JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.22.103

65.111.22.103 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 4%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.22.103

Whois 65.111.22.103

IP Abuse Reports for 65.111.22.103:

This IP address has been reported a total of 29 times from 14 distinct sources. 65.111.22.103 was first reported on June 27th 2024, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 04:09:17 (3 days ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 14:14:16 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 09:14:09.848002 2026] [security2:error] [pid 17755:tid 17762] [client 65.111.22.103:46491] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|vivierae.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vivierae.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZhsMcbzMeiXcXVe27iiMAAAAQM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:54 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇵🇱 sefinek.net	2025-12-27 20:51:10 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/89.0.4447.51 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-29 02:30:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 21:30:26.301138 2025] [security2:error] [pid 21811:tid 21811] [client 65.111.22.103:24079] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "acadianahero.com"] [uri "/wp-config.php.bak"] [unique_id "aSpawrwbzPPg7DflEGeJ1gAAACk"], referer: http://acadianaheroes.com/wp-config.php.bak show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-29 00:15:43 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 19:15:35.468350 2025] [security2:error] [pid 21641:tid 21641] [client 65.111.22.103:14921] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ablg.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ablg.net"] [uri "/backup.sql"] [unique_id "aSo7JxSkO-n4jYkIIvPOqQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-11-28 09:44:11 (6 months ago)	Blocking for trying to access an exploit file: /.env.local	Hacking
🇺🇸 TPI-Abuse	2025-11-28 05:12:50 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 00:12:42.516525 2025] [security2:error] [pid 5308:tid 5308] [client 65.111.22.103:39727] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|alsdepot.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "alsdepot.com"] [uri "/dump.sql"] [unique_id "aSkvSr2McIT03LLUy_oetAAAAAU"], referer: http://alsdepot.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2025-11-25 14:35:18 (6 months ago)	Request content type is not allowed by policy. Match of "within %{tx.allowed_request_content_type}" ... show more Request content type is not allowed by policy. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. (920420-193) show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:40:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:40:24.170703 2025] [security2:error] [pid 28001:tid 28001] [client 65.111.22.103:21585] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.eissenstat.com"] [uri "/.git/HEAD"] [unique_id "aSQZ-OGl5c3vmlMrUkKaGgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:23:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:23:36.124888 2025] [security2:error] [pid 15119:tid 15119] [client 65.111.22.103:46937] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.richmondrents.com"] [uri "/.git/HEAD"] [unique_id "aSQH-E3hOQo2aePHtVr9GwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:50:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:50:01.975872 2025] [security2:error] [pid 27919:tid 27919] [client 65.111.22.103:56189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.arsenaultartistmanagement.com"] [uri "/.svn/wc.db"] [unique_id "aSPj-WNDjxc5zEbdUgDhHgAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:31:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:31:46.470781 2025] [security2:error] [pid 18193:tid 18264] [client 65.111.22.103:54019] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.3sacloud.potashbarn.com"] [uri "/.env"] [unique_id "aSPfspqABul9tZzps9kcVwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2025-10-16 08:21:10 (8 months ago)	Form spam	Web Spam
🇺🇸 oncord	2025-10-07 11:47:53 (8 months ago)	Form spam	Web Spam

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 98.158.78.45

🇺🇸 180.178.51.170

🇹🇭 164.115.133.50

🇺🇸 146.70.34.58

🇨🇦 85.217.149.2

🇺🇸 20.55.213.114

🇨🇦 4.204.223.67

🇺🇸 2607:f8b0:4002:c00::120

🇨🇳 221.181.210.98

🇯🇵 203.25.124.171

🇷🇺 109.248.253.5

🇪🇸 85.152.57.60

🇧🇬 79.124.58.142

🇺🇸 162.216.150.101

🇨🇳 119.123.31.23

🇬🇧 86.163.27.35

🇩🇪 54.37.74.179

🇰🇿 45.8.119.168

🇺🇸 40.121.179.100

🇺🇸 40.77.167.42