JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.12.128

65.111.12.128 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 43%: ?

43%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.12.128

Whois 65.111.12.128

IP Abuse Reports for 65.111.12.128:

This IP address has been reported a total of 39 times from 24 distinct sources. 65.111.12.128 was first reported on July 6th 2024, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-06-12 16:53:51 (17 hours ago)	IM360 WAF: Prohibited WordPress username login/registration	Web App Attack
🇩🇪 FeG Deutschland	2026-06-12 06:22:06 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇬🇧 PeravixGroup	2026-06-09 15:57:03 (3 days ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇫🇷 Hippoline	2026-06-08 17:01:05 (4 days ago)	Jun 8 19:01:02 local wp(XXXX-A)[5705]: Authentication attempt for unknown user administrator from 6 ... show more Jun 8 19:01:02 local wp(XXXX-A)[5705]: Authentication attempt for unknown user administrator from 65.111.12.128 ... show less	Brute-Force Web App Attack
🇫🇷 ELYAZ	2026-06-01 01:25:34 (1 week ago)	(y4) Failed scan -byebye- from 65.111.12.128 (US/United States/-): (CF_ENABLE)	Hacking
🇺🇸 dtorrer	2026-05-31 07:33:37 (1 week ago)	Brute-force general attack.	Brute-Force
🇫🇷 ELYAZ	2026-05-30 03:07:36 (2 weeks ago)	(y4) Failed scan -byebye- from 65.111.12.128 (US/United States/-): (CF_ENABLE)	Hacking
Anonymous	2026-05-28 20:11:14 (2 weeks ago)	[server.tmg.gr] httpd-login-spray-site: sites=cardiobridge2023.gr; logs=/var/log/httpd/domains/cardi ... show more [server.tmg.gr] httpd-login-spray-site: sites=cardiobridge2023.gr; logs=/var/log/httpd/domains/cardiobridge2023.gr.log; samples=site_wide=true \| distinct_ips=29 \| /wp-login.php show less	Hacking Web App Attack
Anonymous	2026-04-11 18:17:56 (2 months ago)	[redacted] 65.111.12.128 - - [11/Apr/2026:20:17:51 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Wge ... show more [redacted] 65.111.12.128 - - [11/Apr/2026:20:17:51 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Wget/1.21.4" [redacted] 65.111.12.128 - - [11/Apr/2026:20:17:52 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "curl/8.6.0" [redacted] 65.111.12.128 - - [11/Apr/2026:20:17:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "curl/7.88.1" [redacted] 65.111.12.128 - - [11/Apr/2026:20:17:54 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "Wget/1.21.4" [redacted] 65.111.12.128 - - [11/Apr/2026:20:17:55 +0200] "POST /xmlrpc.php HTTP/1.1" 403 0 "-" "curl/8.6.0" ... show less	Hacking Web App Attack
🇩🇪 HERA - Operations	2026-02-11 21:58:13 (4 months ago)	argeforum - searching for vulnerable scripts: config 2026/02/11 22:58:13	Web App Attack
🇳🇱 homeshowdomain.nl	2026-02-10 23:01:03 (4 months ago)	Auto-ban: >3000 req/min op 2026-02-10	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2026-02-10 17:06:01 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.128 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 12:05:55.257768 2026] [security2:error] [pid 6825:tid 6825] [client 65.111.12.128:59117] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "anxietyquest.com"] [uri "/test/.git/config"] [unique_id "aYtlcwC6iLqE2QCQZAGeNAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 03:28:20 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.128 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 22:28:13.413618 2026] [security2:error] [pid 10528:tid 10528] [client 65.111.12.128:10171] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kirklandhighlands.org"] [uri "/config/.env"] [unique_id "aYqlzWuFw9YndEsinXS9TAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 23:43:39 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.128 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 18:43:32.567692 2026] [security2:error] [pid 14179:tid 14179] [client 65.111.12.128:9961] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kelvinlouie.com"] [uri "/config/.env"] [unique_id "aYpxJCecpdFoc5-P_h8RMgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-09 22:06:08 (4 months ago)	Blocking for trying to access an exploit file: /.env.production	Hacking

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇶 185.84.70.98

🇨🇳 175.8.60.76

🇺🇸 157.230.211.197

🇭🇰 103.106.188.32

🇮🇹 101.57.182.232

🇸🇬 101.47.27.73

🇺🇦 92.253.214.224

🇭🇰 45.142.154.97

🇨🇦 20.43.0.47

🇰🇿 2.134.15.12

🇲🇾 202.165.15.132

🇬🇧 193.163.125.37

🇨🇳 120.48.97.237

🇨🇳 120.48.11.36

🇨🇳 115.190.149.134

🇲🇲 103.154.241.61

🇮🇳 103.21.79.242

🇬🇧 87.106.65.126

🇦🇺 54.253.5.158

🇸🇬 47.84.103.98