JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.25.174

65.111.25.174 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.25.174

Whois 65.111.25.174

IP Abuse Reports for 65.111.25.174:

This IP address has been reported a total of 15 times from 11 distinct sources. 65.111.25.174 was first reported on July 9th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-16 01:40:45 (1 day ago)	Web App Attack	Web App Attack
🇪🇸 robotstxt	2026-05-07 16:26:45 (1 month ago)	65.111.25.174 - - [07/May/2026:16:26:07 +0000] "POST /wp-login.php:[email protected]/xmlrpc.ph ... show more 65.111.25.174 - - [07/May/2026:16:26:07 +0000] "POST /wp-login.php:[email protected]/xmlrpc.php HTTP/1.1" 404 45400 "-" rt="0.550" "Wget/1.21.4" "-" h="economipedia.com" sn="economipedia.com" ru="/wp-login.php:[email protected]/xmlrpc.php" u="/index.php" ucs="-" ua="unix:/var/run/php/economipedia83.sock" us="404" uct="0.000" urt="0.436" 65.111.25.174 - - [07/May/2026:16:26:10 +0000] "POST /wp-login.php:[email protected]/xmlrpc.php HTTP/1.1" 404 45401 "-" rt="0.523" "curl/7.88.1" "-" h="economipedia.com" sn="economipedia.com" ru="/wp-login.php:[email protected]/xmlrpc.php" u="/index.php" ucs="-" ua="unix:/var/run/php/economipedia83.sock" us="404" uct="0.000" urt="0.414" 65.111.25.174 - - [07/May/2026:16:26:07 +0000] "POST /wp-login.php:[email protected]/xmlrpc.php HTTP/1.1" 404 45400 "-" "Wget/1.21.4" "-" 65.111.25.174 - - [07/May/2026:16:26:10 +0000] "POST /wp-login.php:[email protected]/xmlrpc.php HTTP/1.1" 404 45401 "-" "curl/7.88.1" "-" 65.111.25. ... show less	Bad Web Bot
🇦🇺 MAGIC	2026-02-27 01:29:38 (3 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇮🇹 VHosting	2026-01-05 01:10:02 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:13 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇩🇪 Carsten	2025-12-09 09:04:29 (6 months ago)	GET [.git/HEAD]	Port Scan
🇺🇸 TPI-Abuse	2025-12-08 23:40:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 18:39:55.364738 2025] [security2:error] [pid 19227:tid 19227] [client 65.111.25.174:31537] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eatthewrench.com"] [uri "/.svn/wc.db"] [unique_id "aTdhyzeBwdJNk8yYujgckQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 21:47:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 16:47:05.626214 2025] [security2:error] [pid 27914:tid 27914] [client 65.111.25.174:16493] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ferrarapanfitness.com"] [uri "/.svn/wc.db"] [unique_id "aTX12ZSbM6rRSYwh8gaBLAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 17:43:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 12:42:55.495298 2025] [security2:error] [pid 21691:tid 21699] [client 65.111.25.174:56163] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "esgcommission.org"] [uri "/.svn/wc.db"] [unique_id "aTW8n1VVv6b2gOFKKxlxLgAAAME"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 14:31:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 09:31:01.266748 2025] [security2:error] [pid 25610:tid 25610] [client 65.111.25.174:9889] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pawsandwhiskerssociety.org"] [uri "/.env"] [unique_id "aTWPpckuHEJHtggZaRYFsgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2025-12-06 04:49:30 (6 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.git/HEAD (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .git/ found within REQUEST_FILENAME: /.git/HEAD] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 02:36:48 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.25.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 21:36:43.032948 2025] [security2:error] [pid 1764:tid 1764] [client 65.111.25.174:57923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kraatzrussell.com"] [uri "/.git/HEAD"] [unique_id "aTJFO833CIsbwtj3qWAFdwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-16 13:23:17 (8 months ago)	WordPress Brute Force	Brute-Force
🇩🇪 Admins@FBN	2025-01-18 10:34:18 (1 year ago)	VPN Logon Failed: AAA user authentication Rejected user = <frank>	Brute-Force Exploited Host
Anonymous	2024-07-09 00:03:47 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 186.233.184.67

🇳🇱 176.65.139.232

🇺🇸 104.234.32.64

🇺🇸 66.132.186.214

🇺🇸 65.49.1.234

🇺🇸 47.254.50.151

🇱🇹 45.227.254.170

🇭🇰 38.150.12.14

🇺🇸 2607:f8b0:400e:c09::129

🇭🇺 146.70.120.154

🇨🇳 106.13.39.89

🇮🇩 103.185.36.133

🇳🇱 91.92.40.12

🇳🇱 77.83.39.10

🇺🇸 65.49.1.69

🇨🇳 61.149.15.47

🇨🇴 8.242.185.7

🇷🇺 178.209.94.152

🇧🇷 177.72.87.7

🇩🇪 158.94.208.189