JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.26.213

65.111.26.213 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 35%: ?

35%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.26.213

Whois 65.111.26.213

IP Abuse Reports for 65.111.26.213:

This IP address has been reported a total of 28 times from 18 distinct sources. 65.111.26.213 was first reported on July 18th 2024, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 pm33	2026-06-24 08:03:11 (6 hours ago)	Wordpress login attempts	Brute-Force
🇫🇷 ELYAZ	2026-06-23 22:41:24 (15 hours ago)	(y4) Failed scan -byebye- from 65.111.26.213 (ES/Spain/-): (CF_ENABLE)	Hacking
🇫🇷 ELYAZ	2026-06-21 14:04:24 (3 days ago)	(y4) Failed scan -byebye- from 65.111.26.213 (ES/Spain/-): (CF_ENABLE)	Hacking
🇫🇷 pm33	2026-06-21 01:43:43 (3 days ago)	Wordpress login attempts	Brute-Force
Anonymous	2026-06-20 00:19:38 (4 days ago)	Web attack blocked by Wordfence on vestingstadvalkenburg.nl (1 hit). Reported by CRMON.	Web App Attack
🇺🇸 mnsf	2026-06-15 00:11:19 (1 week ago)	Login Too Frequent (6)	Brute-Force Web App Attack
🇬🇧 poundawebsiteltd	2026-06-13 21:03:44 (1 week ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.26.213 - - [13/Jun/2026:22:03:38 +0100] P ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.26.213 - - [13/Jun/2026:22:03:38 +0100] POST /wp-login.php HTTP/1.1 200 7254 https://[REDACTED_DOMAIN]/wp-login.php Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15 show less	Web App Attack
🇧🇪 cmbplf	2026-05-07 06:36:00 (1 month ago)	606 requests with url.path *.env	Brute-Force Bad Web Bot
🇦🇺 oncord	2026-02-27 16:43:22 (3 months ago)	Form spam	Web Spam
🇫🇮 as211431.net	2026-02-12 07:37:44 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.env.save UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-11 00:10:59 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.213 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 19:10:55.058611 2026] [security2:error] [pid 368:tid 368] [client 65.111.26.213:49609] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aprilparks.com"] [uri "/admin/.env"] [unique_id "aYvJD-HKtO41jwetKxSDQwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-02-10 19:33:23 (4 months ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 03:52:12 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.213 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 22:52:08.855285 2026] [security2:error] [pid 2744816:tid 2744816] [client 65.111.26.213:10659] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kittencream.com"] [uri "/admin/.env"] [unique_id "aYqraMbuLm206Zv1kUhjoAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 02:54:57 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.213 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 21:54:49.622780 2026] [security2:error] [pid 21981:tid 21981] [client 65.111.26.213:29249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "i-brochures.com"] [uri "/app/.env"] [unique_id "aYqd-Vq7BDhbDPYHSYdX3gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 02:16:50 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.213 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 21:16:43.538425 2026] [security2:error] [pid 13231:tid 13236] [client 65.111.26.213:48501] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hylakaplan.com"] [uri "/frontend/.env"] [unique_id "aYqVCwoQP8esBx9Kr0f6QwAAAMM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 193.124.20.248

🇧🇷 187.120.96.243

🇬🇧 87.115.211.6

🇺🇸 47.251.91.152

🇬🇧 217.146.80.98

🇸🇬 172.253.236.216

🇻🇳 160.250.133.132

🇮🇳 103.174.34.49

🇮🇩 103.126.30.49

🇺🇸 65.111.15.169

🇸🇬 47.236.252.83

🇵🇭 8.212.129.2

🇭🇰 1.64.106.48

🇩🇰 2a06:d380:0:103:acab:4c4b:ac4b:1312

🇩🇪 213.209.159.227

🇬🇭 197.251.249.72

🇷🇴 193.32.162.84

🇸🇬 167.71.213.48

🇺🇸 104.207.40.156

🇭🇰 103.100.208.168