JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.12.87

65.111.12.87 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.12.87

Whois 65.111.12.87

IP Abuse Reports for 65.111.12.87:

This IP address has been reported a total of 37 times from 18 distinct sources. 65.111.12.87 was first reported on July 6th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 el-brujo	2026-05-07 07:37:18 (4 weeks ago)	Cloudflare WAF: Request Path: /.env Request Query: Host: www.elhacker.net userAgent: Mozilla/5.0 (i ... show more Cloudflare WAF: Request Path: /.env Request Query: Host: www.elhacker.net userAgent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 Action: block Source: firewallManaged ASN Description: 3xK Tech GmbH Country: US Method: GET Timestamp: 2026-05-07T07:37:18Z ruleId: 23548ee2b36547a1be09bb2c0550c529. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-01-03 10:27:02 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 03 05:26:56.901114 2026] [security2:error] [pid 14896:tid 14896] [client 65.111.12.87:23093] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "enriquejezik.com"] [uri "/wp-config.php"] [unique_id "aVju8M1gvJEwi9iDVmkUQQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 GabrielJST	2026-01-01 00:18:00 (5 months ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 65.111.12.87 (US/United ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 65.111.12.87 (US/United States/-) show less	Port Scan
🇧🇪 taivas.nl	2025-12-31 05:32:43 (5 months ago)	Many_bad_calls	Web App Attack
🇧🇪 taivas.nl	2025-12-30 17:02:14 (5 months ago)	Bad_requests	Bad Web Bot
🇮🇹 VHosting	2025-12-23 19:05:45 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇫🇷 COMAITE	2025-12-20 18:21:46 (5 months ago)	Suspicious URL access.	Web App Attack
Anonymous	2025-12-03 15:00:49 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-26 11:21:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:21:26.617916 2025] [security2:error] [pid 18968:tid 18968] [client 65.111.12.87:55867] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.jessemack.com"] [uri "/.svn/wc.db"] [unique_id "aSbitgSrb8696iHg16is2wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 08:40:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 03:39:58.680821 2025] [security2:error] [pid 26062:tid 26062] [client 65.111.12.87:51453] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.livesteamtracks.info"] [uri "/.env"] [unique_id "aSa83uNkBraUYFB6XHdTrAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:33:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:33:21.744994 2025] [security2:error] [pid 5194:tid 5194] [client 65.111.12.87:42213] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.millergrain.com"] [uri "/.svn/wc.db"] [unique_id "aSaRIXMM7jdBBnSA3hmbdQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:08:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:08:03.617099 2025] [security2:error] [pid 26691:tid 26691] [client 65.111.12.87:39715] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.rodzillacharters.com"] [uri "/.env"] [unique_id "aSZhA3TkfR28fP3qEydy1AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:48:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:48:18.295819 2025] [security2:error] [pid 2848:tid 2848] [client 65.111.12.87:52883] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.blc2.co"] [uri "/.env"] [unique_id "aSQp4vhnHeZ0zAaK10qPDQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:32:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:32:51.695380 2025] [security2:error] [pid 20394:tid 20394] [client 65.111.12.87:51877] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.jrqdesign.com"] [uri "/.git/HEAD"] [unique_id "aSQmQ3m0czZZG_-sQJ-31QAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 01:23:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.12.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 20:23:38.486116 2025] [security2:error] [pid 19797:tid 19797] [client 65.111.12.87:57351] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.yukihouse.hk"] [uri "/.svn/wc.db"] [unique_id "aSOzmn0jy0Al0quawtL5_QAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.56

🇧🇪 198.235.24.209

🇨🇳 114.217.103.38

🇨🇦 85.217.149.10

🇮🇹 83.224.150.157

🇩🇪 77.91.71.10

🇶🇦 34.153.65.81

🇲🇾 202.184.70.177

🇨🇷 201.191.171.196

🇺🇸 195.184.76.215

🇳🇱 192.142.24.156

🇨🇴 190.171.78.101

🇬🇹 190.148.209.71

🇧🇷 160.238.109.252

🇮🇳 117.242.47.207

🇫🇷 89.117.51.126

🇺🇸 47.77.233.6

🇵🇱 213.134.175.66

🇺🇸 205.210.31.105

🇺🇸 202.8.41.119