🇧🇷 179.185.227.77

🇺🇸 172.202.100.15

🇫🇷 151.80.141.196

🇺🇸 148.153.56.174

🇮🇳 103.58.64.164

🇸🇪 83.177.240.110

🇨🇿 78.44.192.210

🇺🇸 67.23.166.166

🇮🇳 45.114.181.18

🇬🇧 193.163.125.40

🇷🇴 193.32.162.82

🇨🇿 185.138.69.94