JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.0.189

65.111.0.189 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 7%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.0.189

Whois 65.111.0.189

IP Abuse Reports for 65.111.0.189:

This IP address has been reported a total of 49 times from 19 distinct sources. 65.111.0.189 was first reported on July 10th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 tutaim.com	2026-04-28 22:00:13 (1 month ago)	⛔ [29/04/26] This IP has been detected performing multiple attacks on websites (4 attempts blocked). ... show more ⛔ [29/04/26] This IP has been detected performing multiple attacks on websites (4 attempts blocked). Potential malicious activity. show less	Brute-Force SSH Web App Attack FTP Brute-Force
🇪🇸 tutaim.com	2026-04-28 20:00:11 (1 month ago)	⛔ [28/04/26] This IP has been detected performing multiple attacks on websites (4 attempts blocked). ... show more ⛔ [28/04/26] This IP has been detected performing multiple attacks on websites (4 attempts blocked). Potential malicious activity. show less	Brute-Force SSH Web App Attack FTP Brute-Force
Anonymous	2026-04-12 06:19:35 (1 month ago)	Attempt to scan vulnerabilities	Hacking
🇫🇷 vtchost.com	2026-01-22 07:07:54 (4 months ago)	jummy, honey! --\> ignored robots.txt --\> crawler botnet ...	Bad Web Bot Exploited Host
🇮🇹 VHosting	2026-01-03 05:35:03 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇪🇸 el-brujo	2026-01-03 00:46:59 (5 months ago)	Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: elhacker.net userAgent: Mozilla/5.0 ... show more Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0 Action: managed_challenge Source: firewallManaged ASN Description: DREI-K-TECH-GMBH Country: US Method: POST Timestamp: 2026-01-03T00:46:59Z ruleId: 5de7edfa648c4d6891dc3e7f84534ffa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 11:25:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:25:02.516595 2025] [security2:error] [pid 4610:tid 4610] [client 65.111.0.189:11897] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.whitmarshinc.com"] [uri "/.env"] [unique_id "aSbjjnqzmXjKGNwqKDncTAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 10:51:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:50:58.814838 2025] [security2:error] [pid 474:tid 474] [client 65.111.0.189:17879] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.rays-work.com"] [uri "/.git/HEAD"] [unique_id "aSbbknViB7yTXzsyhm5aUgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 10:26:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:25:58.520107 2025] [security2:error] [pid 26131:tid 26131] [client 65.111.0.189:35631] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.vittariaart.com"] [uri "/.git/HEAD"] [unique_id "aSbVtsgPweTu-RwUsoPR4wAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:01:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:00:56.608074 2025] [security2:error] [pid 27527:tid 27527] [client 65.111.0.189:41965] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.psdinnersready.com"] [uri "/.git/HEAD"] [unique_id "aSaJiFvJoAIzL7vg5kApDgAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:26:33 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:26:26.818996 2025] [security2:error] [pid 17777:tid 17777] [client 65.111.0.189:53511] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ciptaconindotara.com"] [uri "/.env"] [unique_id "aSZzYvdElqEJJXMwqbU-vAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:59:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:59:29.605653 2025] [security2:error] [pid 12649:tid 12649] [client 65.111.0.189:40923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.mywhisperkids.com"] [uri "/.svn/wc.db"] [unique_id "aSZtEXsnTnfl727i_4u_8wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:41:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:41:01.097719 2025] [security2:error] [pid 20077:tid 20077] [client 65.111.0.189:46729] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dragonmaker.combustionlogic.com"] [uri "/.env"] [unique_id "aSZarcFuB-jN-zS79Lx7WAAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-26 00:35:08 (6 months ago)	Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing ... show more Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:37:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:37:50.291049 2025] [security2:error] [pid 19958:tid 19958] [client 65.111.0.189:20705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.josephalosi.com"] [uri "/.svn/wc.db"] [unique_id "aSVOviq-NqFShmBdhM654gAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.169.201.223

🇷🇺 89.250.167.20

🇺🇸 66.132.195.29

🇮🇩 202.148.31.118

🇷🇺 188.113.168.133

🇻🇳 171.231.194.143

🇷🇴 92.118.39.62

🇱🇻 37.233.85.71

🇧🇪 34.156.30.5

🇺🇸 172.214.209.153

🇭🇰 101.36.116.204

🇧🇪 34.156.40.52

🇭🇰 20.2.83.149

🇳🇱 192.142.24.39

🇫🇷 185.177.72.22

🇩🇪 167.94.146.56

🇫🇮 147.185.133.127

🇺🇦 128.0.104.44

🇮🇳 122.187.229.247

🇺🇸 77.91.118.18