JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.26.55

65.111.26.55 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 39%: ?

39%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.26.55

Whois 65.111.26.55

IP Abuse Reports for 65.111.26.55:

This IP address has been reported a total of 36 times from 18 distinct sources. 65.111.26.55 was first reported on July 11th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 05:16:21 (1 day ago)	Web App Attack	Web App Attack
🇬🇷 setupgr	2026-06-19 22:46:28 (1 day ago)	(mod_security) mod_security (id:900001) triggered by 65.111.26.55 (ES/Spain/Madrid/Madrid/-/[AS20037 ... show more (mod_security) mod_security (id:900001) triggered by 65.111.26.55 (ES/Spain/Madrid/Madrid/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sat Jun 20 01:46:27.265134 2026] [security2:error] [pid 79894:tid 79933] [client 65.111.26.55:42357] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: adoro.gr"] [severity "CRITICAL"] [tag "security"] [hostname "adoro.gr"] [uri "/wp-login.php"] [unique_id "ajXGwyc2acK9dyAMRdI6vwAAAUw"], referer: https://adoro.gr/wp-login.php show less	Port Scan
🇲🇽 octageeks.com	2026-06-12 04:07:04 (1 week ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 19:42:17 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.55 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 15:41:50.656801 2026] [security2:error] [pid 6974:tid 6974] [client 65.111.26.55:19195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.lazymanvegan.com"] [uri "/.git/HEAD"] [unique_id "aiR3_s7iKhMKn-UgwtwQhAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 iNetWorker	2026-06-06 19:38:47 (2 weeks ago)	trolling for resource vulnerabilities	Web App Attack
🇫🇮 inlink.ltd	2026-06-06 19:13:47 (2 weeks ago)	dot file probe	Web App Attack
🇬🇧 martenmark	2026-06-06 03:47:29 (2 weeks ago)	65.111.26.55 - - [06/Jun/2026:03:47:28 +0000] "GET http://beapp.co/.aws/credentials HTTP/1.1" 301 68 ... show more 65.111.26.55 - - [06/Jun/2026:03:47:28 +0000] "GET http://beapp.co/.aws/credentials HTTP/1.1" 301 683 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇷 MatStef132	2026-05-19 21:11:03 (1 month ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇳🇱 MatStef132	2026-05-19 20:21:31 (1 month ago)	MatShield L7: blocked on chat.justchat.icu (ua-quarantined)	Bad Web Bot
🇫🇷 MatStef132	2026-05-14 22:03:10 (1 month ago)	MatShield L7 blocked request to mathost.eu for reason ua-q	DDoS Attack Bad Web Bot Web App Attack
🇫🇷 MatStef132	2026-05-14 21:32:38 (1 month ago)	[mathost.eu] ua-q	DDoS Attack Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-02 19:19:06 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.55 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 02 14:18:58.002722 2026] [security2:error] [pid 30311:tid 30311] [client 65.111.26.55:47065] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shafoo.com"] [uri "/.git/HEAD"] [unique_id "aVgaIoq92-yoKPA4utwQAAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-31 08:17:18 (5 months ago)	"GET /.aws/credentials HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-30 12:21:51 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.55 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 07:21:41.163071 2025] [security2:error] [pid 9162:tid 9162] [client 65.111.26.55:34435] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dodgersboosterclub.com"] [uri "/.env"] [unique_id "aVPD1Sk7hMlsb96uFXt_sgAAACs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 11:50:06 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.55 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 06:49:59.996244 2025] [security2:error] [pid 8461:tid 8461] [client 65.111.26.55:55179] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mountararattrek.com"] [uri "/.git/HEAD"] [unique_id "aVJq5_sjjpSR3HclRuL7awAAAC8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 177.7.30.146

🇰🇷 121.189.226.81

🇺🇸 85.208.96.205

🇧🇷 185.194.204.183

🇸🇪 157.22.17.160

🇭🇰 152.32.133.102

🇨🇦 149.19.101.85

🇨🇳 113.141.72.65

🇱🇹 45.227.254.170

🇰🇷 14.63.196.175

🇺🇸 147.185.132.135

🇹🇼 111.70.49.179

🇺🇸 107.150.98.252

🇳🇱 89.21.67.159

🇷🇴 80.94.92.164

🇺🇸 74.125.186.148

🇺🇸 52.151.196.136

🇺🇸 44.33.91.105

🇸🇬 20.6.35.235

🇺🇸 3.83.172.27