JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.110.40.249

65.110.40.249 was found in our database!

This IP was reported 60 times. Confidence of Abuse is 100%: ?

100%

ISP	OCTOPUS WEB SOLUTION INC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	ows.us
Country	🇺🇸 United States of America
City	Spokane, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.110.40.249

Whois 65.110.40.249

IP Abuse Reports for 65.110.40.249:

This IP address has been reported a total of 60 times from 37 distinct sources. 65.110.40.249 was first reported on June 21st 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-22 07:22:56 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
🇩🇪 raph	2026-06-22 06:08:02 (1 day ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 04:58:06 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 65.110.40.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.110.40.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 00:58:01.130992 2026] [security2:error] [pid 5122:tid 5284] [client 65.110.40.249:45722] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.7sons.net"] [uri "/.env~"] [unique_id "ajjA2XDG3BIjlb7LXWtp7QAAARA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 02:18:49 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 65.110.40.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.110.40.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 22:18:43.530943 2026] [security2:error] [pid 29372:tid 29372] [client 65.110.40.249:9344] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.worldofeconomics.com"] [uri "/.git/logs/HEAD"] [unique_id "ajibg58wcTmVC0cHyRDgewAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-22 01:20:49 (1 day ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-22 00:49:26 (1 day ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 65.110.40.249 (CA/Canada/-): 1 in the ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 65.110.40.249 (CA/Canada/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇨🇦 Dunham Support	2026-06-22 00:48:08 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 65.110.40.249 (US/United States/-)	SQL Injection
🇩🇪 FeG Deutschland	2026-06-22 00:00:54 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 127	Exploited Host Web App Attack
🇨🇭 4server	2026-06-21 23:07:52 (1 day ago)	[MonJun2201:07:40.3188232026][security2:error][pid2793778:tid2793887][client65.110.40.249:0]ModSecur ... show more [MonJun2201:07:40.3188232026][security2:error][pid2793778:tid2793887][client65.110.40.249:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.whatsdecor.comarcosa.com\"][uri\"/.env\"][unique_id\"ajhuvAY1KydZei90CSLnFgAAAQk\"] show less	Hacking Web App Attack
Anonymous	2026-06-21 22:19:48 (1 day ago)	Aggressive web scan	Web App Attack
🇵🇱 dcnet	2026-06-21 22:00:04 (1 day ago)	FortiGate detected DOS attack from IPv4 address 65.110.40.249	DDoS Attack
🇺🇸 TPI-Abuse	2026-06-21 21:20:25 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 65.110.40.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.110.40.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 17:20:19.322926 2026] [security2:error] [pid 5341:tid 5341] [client 65.110.40.249:24944] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.poulsoncustomhomes.com"] [uri "/.env.production.swp"] [unique_id "ajhVk_JWrtJP38GOMIsouwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2026-06-21 20:45:17 (1 day ago)	Accessed trap at '/.env'	Web App Attack
Anonymous	2026-06-21 20:25:49 (1 day ago)	(caddyscan) Scanner path probe from 65.110.40.249 (CA/Canada/-): 5 in the last 3600 secs; Ports: ; ... show more (caddyscan) Scanner path probe from 65.110.40.249 (CA/Canada/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 65.110.40.249 - - [21/Jun/2026:20:25:46 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 65.110.40.249 - - [21/Jun/2026:20:25:46 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 65.110.40.249 - - [21/Jun/2026:20:25:47 +0000] "GET /web/.env HTTP/1.1" [REDACTED] 200 2627 65.110.40.249 - - [21/Jun/2026:20:25:47 +0000] "GET /backend/.env HTTP/1.1" [REDACTED] 200 2627 65.110.40.249 - - [21/Jun/2026:20:25:47 +0000] "GET /laravel/.env HTTP/1.1" show less	Port Scan
🇬🇧 djboddington	2026-06-21 20:18:14 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking

Showing 1 to 15 of 60 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.113

🇯🇵 172.105.197.151

🇩🇪 88.214.25.124

🇫🇷 37.59.220.195

🇰🇷 3.38.100.223

🇺🇸 192.145.236.112

🇺🇸 162.216.150.79

🇮🇳 117.247.158.61

🇨🇳 114.219.25.43

🇺🇸 109.105.210.80

🇳🇱 93.123.109.163

🇺🇸 47.251.30.247

🇳🇱 45.81.23.7

🇷🇺 31.130.25.218

🇪🇹 196.189.126.185

🇩🇪 185.216.214.42

🇺🇸 172.98.33.44

🇺🇸 162.216.150.52

🇺🇸 136.114.207.62

🇳🇱 91.92.40.237