JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.26.239

65.111.26.239 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 33%: ?

33%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.26.239

Whois 65.111.26.239

IP Abuse Reports for 65.111.26.239:

This IP address has been reported a total of 28 times from 19 distinct sources. 65.111.26.239 was first reported on June 27th 2024, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-19 23:02:54 (15 hours ago)	(mod_security) mod_security (id:900001) triggered by 65.111.26.239 (ES/Spain/Madrid/Madrid/-/[AS2003 ... show more (mod_security) mod_security (id:900001) triggered by 65.111.26.239 (ES/Spain/Madrid/Madrid/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sat Jun 20 02:02:52.087378 2026] [security2:error] [pid 2277:tid 2436] [client 65.111.26.239:46679] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: adoro.gr"] [severity "CRITICAL"] [tag "security"] [hostname "adoro.gr"] [uri "/wp-login.php"] [unique_id "ajXKnFVjV5VR3hAZ4rkk7QAAAFM"], referer: https://adoro.gr/wp-login.php show less	Port Scan
🇫🇮 inlink.ltd	2026-06-17 09:30:12 (3 days ago)	Known malicious PHP file or CMS probe	Web App Attack
🇺🇸 bpolson	2026-06-15 17:10:06 (4 days ago)	WordPress Hacking/Scanning. (s1)	Hacking Web App Attack
🇫🇷 ELYAZ	2026-06-12 02:37:25 (1 week ago)	(y4) Failed scan -byebye- from 65.111.26.239 (ES/Spain/-): (CF_ENABLE)	Hacking
🇬🇧 poundawebsiteltd	2026-06-11 20:18:51 (1 week ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.26.239 - - [11/Jun/2026:21:18:47 +0100] P ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.26.239 - - [11/Jun/2026:21:18:47 +0100] POST /wp-login.php HTTP/1.1 200 7362 https://[REDACTED_DOMAIN]/wp-login.php Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Web App Attack
🇺🇸 lostswordfish.com	2026-06-11 14:30:08 (1 week ago)	Wordfence waf block on taussigtravel	Web App Attack
🇺🇸 TPI-Abuse	2026-01-07 14:23:13 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.239 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 07 09:23:03.784539 2026] [security2:error] [pid 6866:tid 6866] [client 65.111.26.239:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "perl-photo.com"] [uri "/.git/HEAD"] [unique_id "aV5sR5sb9vd3eHlo1u7lBgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-05 20:35:08 (5 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
🇨🇦 Mediashaker	2026-01-01 23:11:40 (5 months ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 65.111.26.239 (-)	Port Scan
🇲🇹 Malta	2025-12-31 13:40:54 (5 months ago)	65.111.26.239 - - [31/Dec/2025:14:40:54 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more 65.111.26.239 - - [31/Dec/2025:14:40:54 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" show less	Hacking Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-31 00:59:21 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 04:39:39 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.239 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:39:33.769579 2025] [security2:error] [pid 3344:tid 3344] [client 65.111.26.239:25783] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "inspiraciongaleria.com"] [uri "/.git/HEAD"] [unique_id "aVIGBZjdWVXb0jRIfeaH7QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:23:55 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.239 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:23:48.456371 2025] [security2:error] [pid 25741:tid 25741] [client 65.111.26.239:38107] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crystaljohns.com"] [uri "/.env"] [unique_id "aVICVEsCePfzohwuIHiE7wAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-22 09:13:35 (5 months ago)	wordpress-trap	Web App Attack
🇬🇧 venus.launch.bz	2025-12-14 19:37:16 (6 months ago)	(wpscan) WordPress probe detected from 65.111.26.239 (-)	Hacking

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇹 212.103.60.161

🇺🇸 184.105.247.251

🇦🇲 176.32.193.16

🇺🇸 142.111.152.50

🇳🇱 81.19.216.100

🇩🇪 69.5.169.68

🇨🇳 58.208.84.103

🇫🇷 51.68.111.239

🇳🇱 45.148.10.147

🇺🇸 20.127.155.221

🇺🇸 18.207.222.251

🇺🇸 216.24.219.9

🇯🇵 207.148.107.123

🇺🇸 207.90.244.10

🇯🇵 198.13.37.241

🇦🇷 181.46.39.248

🇹🇷 178.233.165.246

🇮🇩 163.7.8.79

🇫🇮 147.185.133.57

🇨🇳 115.231.78.11