JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.13.66

65.111.13.66 was found in our database!

This IP was reported 55 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.13.66

Whois 65.111.13.66

IP Abuse Reports for 65.111.13.66:

This IP address has been reported a total of 55 times from 19 distinct sources. 65.111.13.66 was first reported on July 9th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 ctrlpew	2026-05-19 01:01:03 (2 weeks ago)	WordPress login brute-force botnet targeting ctrlpew.com. Distributed IPs cycling every 3 seconds wi ... show more WordPress login brute-force botnet targeting ctrlpew.com. Distributed IPs cycling every 3 seconds with UA rotation. All attempts against non-existent usernames. 2026-05-18. show less	Brute-Force Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇳🇱 jjnxpct	2026-02-19 04:50:40 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.env.production (Rule ID: 930130) - Restricted File Access Attempt show less	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-02-18 03:46:13 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 22:46:04.744701 2026] [security2:error] [pid 2019:tid 2019] [client 65.111.13.66:59721] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "robcruickshank.com"] [uri "/config/.env"] [unique_id "aZU1_LNf_g0h-AdxUy3E9QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 02:29:48 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 21:29:44.096690 2026] [security2:error] [pid 8735:tid 8735] [client 65.111.13.66:62035] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "renperfco.com"] [uri "/config/.env"] [unique_id "aZUkGD8NtjyQ3lMDgChtUQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 00:53:00 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 19:52:50.353280 2026] [security2:error] [pid 1506832:tid 1506832] [client 65.111.13.66:45399] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pawlewicz.org"] [uri "/.env.staging"] [unique_id "aZUNYiH9LMHemDF-Preb2gAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 etu brutus	2026-02-09 21:05:49 (3 months ago)	65.111.13.66 has been banned for [WebApp Attack] ...	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 19:48:03 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 14:47:54.378689 2026] [security2:error] [pid 717735:tid 717756] [client 65.111.13.66:30201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gafm.org"] [uri "/frontend/.env"] [unique_id "aYo56le2saaLoPBOZVo6yQAAAEo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-09 19:10:37 (3 months ago)	Blocking for trying to access an exploit file: /.env.local	Hacking
🇺🇸 TPI-Abuse	2026-02-09 09:54:21 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 04:54:14.331873 2026] [security2:error] [pid 1378874:tid 1378874] [client 65.111.13.66:51245] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gabbyspetnanny.com"] [uri "/.env.staging"] [unique_id "aYmuxiT4bT3Bu86QaGWMTAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 09:06:00 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 04:05:48.937209 2026] [security2:error] [pid 17548:tid 17548] [client 65.111.13.66:19133] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "g-peopleland.com"] [uri "/dev/.git/config"] [unique_id "aYmjbEPjwTw8r-rNG-BZuAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 tilellit.pro	2026-01-20 01:59:02 (4 months ago)	Fail2Ban banned 65.111.13.66 for security violations in jail wp-armour. Log: 2026/01/20 01:59:01 [er ... show more Fail2Ban banned 65.111.13.66 for security violations in jail wp-armour. Log: 2026/01/20 01:59:01 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 65.111.13.66 \| Target: wplogin" , client: 65.111.13.66, server: [REDACTED], request: "POST /wp-login.php HTTP/2.0", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇧🇪 DrLex0	2026-01-09 00:33:30 (4 months ago)	Suspect single hit only to guestbook page prohibited by robots.txt, from multiple IPs in the same ra ... show more Suspect single hit only to guestbook page prohibited by robots.txt, from multiple IPs in the same ranges owned by DREI-K-TECH-GMBH, DE show less	Bad Web Bot
Anonymous	2025-12-22 14:46:33 (5 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-12-09 23:42:21 (5 months ago)	botnet	DDoS Attack

Showing 1 to 15 of 55 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 185.234.69.227

🇺🇸 69.50.93.34

🇺🇸 2600:3c03::2000:dfff:fe9c:c32a

🇳🇱 176.65.149.124

🇺🇸 162.216.149.222

🇺🇸 162.158.155.21

🇭🇰 152.32.135.135

🇫🇮 147.185.133.155

🇺🇸 147.185.132.194

🇺🇸 143.244.168.161

🇫🇷 141.11.1.134

🇮🇩 103.98.176.164

🇹🇭 101.109.241.113

🇺🇸 66.132.172.208

🇨🇳 36.111.80.93

🇩🇪 176.65.132.39

🇳🇱 172.71.95.89

🇬🇧 172.69.43.224

🇨🇳 101.126.88.251

🇧🇬 78.128.113.22