JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.1.228

65.111.1.228 was found in our database!

This IP was reported 50 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.1.228

Whois 65.111.1.228

IP Abuse Reports for 65.111.1.228:

This IP address has been reported a total of 50 times from 30 distinct sources. 65.111.1.228 was first reported on July 15th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇹🇷 rtbh.com.tr	2026-02-15 20:11:35 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇬🇧 myintarweb	2026-02-15 12:24:45 (3 months ago)	65.111.1.228 - - [15/Feb/2026:12:24:45 +0000] 443 "GET /.env.staging HTTP/1.1" 301 5542 "-" "Mozilla ... show more 65.111.1.228 - - [15/Feb/2026:12:24:45 +0000] 443 "GET /.env.staging HTTP/1.1" 301 5542 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Hacking Bad Web Bot Web App Attack
Anonymous	2026-02-15 11:24:08 (3 months ago)	65.111.1.228 - - [15/Feb/2026:11:23:48 +0000] "GET /admin/.env HTTP/1.1" 403 2406 "-" "Mozilla/5.0 ( ... show more 65.111.1.228 - - [15/Feb/2026:11:23:48 +0000] "GET /admin/.env HTTP/1.1" 403 2406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-15 10:53:23 (3 months ago)	Blocking for trying to access an exploit file: /dev/.git/config	Hacking
🇺🇸 mnsf	2026-02-15 07:05:47 (3 months ago)	Too many Status 40X (12) Scanning/Probing (13)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 06:58:20 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.1.228 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.1.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:58:13.598011 2026] [security2:error] [pid 6224:tid 6224] [client 65.111.1.228:32837] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seapens.org"] [uri "/dev/.git/config"] [unique_id "aZFuhUoRYuUpZebxDFhErwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇭🇺 Adorjan Daczo	2026-02-15 05:40:54 (3 months ago)	Probe for vulnerabilities. Path attempted: /frontend/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:13:03 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.1.228 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.1.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:12:55.820168 2026] [security2:error] [pid 2766:tid 2766] [client 65.111.1.228:27981] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "samcdevitt.com"] [uri "/wp/.git/config"] [unique_id "aZFHx0svhmLexzrzV5KlTgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:31:02 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.1.228 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.1.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:30:58.549188 2026] [security2:error] [pid 15340:tid 15340] [client 65.111.1.228:59419] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "noisepie.com"] [uri "/test/.git/config"] [unique_id "aZE98p30Txc4edyAuvmr_QAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-02-15 03:23:51 (3 months ago)	Try to access /admin/.git/config	Web App Attack
🇳🇱 Mangelot Hosting	2026-02-15 03:15:02 (3 months ago)	(modsecurity) srv101 ModSecurity 65.111.1.228 (US/United States/-): 5 in the last 3600 secs; Ports: ... show more (modsecurity) srv101 ModSecurity 65.111.1.228 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇩🇪 ghostwarriors	2026-02-15 02:20:15 (3 months ago)	Attempts against non-existent wp-login	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:27:24 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.1.228 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.1.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:27:18.785762 2026] [security2:error] [pid 983:tid 983] [client 65.111.1.228:39751] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ndakno.com"] [uri "/dev/.git/config"] [unique_id "aZEg9sSiyIo3qVLd-6TJWgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-02-15 01:12:26 (3 months ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 50 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.223.235.55

🇨🇳 120.133.60.156

🇨🇳 36.106.167.103

🇵🇰 223.123.73.145

🇨🇳 223.109.255.157

🇨🇳 221.13.86.30

🇪🇸 217.61.227.68

🇧🇷 177.36.208.249

🇨🇳 123.14.121.81

🇺🇸 98.159.37.23

🇷🇴 80.94.95.221

🇫🇷 2a02:4780:27:2004:0:726:16db:1

🇨🇳 223.212.35.41

🇷🇺 176.109.97.11

🇸🇬 168.144.141.128

🇪🇸 104.250.220.192

🇺🇸 98.159.37.31

🇩🇪 88.214.25.123

🇮🇳 49.43.241.11

🇳🇱 46.151.178.13