JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.1.55

65.111.1.55 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.1.55

Whois 65.111.1.55

IP Abuse Reports for 65.111.1.55:

This IP address has been reported a total of 38 times from 18 distinct sources. 65.111.1.55 was first reported on June 27th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 pipeline.es	2026-06-05 08:28:52 (1 day ago)	Web scanning / probing for vulnerable paths	Port Scan Web App Attack
🇪🇸 pipeline.es	2026-06-05 07:54:11 (1 day ago)	Web scanning / probing for vulnerable paths \| URL: http://www.soljetviajes.es:80/wp2/wp-includes/wlw ... show more Web scanning / probing for vulnerable paths \| URL: http://www.soljetviajes.es:80/wp2/wp-includes/wlwmanifest.xml \| Evidence: landingow.aavv.com 65.111.1.55 - - [05/Jun/2026:09:53:29 +0200] \"GET http://www.soljetviajes.es:80/wp2/wp-includes/wlwmanifest.xml HTTP/1.1\" 404 229 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36\" GEOIP_COUNTRY_CODE=US \| ASN: 3xK Tech GmbH \| Country: US show less	Port Scan Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇺🇸 rafled	2026-03-17 21:03:45 (2 months ago)	Attempt to login to Wordpress Admin	Web App Attack
🇵🇱 ketovoila.pl	2026-01-01 23:02:50 (5 months ago)	ketovoila.pl HONEYPOT traffic: count=5, paths=2; sample_path=ketovoila.pl/; UA=Mozilla/5.0 (Windows ... show more ketovoila.pl HONEYPOT traffic: count=5, paths=2; sample_path=ketovoila.pl/; UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36; window=2026-01-01T11:32:06Z..2026-01-01T10:11:07Z show less	Port Scan Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-01-01 11:32:58 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 01 06:32:50.750347 2026] [security2:error] [pid 1962301:tid 1962301] [client 65.111.1.55:18971] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|killarneypool.org\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "killarneypool.org"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aVZbYql7IPObcbgj9i3JAQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-01 10:54:00 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 01 05:53:55.030710 2026] [security2:error] [pid 6703:tid 6703] [client 65.111.1.55:45757] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|jmwilliamsrealty.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jmwilliamsrealty.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aVZSQ3tOfNJXuCnJZP5N4gAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-01 10:38:35 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 01 05:38:29.743079 2026] [security2:error] [pid 23218:tid 23218] [client 65.111.1.55:45413] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|harrygant.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "harrygant.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aVZOpT4955QwhYh1OlPaiwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 ketovoila.pl	2026-01-01 10:31:14 (5 months ago)	ketovoila.pl HONEYPOT traffic: count=2, paths=1; sample_path=ketovoila.pl/; UA=Mozilla/5.0 (Windows ... show more ketovoila.pl HONEYPOT traffic: count=2, paths=1; sample_path=ketovoila.pl/; UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36; window=2026-01-01T10:11:07Z..2026-01-01T10:11:07Z show less	Port Scan Hacking Brute-Force
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:21 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2025-12-08 11:05:36 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-24 09:32:57 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:32:47.825725 2025] [security2:error] [pid 8417:tid 8417] [client 65.111.1.55:16213] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.scottcarper.com"] [uri "/.svn/wc.db"] [unique_id "aSQmP_hZW6k3pmw9P8JI2QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:31:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:31:35.393632 2025] [security2:error] [pid 9620:tid 9620] [client 65.111.1.55:24187] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.trailofcrumbs.com"] [uri "/.env"] [unique_id "aSQJ18S9U3cJCTbfeJH4pwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:16:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:16:19.421148 2025] [security2:error] [pid 12420:tid 12420] [client 65.111.1.55:26969] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.virginiajohnstone.com"] [uri "/.env"] [unique_id "aSQGQ-F_owUw3H4BoERMRwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:49:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.1.55 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:49:25.396460 2025] [security2:error] [pid 6109:tid 6109] [client 65.111.1.55:54399] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.mhsalumnifoundation.org"] [uri "/.svn/wc.db"] [unique_id "aSPj1YcSCW6oONt0mK-NEwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.94.25.243

🇰🇷 4.230.28.141

🇺🇸 157.245.123.148

🇺🇸 84.75.148.36

🇰🇷 59.15.58.148

🇳🇱 45.148.10.240

🇳🇱 45.148.10.141

🇷🇺 38.60.218.221

🇩🇪 213.209.159.56

🇭🇰 193.176.211.222

🇲🇽 186.96.145.241

🇪🇬 156.213.21.40

🇸🇬 145.223.131.112

🇮🇳 145.79.210.184

🇻🇳 27.79.6.12

🇺🇸 18.189.74.1

🇨🇳 218.23.95.9

🇨🇭 209.99.185.195

🇹🇭 203.154.158.195

🇺🇸 172.190.51.254