JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.22.238

65.111.22.238 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.22.238

Whois 65.111.22.238

IP Abuse Reports for 65.111.22.238:

This IP address has been reported a total of 15 times from 10 distinct sources. 65.111.22.238 was first reported on July 17th 2024, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-02-15 05:58:12 (3 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇺🇸 TPI-Abuse	2026-01-17 08:08:17 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 03:08:09.897782 2026] [security2:error] [pid 2494354:tid 2494354] [client 65.111.22.238:25049] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "studiopilates.net"] [uri "/.env"] [unique_id "aWtDabNM6UWUAqZKWKeqJwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 07:20:01 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.22.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.22.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 02:19:55.301692 2026] [security2:error] [pid 31574:tid 31574] [client 65.111.22.238:59271] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.iktonline.org"] [uri "/.env"] [unique_id "aWs4G-NSCnXJqpOtZPEjCgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2025-10-04 04:23:43 (8 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2025-01-11 00:03:02 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 65.111.22.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 65.111.22.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 10 19:02:56.707182 2025] [security2:error] [pid 11237:tid 11237] [client 65.111.22.238:40939] [client 65.111.22.238] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|serpentstudios.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "serpentstudios.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4G1MHexswIO_10U6oWs3QAAABI"], referer: https://serpentstudios.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 [email protected]	2024-12-16 06:00:00 (1 year ago)	Invalid username or password - 1 times	Brute-Force
🇺🇸 [email protected]	2024-12-16 00:00:00 (1 year ago)	2024 @ 06:57:19.500	Brute-Force
🇺🇸 [email protected]	2024-12-16 00:00:00 (1 year ago)	2024 @ 06:57:19.500	Brute-Force
🇦🇺 MAGIC	2024-12-13 08:04:25 (1 year ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇮🇹 Progetto1	2024-12-11 22:22:02 (1 year ago)	Mail - Multiple failed login attempts	Brute-Force Exploited Host
🇩🇪 Hazzard	2024-12-05 03:30:10 (1 year ago)	(imapd) Failed IMAP login from 65.111.22.238 (US/United States/Virginia/Ashburn/-/[redacted])	Brute-Force
🇨🇿 lp	2024-11-25 12:01:47 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 65.111.22.238 2024-11-25T12:05:31+01: ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 65.111.22.238 2024-11-25T12:05:31+01:00 vpn Access-Reject 'hlavicko' station: 65.111.22.238 auth-type: PAP realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇪🇸 librebit	2024-11-07 09:53:22 (1 year ago)	RDWeb scan	Web App Attack
🇺🇸 TPI-Abuse	2024-10-01 11:16:49 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 65.111.22.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 65.111.22.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 01 07:16:44.103852 2024] [security2:error] [pid 14666:tid 14666] [client 65.111.22.238:24073] [client 65.111.22.238] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|g-h2o.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "g-h2o.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZvvaHK-9Y4cdtnBxrtEcjAAAAAs"], referer: https://g-h2o.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-07-17 00:06:13 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇿 213.230.93.126

🇵🇱 194.180.49.71

🇺🇸 154.6.58.20

🇻🇳 125.212.159.209

🇨🇳 101.96.200.105

🇮🇳 47.247.80.227

🇳🇱 45.156.87.253

🇨🇳 14.103.249.155

🇨🇳 223.71.254.162

🇦🇪 198.38.94.14

🇳🇱 193.176.31.237

🇬🇧 193.163.125.247

🇨🇳 183.200.36.169

🇧🇷 179.125.169.27

🇨🇳 171.42.240.185

🇺🇸 170.39.225.162

🇨🇦 168.138.90.7

🇲🇾 115.164.33.196

🇳🇵 103.86.56.252

🇿🇦 102.213.133.44