JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.22.228

65.111.22.228 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 22%: ?

22%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.22.228

Whois 65.111.22.228

IP Abuse Reports for 65.111.22.228:

This IP address has been reported a total of 15 times from 9 distinct sources. 65.111.22.228 was first reported on July 3rd 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-10 20:05:44 (1 day ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇨🇭 4server	2026-05-20 08:53:19 (3 weeks ago)	[WedMay2010:53:12.6938082026][security2:error][pid1799285:tid1799298][client65.111.22.228:0]ModSecur ... show more [WedMay2010:53:12.6938082026][security2:error][pid1799285:tid1799298][client65.111.22.228:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:10\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.fondazionemontgrand.ch\"][uri\"/.aws/credentials\"][unique_id\"ag12eGBCkGtG2JljTqBSgwAAAAs\"] show less	Hacking Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-05-20 03:07:01 (3 weeks ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,wa01,wa02]	Bad Web Bot Web App Attack
🇩🇪 Vegascosmetics	2026-05-03 21:50:26 (1 month ago)	Kingcopy(AI-IDS):IP does Multiple AWS Environment Abuse	Hacking Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:02:11 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇪🇸 10dencehispahard SL	2025-12-29 09:36:51 (5 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2025-12-08 06:28:49 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 01:28:44.525924 2025] [security2:error] [pid 28141:tid 28141] [client 65.111.22.228:40827] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gods-law.com"] [uri "/.git/HEAD"] [unique_id "aTZwHL-DHyl3_nZnJspEkgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 04:52:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 23:52:26.869508 2025] [security2:error] [pid 6564:tid 6564] [client 65.111.22.228:44635] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "machineryenchantress.com"] [uri "/.git/HEAD"] [unique_id "aTZZiuKlktdDlI-XicflWwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 13:39:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 08:39:49.602770 2025] [security2:error] [pid 3239:tid 3239] [client 65.111.22.228:46791] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rame-int.com"] [uri "/.env"] [unique_id "aTLgpaorPfdglR7m4iFspQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 04:36:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 23:36:17.548059 2025] [security2:error] [pid 24237:tid 24237] [client 65.111.22.228:26521] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "darensicecream.com"] [uri "/.env"] [unique_id "aTJhQTaIiwR_dYuDvlHOxAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 02:49:48 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 21:49:42.542511 2025] [security2:error] [pid 18832:tid 18832] [client 65.111.22.228:39673] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "virginiabeachlovebird.com"] [uri "/.git/HEAD"] [unique_id "aTJIRnII9y14rNkg3vSxmAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-12-16 13:38:52 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 65.111.22.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 16 08:38:47.829539 2024] [security2:error] [pid 22145:tid 22207] [client 65.111.22.228:39203] [client 65.111.22.228] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gabegabel.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gabegabel.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z2AtZ5t1CO6yDBRnuuyhWwAAAFA"], referer: https://gabegabel.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-07-19 00:26:01 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-07-03 02:44:43 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.240

🇺🇸 170.23.14.221

🇬🇦 154.116.106.62

🇧🇷 138.99.79.29

🇨🇳 115.231.78.11

🇫🇷 84.46.247.185

🇮🇳 49.43.134.126

🇺🇸 192.227.213.228

🇳🇱 185.93.89.154

🇻🇳 152.32.163.183

🇫🇮 147.185.133.135

🇨🇳 106.13.174.45

🇷🇴 92.118.39.236

🇺🇸 44.183.99.113

🇨🇳 39.181.29.180

🇺🇸 20.29.21.127

🇺🇸 2607:f8b0:4004:1000::12a

🇰🇷 218.51.148.194

🇺🇸 216.73.160.166

🇮🇳 168.144.81.184