JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.26.85

65.111.26.85 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 47%: ?

47%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.26.85

Whois 65.111.26.85

IP Abuse Reports for 65.111.26.85:

This IP address has been reported a total of 24 times from 18 distinct sources. 65.111.26.85 was first reported on June 28th 2024, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 ELYAZ	2026-06-23 22:41:24 (2 hours ago)	(y4) Failed scan -byebye- from 65.111.26.85 (ES/Spain/-): (CF_ENABLE)	Hacking
🇫🇷 Sklurk	2026-06-23 04:34:15 (20 hours ago)	Web App Attack	Web App Attack
Anonymous	2026-06-23 00:00:22 (1 day ago)	[da.kdns.gr] httpd-login-spray-site: sites=global; logs=/var/log/httpd/access_log; samples=site_wide ... show more [da.kdns.gr] httpd-login-spray-site: sites=global; logs=/var/log/httpd/access_log; samples=site_wide=true \| distinct_ips=20 \| /wp-login.php show less	Hacking Web App Attack
🇺🇸 etu brutus	2026-06-22 15:02:51 (1 day ago)	65.111.26.85 has been banned for [WebApp Attack] ...	Hacking Bad Web Bot Web App Attack
🇮🇩 zam	2026-06-20 21:10:47 (3 days ago)	65.111.26.85 - - [20/Jun/2026:21:10:35 +0000] "POST /wp-login.php HTTP/1.1" 404 81174	Web App Attack
🇫🇷 Sklurk	2026-06-20 03:39:30 (3 days ago)	Web App Attack	Web App Attack
🇭🇺 bcsaba	2026-06-18 01:39:58 (5 days ago)	CMS (WordPress or Joomla) login attempt. 65.111.26.85 - - [18/Jun/2026:03:39:55 +0200] "POST /wp-log ... show more CMS (WordPress or Joomla) login attempt. 65.111.26.85 - - [18/Jun/2026:03:39:55 +0200] "POST /wp-login.php HTTP/1.1" 200 3076 "https://REDACTED/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" show less	Hacking Brute-Force Web App Attack
🇫🇷 ELYAZ	2026-06-12 02:36:04 (1 week ago)	(y4) Failed scan -byebye- from 65.111.26.85 (ES/Spain/-): (CF_ENABLE)	Hacking
🇬🇧 poundawebsiteltd	2026-06-11 11:28:59 (1 week ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.26.85 - - [11/Jun/2026:12:28:57 +0100] PO ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.26.85 - - [11/Jun/2026:12:28:57 +0100] POST /wp-login.php HTTP/1.1 301 3455 https://[REDACTED_DOMAIN]/wp-login.php Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:118.0) Gecko/20100101 Firefox/118.0 show less	Web App Attack
🇬🇷 setupgr	2026-06-11 05:51:19 (1 week ago)	(mod_security) mod_security (id:900001) triggered by 65.111.26.85: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 65.111.26.85: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 11 08:51:17.005193 2026] [security2:error] [pid 2066679:tid 2066714] [client 65.111.26.85:46925] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.cpanagiotou.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.cpanagiotou.gr"] [uri "/wp-login.php"] [unique_id "aipM1e19bB3nUzfQACZOXwAAAYg"], referer: https://mail.cpanagiotou.gr/wp-login.php show less	Port Scan
🇮🇹 VHosting	2026-02-20 18:15:10 (4 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
Anonymous	2026-01-05 20:32:23 (5 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-12-12 17:06:06 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-24 04:31:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.26.85 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.26.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:31:22.260023 2025] [security2:error] [pid 9420:tid 9420] [client 65.111.26.85:29929] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.trigonom.com"] [uri "/.svn/wc.db"] [unique_id "aSPfmg3rv0N6NTRODqT-LwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-02 15:29:46 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:27:58	Port Scan Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 209.38.120.71

🇬🇧 194.50.235.141

🇨🇳 182.119.228.251

🇨🇳 182.90.248.108

🇺🇸 172.58.49.36

🇭🇰 152.32.128.204

🇭🇰 101.36.107.233

🇫🇷 91.231.89.78

🇨🇳 61.160.241.28

🇳🇱 45.148.10.141

🇺🇸 44.138.93.103

🇮🇩 36.85.216.221

🇻🇳 14.225.173.146

🇫🇷 5.189.155.157

🇧🇪 198.235.24.197

🇺🇸 172.239.51.96

🇳🇱 165.22.193.223

🇺🇸 162.216.149.35

🇺🇸 161.35.232.200

🇦🇷 149.107.243.153