JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.0.198

65.111.0.198 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 2%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.0.198

Whois 65.111.0.198

IP Abuse Reports for 65.111.0.198:

This IP address has been reported a total of 35 times from 10 distinct sources. 65.111.0.198 was first reported on April 24th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-22 11:39:15 (2 weeks ago)	Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: ME ... show more Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇨🇳 ThreatBook.io	2026-03-24 23:29:47 (2 months ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/65.111.0.198 2026-03-24 02: ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/65.111.0.198 2026-03-24 02:29:22 /nacos/%23/serviceSync show less	Web App Attack
🇨🇳 ThreatBook.io	2026-03-06 23:39:18 (3 months ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/65.111.0.198 2026-03-0 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/65.111.0.198 2026-03-06 12:16:51 /v1/core/cluster/nodes?withInstances=false&pageNo=1&pageS%20ize=10&keyword show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 05:41:39 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 00:41:33.659204 2026] [security2:error] [pid 1957:tid 1957] [client 65.111.0.198:11933] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kugbe.com"] [uri "/new/.git/config"] [unique_id "aZaijc9C-wluI5aZBbqbcAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 03:52:07 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 22:52:00.851185 2026] [security2:error] [pid 20670:tid 20670] [client 65.111.0.198:20601] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kingmansvc.com"] [uri "/app/.git/config"] [unique_id "aZaI4HhdhuefQL1zHq2_4gAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 03:17:24 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 22:17:17.710116 2026] [security2:error] [pid 349:tid 349] [client 65.111.0.198:45903] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kewlkarz.com"] [uri "/.env.staging"] [unique_id "aZaAvS15bAHdUd0Bmb13sgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-18 21:05:22 (3 months ago)	Scanning/Probing (32)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 17:02:27 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 12:02:22.530325 2026] [security2:error] [pid 14121:tid 14260] [client 65.111.0.198:61419] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "zechesfinancialservices.com"] [uri "/.env"] [unique_id "aZXwniBz6hLu1EMeLixgvQAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 TheCoon	2026-02-18 12:45:01 (3 months ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇪🇸 10dencehispahard SL	2026-01-26 12:02:20 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2025-11-25 04:02:03 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:01:57.649470 2025] [security2:error] [pid 10390:tid 10390] [client 65.111.0.198:39995] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.theprairiejewel.com"] [uri "/.git/HEAD"] [unique_id "aSUqNX0Q5pTctjH3TubDZgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:39:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:39:38.770033 2025] [security2:error] [pid 25455:tid 25455] [client 65.111.0.198:9297] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.publicdomainphotosharing.com"] [uri "/.svn/wc.db"] [unique_id "aSUk-tz1GhJAJF7p6lPAmAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:47:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:47:08.114962 2025] [security2:error] [pid 4157:tid 4157] [client 65.111.0.198:9679] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.flymarlin.com"] [uri "/.env"] [unique_id "aSUYrOHQfHl3zG95vBm_ZQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:19:59 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:19:52.477783 2025] [security2:error] [pid 17316:tid 17316] [client 65.111.0.198:52083] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "free-rein.us.freerein.info"] [uri "/.svn/wc.db"] [unique_id "aSUSSMrxzWAlYeqFAU5nEQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:32:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.0.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:32:01.245427 2025] [security2:error] [pid 17514:tid 17514] [client 65.111.0.198:11585] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.evelia.com"] [uri "/.git/HEAD"] [unique_id "aST5AaldXgmhWwuVWg7qzAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.91

🇺🇸 132.196.32.68

🇮🇳 115.96.31.238

🇨🇳 221.214.56.78

🇩🇪 209.38.236.225

🇺🇸 184.105.247.243

🇨🇳 118.145.144.95

🇱🇰 112.134.188.78

🇻🇳 103.154.62.14

🇨🇳 58.212.237.179

🇺🇸 35.224.254.204

🇬🇧 35.203.211.112

🇺🇸 20.163.32.78

🇸🇬 8.219.102.103

🇺🇸 216.25.89.132

🇮🇱 199.203.130.66

🇨🇱 186.10.86.130

🇺🇸 73.57.80.193

🇺🇸 66.132.195.26

🇺🇸 66.132.186.190