JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.11.159

65.111.11.159 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 25%: ?

25%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.11.159

Whois 65.111.11.159

IP Abuse Reports for 65.111.11.159:

This IP address has been reported a total of 28 times from 13 distinct sources. 65.111.11.159 was first reported on June 28th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-05-31 13:05:37 (1 week ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇩🇪 4server	2026-05-31 12:01:06 (1 week ago)	[SunMay3114:01:04.1466122026][security2:error][pid1125661:tid1125749][client65.111.11.159:0]ModSecur ... show more [SunMay3114:01:04.1466122026][security2:error][pid1125661:tid1125749][client65.111.11.159:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:10\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"maxay.ch\"][uri\"/.git/config\"][unique_id\"ahwjACwEav26VtVHT3UQ7gAAAMI\"] show less	Port Scan Brute-Force Web App Attack
🇨🇭 backslash	2026-05-23 05:06:05 (2 weeks ago)		Bad Web Bot
🇨🇭 4server	2026-05-12 00:49:55 (1 month ago)	[TueMay1202:49:49.9816862026][security2:error][pid3289002:tid3289022][client65.111.11.159:0]ModSecur ... show more [TueMay1202:49:49.9816862026][security2:error][pid3289002:tid3289022][client65.111.11.159:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"xn--tda.pics\"][uri\"/.env\"][unique_id\"agJ5LQmyhOYoNUSkPPyBTAAAARI\"] show less	Hacking Web App Attack
🇩🇪 FeG Deutschland	2026-05-01 06:11:14 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-04-29 16:31:56 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 12:31:50.106358 2026] [security2:error] [pid 32004:tid 32004] [client 65.111.11.159:15003] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "justwantedtosay.com"] [uri "/.env"] [unique_id "afIydllArQ8p22lJCbrBCQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-24 03:51:26 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 22:51:21.367466 2026] [security2:error] [pid 22630:tid 22630] [client 65.111.11.159:45799] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "reneehill.mydobdate.net"] [uri "/.git/config"] [unique_id "aZ0gOSTfXBy-JbwNURg8KgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Rocky Mountain Bioengineering Symposium	2026-02-23 20:06:35 (3 months ago)	65.111.11.159 - - [23/Feb/2026:13:06:35 -0700] "GET /.git/config HTTP/1.1" 301 464 "-" "Mozilla/5.0 ... show more 65.111.11.159 - - [23/Feb/2026:13:06:35 -0700] "GET /.git/config HTTP/1.1" 301 464 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" ... show less	Web App Attack
🇵🇱 IROK	2026-02-23 18:21:28 (3 months ago)	Malware/WebShell Scan blocked by ModSecurity ...	Hacking
🇩🇪 Packets-Decreaser.NET	2025-11-30 13:09:54 (6 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-25 05:35:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:35:02.871293 2025] [security2:error] [pid 10747:tid 10775] [client 65.111.11.159:52079] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.maestrosoler.com"] [uri "/.git/HEAD"] [unique_id "aSVABl2GfO2s-Qdwr6d9eQAAAJc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:10:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:10:47.442470 2025] [security2:error] [pid 25389:tid 25389] [client 65.111.11.159:29923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.sbodyworkbychris.com"] [uri "/.svn/wc.db"] [unique_id "aSUQJ8bMZOWhc_LDtE3yUwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:36:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:36:40.682493 2025] [security2:error] [pid 11849:tid 11849] [client 65.111.11.159:14641] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.jdhunterlaw.com"] [uri "/.git/HEAD"] [unique_id "aSUIKAzdMz2WkXq3IcOCkwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:18:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.11.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:18:18.557129 2025] [security2:error] [pid 27236:tid 27236] [client 65.111.11.159:41963] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hischurchatwork.iworklife.org"] [uri "/.svn/wc.db"] [unique_id "aST1yhNHb4Xo0qzmmzWMqQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-02 21:21:52 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:09:02	Port Scan Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.93.102.236

🇳🇱 154.83.186.147

🇨🇳 144.123.76.109

🇯🇵 46.250.251.251

🇧🇦 2620:171:2d:f002:9999::177

🇺🇸 2602:fa59:10:405::1

🇰🇷 211.253.37.225

🇺🇸 208.87.243.251

🇪🇪 158.173.75.209

🇫🇮 147.185.133.5

🇰🇷 106.96.6.73

🇺🇸 103.250.80.22

🇭🇰 103.210.238.154

🇭🇰 103.210.21.178

🇵🇱 83.168.107.158

🇧🇬 78.130.225.7

🇳🇱 64.89.162.131

🇬🇧 217.154.61.249

🇺🇸 216.180.246.214

🇪🇪 158.173.75.235