JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.27.125

65.111.27.125 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 50%: ?

50%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.27.125

Whois 65.111.27.125

IP Abuse Reports for 65.111.27.125:

This IP address has been reported a total of 20 times from 19 distinct sources. 65.111.27.125 was first reported on July 16th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 pm33	2026-06-17 13:50:27 (1 day ago)	Wordpress login attempts	Brute-Force
🇦🇺 paulshipley.com.au	2026-06-16 20:11:24 (1 day ago)	winesbydesign.com.au:443 65.111.27.125 - - [17/Jun/2026:06:11:20 +1000] "GET /?author=3 HTTP/1.1" 40 ... show more winesbydesign.com.au:443 65.111.27.125 - - [17/Jun/2026:06:11:20 +1000] "GET /?author=3 HTTP/1.1" 404 173844 "https://duckduckgo.com/" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇷 Hippoline	2026-06-14 17:11:02 (3 days ago)	Jun 14 19:11:01 local wp(XXXX-A)[29862]: Authentication attempt for unknown user adminuser from 65.1 ... show more Jun 14 19:11:01 local wp(XXXX-A)[29862]: Authentication attempt for unknown user adminuser from 65.111.27.125 ... show less	Brute-Force Web App Attack
Anonymous	2026-06-14 13:21:42 (4 days ago)	Failed Wordpress Logins	Web App Attack
🇺🇸 dtorrer	2026-06-14 12:58:09 (4 days ago)	Brute-force general attack.	Brute-Force
🇱🇻 garmtech.com	2026-06-13 23:08:51 (4 days ago)	IM360 WAF: Prohibited WordPress username login/registration	Web App Attack
🇬🇷 setupgr	2026-06-13 09:45:51 (5 days ago)	(mod_security) mod_security (id:900001) triggered by 65.111.27.125: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 65.111.27.125: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sat Jun 13 12:45:50.709495 2026] [security2:error] [pid 705245:tid 705404] [client 65.111.27.125:49605] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.setworldup.com"] [severity "CRITICAL"] [tag "security"] [hostname "mail.setworldup.com"] [uri "/wp-login.php"] [unique_id "ai0mzgxs6RPthBTSH2k9bQAAAIs"], referer: https://mail.setworldup.com/wp-login.php show less	Port Scan
🇲🇽 octageeks.com	2026-06-11 04:12:24 (1 week ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇨🇭 4server	2026-05-19 13:12:14 (4 weeks ago)	[TueMay1915:12:08.6364372026][security2:error][pid1529637:tid1529858][client65.111.27.125:0]ModSecur ... show more [TueMay1915:12:08.6364372026][security2:error][pid1529637:tid1529858][client65.111.27.125:0]ModSecurity:Accessdeniedwithcode403$phase1$.Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"www.giuristifriburgo.ch\"][uri\"/xmlrpc.php\"][unique_id\"agxhqCA7zQn6PQSeQPulZgAAAJU\"] show less	Hacking Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:49 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇪🇸 10dencehispahard SL	2025-11-26 06:48:09 (6 months ago)	WP probing for vulnerabilities	Hacking Exploited Host
Anonymous	2025-11-02 17:14:39 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:17:00	Port Scan Brute-Force Exploited Host Web App Attack
🇩🇪 Hazzard	2025-03-26 15:24:57 (1 year ago)	65.111.27.125 (US/United States/-), 10 distributed imapd attacks on account [redacted]	Brute-Force
🇨🇭 SOC [GOLINE SA]	2025-02-01 10:01:08 (1 year ago)	FortiGate detected brute force login from IP 65.111.27.125	Brute-Force
Anonymous	2024-10-27 02:50:54 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.132.24

🇨🇳 58.57.154.146

🇧🇷 2804:14d:5ca5:4ac8::b408

🇻🇳 113.164.66.10

🇷🇺 91.237.183.81

🇵🇱 87.251.64.144

🇮🇷 85.198.19.251

🇺🇸 74.235.100.142

🇮🇪 54.171.66.171

🇩🇪 49.51.166.228

🇵🇰 39.61.48.179

🇬🇧 35.203.211.41

🇺🇸 24.63.100.37

🇳🇱 195.178.110.30

🇺🇸 129.222.243.62

🇮🇳 49.15.90.172

🇺🇸 20.49.13.178

🇩🇪 213.209.159.241

🇬🇧 195.96.139.11

🇩🇪 167.94.145.27