JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.12.25

65.111.12.25 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 29%: ?

29%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.12.25

Whois 65.111.12.25

IP Abuse Reports for 65.111.12.25:

This IP address has been reported a total of 49 times from 14 distinct sources. 65.111.12.25 was first reported on July 4th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 zam	2026-06-11 20:05:55 (2 days ago)	65.111.12.25 - - [11/Jun/2026:20:05:46 +0000] "POST /wp-login.php HTTP/1.1" 301 277	Web App Attack
🇩🇪 FeG Deutschland	2026-06-11 16:50:46 (2 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇺🇸 koinkash.org	2026-06-10 20:10:43 (3 days ago)	They are fraudulent. Malicious threat actor requesting php file /wp-login.php	Web App Attack
🇲🇹 Malta	2026-06-10 14:21:08 (3 days ago)	65.111.12.25 - - [10/Jun/2026:16:21:08 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linux ... show more 65.111.12.25 - - [10/Jun/2026:16:21:08 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇺🇸 TPI-Abuse	2026-03-05 08:12:59 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 03:12:53.714488 2026] [security2:error] [pid 2915:tid 2928] [client 65.111.12.25:31397] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.howardhallis.com"] [uri "/.git/objects/03/11e863eb36ccf5072f47d52594ac8a08605c9d"] [unique_id "aak7BWbdh7c6FWT9QFVNFwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-10 23:34:19 (5 months ago)	wordpress-trap	Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:02:19 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2025-12-15 01:02:29 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-12-10 14:52:11 (6 months ago)	"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized ac ... show more "Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized access" show less	DDoS Attack SQL Injection Exploited Host
🇪🇸 Gem	2025-12-06 10:00:25 (6 months ago)	Unauthorized web scan.	Web App Attack
Anonymous	2025-12-03 02:24:18 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-12-02 19:46:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 14:46:27.432062 2025] [security2:error] [pid 25255:tid 25255] [client 65.111.12.25:23421] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brandoncomputergeeks.com"] [uri "/.svn/wc.db"] [unique_id "aS9CExcS-QRsrLnrWaM71wAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-02 14:16:35 (6 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 TPI-Abuse	2025-12-02 09:22:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 04:22:32.660616 2025] [security2:error] [pid 2139467:tid 2139467] [client 65.111.12.25:18547] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "central-wi-coal-sales.com"] [uri "/.git/HEAD"] [unique_id "aS6v2L15AOvShb-tV_kQSwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 21:29:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 16:29:04.630401 2025] [security2:error] [pid 3541103:tid 3541127] [client 65.111.12.25:22797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "abadie.com.uy"] [uri "/wp-config.php.bak"] [unique_id "aSoUIEkn3S3JAs72RaOJigAAAVU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 118.194.228.101

🇹🇷 93.113.57.116

🇩🇪 88.214.25.121

🇫🇷 88.166.99.220

🇺🇸 45.91.81.111

🇲🇦 41.141.55.235

🇬🇧 34.147.190.216

🇭🇰 20.205.34.2

🇺🇸 20.163.8.222

🇺🇸 15.218.135.58

🇩🇪 213.209.159.241

🇬🇧 123.58.207.81

🇵🇭 120.28.214.81

🇬🇧 91.230.225.42

🇺🇸 69.164.214.243

🇸🇬 51.79.177.162

🇳🇱 45.148.10.157

🇰🇷 39.115.195.164

🇨🇦 20.63.64.235

🇨🇳 221.199.14.247