JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.0.197

65.111.0.197 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 29%: ?

29%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.0.197

Whois 65.111.0.197

IP Abuse Reports for 65.111.0.197:

This IP address has been reported a total of 32 times from 21 distinct sources. 65.111.0.197 was first reported on October 3rd 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 Progetto1	2026-05-13 03:35:02 (3 weeks ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇧🇪 cmbplf	2026-05-12 05:31:00 (3 weeks ago)	132 requests with url.path .git/	Brute-Force Bad Web Bot
🇳🇱 wlt-blocker	2026-05-12 04:52:59 (3 weeks ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 04:38:31 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.197 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 00:38:25.395002 2026] [security2:error] [pid 20826:tid 20826] [client 65.111.0.197:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.vertubet.com"] [uri "/.git/config"] [unique_id "agKuwQmo3SH1GQn8iIm-igAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-05-12 03:49:49 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 Flo Flo	2026-05-03 21:09:30 (1 month ago)	65.111.0.197 - - - [03/May/2026:23:09:30 +0200] "wildcard.flad.xyz" "GET /.env HTTP/1.1" 444 0 "-" " ... show more 65.111.0.197 - - - [03/May/2026:23:09:30 +0200] "wildcard.flad.xyz" "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36" 0.000 ... show less	Web App Attack
🇩🇪 big-cloud.nl	2026-05-01 05:47:55 (1 month ago)	Try to access /.env	Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 15:39:10 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 65.111.0.197 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 65.111.0.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 11:39:03.165002 2026] [security2:error] [pid 4966:tid 4966] [client 65.111.0.197:13223] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kuddlkat.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kuddlkat.com"] [uri "/s3cmd.ini"] [unique_id "afDUl_bukIIdRRbeXbCZ9gAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2026-04-28 07:16:16 (1 month ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoi ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoint: / \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇦🇺 MAGIC	2026-03-16 00:59:16 (2 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇵🇱 cheatmaster.store	2026-02-25 23:34:41 (3 months ago)	Automated report: This IP address has been identified as an active public open proxy. Classification ... show more Automated report: This IP address has been identified as an active public open proxy. Classification: Open Proxy \| Spoofing \| VPN/Anonymizer \| Bad Web Bot. Country: United States Threat level: High. This host is listed across multiple public proxy databases and poses a risk of abuse, credential stuffing, scraping, and spoofed traffic. Reported by automated threat intelligence pipeline. Do not whitelist without manual verification. show less	Web Spam Port Scan Web App Attack
🇳🇱 i-turnradio.nl	2026-02-10 03:04:22 (3 months ago)	2026-02-10 04:04:22 (CET) ~ Blocked by abusescan risk assessment	Web App Attack
🇺🇸 nowyouknow	2026-01-24 16:06:42 (4 months ago)	(From [email protected]) If you’re tired of the 9-to-5 grind or just want a way to put some extra ... show more (From [email protected]) If you’re tired of the 9-to-5 grind or just want a way to put some extra cash in your pocket every week, I have something for you. Companies are currently looking for remote writers to handle: Article Writing Blog Posts Social Media Content Live Chat Support No experience is necessary and full training is provided. But before you apply, you need to see which role you’re best suited for. Go here to take the Writing Job Quiz. ---> http://PaidToWrite.Online/ Once you finish the quiz, you’ll get a breakdown of the best opportunities available for you right now. Visit -----> http://PaidToWrite.Online/ show less	Phishing Web Spam
Anonymous	2025-12-22 16:18:26 (5 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:24:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.197 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:24:42.096029 2025] [security2:error] [pid 30037:tid 30037] [client 65.111.0.197:48343] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.daveroozendaal.com"] [uri "/.svn/wc.db"] [unique_id "aSQIOtNf4eitHDIhfait0wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.107.156.227

🇸🇪 9.223.176.221

🇩🇪 194.187.176.21

🇬🇧 193.163.125.156

🇧🇷 187.107.88.97

🇺🇸 172.67.173.229

🇵🇰 117.102.4.168

🇮🇳 103.104.127.134

🇳🇱 89.190.156.8

🇫🇷 85.204.70.96

🇺🇸 52.168.117.169

🇫🇷 51.75.141.245

🇲🇽 189.189.57.22

🇰🇷 175.202.18.33

🇺🇸 172.202.114.25

🇿🇦 102.213.26.176

🇳🇱 85.11.167.11

🇮🇹 83.224.181.248

🇪🇬 41.33.91.226

🇨🇳 36.112.133.74