JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.2.199

65.111.2.199 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 21%: ?

21%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.2.199

Whois 65.111.2.199

IP Abuse Reports for 65.111.2.199:

This IP address has been reported a total of 28 times from 17 distinct sources. 65.111.2.199 was first reported on July 10th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 ELYAZ	2026-06-17 10:45:13 (1 day ago)	(y4) Failed scan -byebye- from 65.111.2.199 (US/United States/-): (CF_ENABLE)	Hacking
Anonymous	2026-06-17 03:43:53 (2 days ago)	[ns31.kdns.gr] httpd-login-spray-site: sites=vasilikisagkioti.gr; logs=/var/log/httpd/domains/vasili ... show more [ns31.kdns.gr] httpd-login-spray-site: sites=vasilikisagkioti.gr; logs=/var/log/httpd/domains/vasilikisagkioti.gr.log; samples=site_wide=true \| distinct_ips=64 \| /wp-login.php show less	Hacking Web App Attack
🇬🇧 PeravixGroup	2026-06-09 22:43:27 (1 week ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇩🇪 HandyTreff.de	2026-03-17 02:00:00 (3 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -51.373 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -51.373 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Sa show less	Web App Attack Bad Web Bot
🇨🇦 SSH-Admin	2026-02-07 17:12:28 (4 months ago)	Probing for Exploits	Exploited Host Web App Attack
Anonymous	2026-02-01 15:17:02 (4 months ago)	Malicious activity detected	Hacking Web App Attack
🇩🇪 F242	2026-01-30 05:46:58 (4 months ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇩🇪 bescared	2026-01-11 15:34:15 (5 months ago)	F2B - Malicious activity detected. URL Probing.	Hacking Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:00:55 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇨🇦 SSH-Admin	2025-12-27 13:45:08 (5 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇬🇧 openstrike.co.uk	2025-12-11 09:16:53 (6 months ago)	9 packets to port 2083	Port Scan
🇺🇸 TPI-Abuse	2025-11-25 05:30:48 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.2.199 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.2.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:30:42.896183 2025] [security2:error] [pid 11407:tid 11407] [client 65.111.2.199:16007] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.talamancareserve.com"] [uri "/.svn/wc.db"] [unique_id "aSU_Aqtamlr9GkM6NfwcCgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:25:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.2.199 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.2.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:25:24.475606 2025] [security2:error] [pid 6681:tid 6681] [client 65.111.2.199:36093] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.batw.net"] [uri "/.env"] [unique_id "aSUvtAYKdmIS5OxXD8f1JAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:00:15 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.2.199 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.2.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:59:57.441930 2025] [security2:error] [pid 17716:tid 17716] [client 65.111.2.199:16735] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.aquanauticsige.com"] [uri "/.git/HEAD"] [unique_id "aSUpveMPnLWNuq90Qp-DRQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 165.154.200.214

🇨🇦 99.243.126.66

🇵🇱 87.251.64.147

🇷🇴 80.94.92.182

🇧🇪 34.156.89.0

🇧🇷 177.120.216.0

🇨🇳 117.187.180.236

🇺🇸 40.74.208.9

🇺🇸 16.58.56.214

🇺🇸 207.90.244.26

🇺🇸 184.105.247.207

🇫🇮 147.185.133.192

🇳🇱 77.91.71.12

🇺🇸 66.132.195.24

🇮🇳 45.43.45.254

🇺🇸 18.119.209.50

🇳🇱 195.178.110.199

🇳🇱 193.176.31.220

🇬🇧 165.154.174.27

🇨🇳 121.40.84.38