JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.110.40.28

65.110.40.28 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 100%: ?

100%

ISP	OCTOPUS WEB SOLUTION INC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	ows.us
Country	🇺🇸 United States of America
City	North Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.110.40.28

Whois 65.110.40.28

IP Abuse Reports for 65.110.40.28:

This IP address has been reported a total of 42 times from 22 distinct sources. 65.110.40.28 was first reported on June 25th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-26 19:48:33 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 65.110.40.28 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.110.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 15:48:27.291306 2026] [security2:error] [pid 24291:tid 24291] [client 65.110.40.28:49098] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yeejia.net"] [uri "/.env.production.copy"] [unique_id "aj7Xi6sSsNhngw9tP3M3sgAAAFo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-26 19:09:13 (1 day ago)	Bot / seems abusive / Apache connections: 115	DDoS Attack Web Spam Bad Web Bot Web App Attack
Anonymous	2026-06-26 18:54:04 (1 day ago)	Bot / scanning and/or hacking attempts: GET /credentials.json HTTP/1.1, GET /keyfile.json HTTP/1.1, ... show more Bot / scanning and/or hacking attempts: GET /credentials.json HTTP/1.1, GET /keyfile.json HTTP/1.1, GET /secrets.json HTTP/1.1, GET /backend/.htpasswd HTTP/1.1, GET /key.json HTTP/1.1, GET /server/master.key HTTP/1.1, GET /laravel/keyfile.json HTTP/1.1, GET /dev/.netrc HTTP/1.1, GET / HTTP/1.1, GET /backend/credentials.json HTTP/1.1, GET /wp-config.php HTTP/1.1 show less	Hacking Web App Attack
🇳🇿 Antinson	2026-06-26 18:51:34 (1 day ago)	Scraping with a high error ratio and request rate	Bad Web Bot
🇩🇪 bescared	2026-06-26 11:22:05 (1 day ago)	F2B - Malicious activity detected. URL Probing. -8ff06ede-	Hacking Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-26 10:03:45 (1 day ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 08:52:28 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 65.110.40.28 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.110.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 04:52:21.100475 2026] [security2:error] [pid 20771:tid 20771] [client 65.110.40.28:1310] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "martinvjohnson.com"] [uri "/.env.production.copy"] [unique_id "aj49xcpyF-NixD-4a6OFjQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 EGP Abuse Dept	2026-06-26 04:29:35 (1 day ago)	Scanning for web/db/file exploits on tpc-001.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇩🇪 Vincent Falzon	2026-06-26 02:29:06 (1 day ago)	SSH brute-force / unauthorized login attempts observed against sovereign infrastructure. Hits: 1. Co ... show more SSH brute-force / unauthorized login attempts observed against sovereign infrastructure. Hits: 1. Confidence: 75. Recent sample: 2026-06-26T02:24:17.082Z: show less	Brute-Force SSH
🇩🇪 iNetWorker	2026-06-26 01:30:32 (1 day ago)	firewall-block, port(s): 80/tcp, 443/tcp	Port Scan
🇦🇺 AWW-Admin	2026-06-26 00:35:57 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 65.110.40.28 (US/United States/-)	SQL Injection
🇺🇦 URAN Publishing Service	2026-06-25 23:45:15 (1 day ago)	65.110.40.28 - - [26/Jun/2026:02:45:09 +0300] "GET /wp-content/debug.log HTTP/1.1" 404 739 "-" "Mozi ... show more 65.110.40.28 - - [26/Jun/2026:02:45:09 +0300] "GET /wp-content/debug.log HTTP/1.1" 404 739 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 65.110.40.28 - - [26/Jun/2026:02:45:14 +0300] "GET /.env HTTP/1.1" 404 3304 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" ... show less	Web App Attack
🇦🇺 Starburst SysOp Team	2026-06-25 22:53:32 (1 day ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-syd2-4) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-25 20:50:53 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 65.110.40.28 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.110.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 16:50:50.202776 2026] [security2:error] [pid 19354:tid 19354] [client 65.110.40.28:31516] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.carolineburkedesigns.com"] [uri "/.env.production.copy"] [unique_id "aj2UqqNNS4-DM0jgqEvmJgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-25 18:00:21 (2 days ago)	Aggressive web scan	Web App Attack

Showing 1 to 15 of 42 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 170.247.42.194

🇩🇪 213.209.159.242

🇷🇺 212.104.70.143

🇲🇾 202.165.15.132

🇻🇳 180.93.36.222

🇧🇷 179.97.233.162

🇧🇷 177.125.147.192

🇺🇸 162.216.149.166

🇺🇸 66.132.186.211

🇨🇳 61.52.125.40

🇮🇳 45.43.45.254

🇺🇸 43.130.131.18

🇺🇸 43.130.15.147

🇮🇩 43.129.33.244

🇹🇭 1.20.228.110

🇨🇳 222.209.216.151

🇧🇷 205.210.31.180

🇹🇼 198.235.24.80

🇺🇸 195.184.76.120

🇳🇱 195.178.110.155