JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.13.99

65.111.13.99 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 14%: ?

14%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.13.99

Whois 65.111.13.99

IP Abuse Reports for 65.111.13.99:

This IP address has been reported a total of 47 times from 22 distinct sources. 65.111.13.99 was first reported on July 13th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-13 22:03:06 (3 weeks ago)	Auto-ban: >3000 req/min op 2026-05-13	Web App Attack SSH Hacking
🇩🇪 4server	2026-05-13 10:49:52 (3 weeks ago)	[WedMay1312:49:45.6595322026][security2:error][pid1544917:tid1544937][client65.111.13.99:0]ModSecuri ... show more [WedMay1312:49:45.6595322026][security2:error][pid1544917:tid1544937][client65.111.13.99:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"sanierung-pilzen-schimmel-schweiz.ch\"][uri\"/.aws/credentials\"][unique_id\"agRXSTYpp1_Ljox9a3tCvwAAAAk\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 walnuts	2026-05-12 16:37:58 (4 weeks ago)	Automated: Triggered nginx security jail (nginx-444) - probing blocked paths on web server	Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-03-29 15:41:11 (2 months ago)	IM360 WAF: Possible SQL injection attack MV:ASC'))--	SQL Injection
🇳🇱 jjnxpct	2026-02-16 04:54:46 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.git/config (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .git/ found within REQUEST_FILENAME: /.git/config] show less	Hacking Web App Attack
🇺🇸 mnsf	2026-02-15 12:05:23 (3 months ago)	Too many Status 40X (12) Scanning/Probing (14)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 12:04:34 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 07:04:30.687269 2026] [security2:error] [pid 15427:tid 15427] [client 65.111.13.99:41529] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tiffanynovelty.com"] [uri "/backup/.git/config"] [unique_id "aZG2TsePjmQRcqh4ABbHLQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-02-15 11:41:30 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 06:47:26 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:47:22.051106 2026] [security2:error] [pid 9590:tid 9590] [client 65.111.13.99:29291] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "talamancareserve.com"] [uri "/api/.git/config"] [unique_id "aZFr-qOrYHpxGkb7CgcwsAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:19:04 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:19:00.953320 2026] [security2:error] [pid 7417:tid 7417] [client 65.111.13.99:42789] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "superiorhandyman.net"] [uri "/backend/.env"] [unique_id "aZFXRCqn1czwN9VIHFedgwAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:59:57 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:59:52.762060 2026] [security2:error] [pid 17669:tid 17669] [client 65.111.13.99:26421] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stmaarten-boatcharters.com"] [uri "/test/.git/config"] [unique_id "aZFEuOSFgCIgvAFboI5mHQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:18:28 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:18:22.915862 2026] [security2:error] [pid 27422:tid 27422] [client 65.111.13.99:61543] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "starktigers75.com"] [uri "/api/.env"] [unique_id "aZE6_iWQe-LwWhvKWEF70gAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:01:42 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:01:39.930562 2026] [security2:error] [pid 21304:tid 21304] [client 65.111.13.99:10587] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ssl-grp.com"] [uri "/admin/.git/config"] [unique_id "aZE3E1_v4_Xd0jw50mSzPQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:38:04 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:37:57.811616 2026] [security2:error] [pid 6960:tid 6960] [client 65.111.13.99:12475] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "n4ocw.com"] [uri "/backup/.git/config"] [unique_id "aZExhWxlNkE3x0YtA2L72QAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:15:38 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.13.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:15:31.176381 2026] [security2:error] [pid 14854:tid 14854] [client 65.111.13.99:63195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "speakertrainerconsultantpatdavis.com"] [uri "/.env.local"] [unique_id "aZEsQwgKpn9ElHo9x4cPDgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇩 114.130.85.36

🇺🇸 103.143.238.100

🇺🇾 179.27.99.9

🇨🇳 121.61.131.242

🇮🇩 103.90.27.83

🇺🇸 23.234.92.175

🇨🇳 1.24.16.30

🇪🇨 181.175.96.184

🇨🇳 125.39.179.192

🇮🇹 91.80.174.162

🇭🇰 65.181.88.245

🇸🇬 47.236.139.26

🇮🇩 43.243.142.42

🇺🇸 43.162.112.238

🇺🇸 43.153.74.62

🇲🇽 201.127.29.158

🇫🇷 91.231.89.133

🇺🇸 72.10.32.138

🇺🇸 71.6.167.142

🇯🇵 207.56.229.243