JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.13.49

65.111.13.49 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 2%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.13.49

Whois 65.111.13.49

IP Abuse Reports for 65.111.13.49:

This IP address has been reported a total of 35 times from 19 distinct sources. 65.111.13.49 was first reported on June 26th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-05-18 18:15:52 (2 weeks ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 21-15.65.111.13.49.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 21-15.65.111.13.49.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-05 08:08:53 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 03:08:46.244440 2026] [security2:error] [pid 5953:tid 6037] [client 65.111.13.49:11987] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.howardhallis.com"] [uri "/.git/objects/ae/0af7a8f101c5ad212fd54840dfba1e3211f37b"] [unique_id "aak6Du9_LUubsM0EwzyNPQAAAc0"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 [email protected]	2026-03-04 00:26:05 (3 months ago)	65.111.13.49 - - [04/Mar/2026:00:24:32 +0000] "GET /.git/objects/01/e96d71e2821cbab5387600dfa420be99 ... show more 65.111.13.49 - - [04/Mar/2026:00:24:32 +0000] "GET /.git/objects/01/e96d71e2821cbab5387600dfa420be99f14fe8 HTTP/1.1" 404 332 "http://academy.scotland-excel.org.uk/.git/objects/01/e96d71e2821cbab5387600dfa420be99f14fe8" "Go-http-client/1.1" 65.111.13.49 - - [04/Mar/2026:00:25:23 +0000] "GET /.git/objects/39/5862f84ede388521aaa6c093f05ed1f97c9c2f HTTP/1.1" 404 332 "http://academy.scotland-excel.org.uk/.git/objects/39/5862f84ede388521aaa6c093f05ed1f97c9c2f" "Go-http-client/1.1" 65.111.13.49 - - [04/Mar/2026:00:26:04 +0000] "GET /.git/objects/75/bbef4e30232764298a30169f6ad1b64453491e HTTP/1.1" 404 332 "http://academy.scotland-excel.org.uk/.git/objects/75/bbef4e30232764298a30169f6ad1b64453491e" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 15:28:56 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 10:28:51.112810 2026] [security2:error] [pid 29617:tid 29617] [client 65.111.13.49:43193] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|heavenonearthonline.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "heavenonearthonline.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aZh9szGid3ZfdtkUw7K-twAAAA0"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2026-02-10 13:57:20 (3 months ago)	Accessed trap at '/wp-login.php'	Web App Attack
🇳🇱 i-turnradio.nl	2026-01-17 04:36:05 (4 months ago)	2026-01-17 05:36:04 (CET) ~ Blocked by abusescan risk assessment	Web App Attack
🇫🇷 dynamix	2026-01-03 11:28:59 (5 months ago)	Multiple WAF Violations	Web App Attack
🇨🇭 backslash	2026-01-02 17:00:18 (5 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇮🇹 VHosting	2025-12-28 08:15:03 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇫🇷 dynamix	2025-12-16 11:51:53 (5 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:00:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:00:23.192332 2025] [security2:error] [pid 13214:tid 13214] [client 65.111.13.49:53707] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.eagleoaks.net"] [uri "/.env"] [unique_id "aSUbxx2HEgn3nV9vwPbimwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:18:32 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:18:25.674261 2025] [security2:error] [pid 23835:tid 23835] [client 65.111.13.49:33865] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kalvannaawards.com"] [uri "/.svn/wc.db"] [unique_id "aSUD4Y0qa_mcDgN0rryEVwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:40:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:40:50.255094 2025] [security2:error] [pid 19117:tid 19117] [client 65.111.13.49:9279] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hollywoo11.exotic-dancers-los-angeles.com"] [uri "/.svn/wc.db"] [unique_id "aST7En311ZYFJPS0lLGHsgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:57:19 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:57:12.045770 2025] [security2:error] [pid 22010:tid 22010] [client 65.111.13.49:44095] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.psychoatomicpower.com"] [uri "/.svn/wc.db"] [unique_id "aSQd6NQsrxUXvlwXjD4koQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-22 03:02:46 (6 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 05-02.65.111.13.49.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 05-02.65.111.13.49.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.127.70.167

🇺🇸 173.255.223.49

🇺🇸 173.15.119.25

🇩🇪 116.202.20.68

🇺🇸 43.166.242.149

🇺🇸 20.163.32.211

🇨🇳 14.103.112.104

🇨🇳 183.150.182.121

🇨🇲 165.210.33.192

🇺🇸 72.181.0.147

🇮🇩 69.5.7.218

🇰🇷 220.125.120.231

🇬🇧 217.146.80.101

🇫🇷 185.194.219.201

🇩🇪 178.105.219.94

🇳🇱 92.63.197.5

🇷🇴 2.57.122.177

🇺🇸 172.96.182.111

🇩🇪 130.12.181.103

🇨🇳 112.101.183.110