JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.23.194

65.111.23.194 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.23.194

Whois 65.111.23.194

IP Abuse Reports for 65.111.23.194:

This IP address has been reported a total of 24 times from 13 distinct sources. 65.111.23.194 was first reported on July 4th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 ctrlpew	2026-05-19 01:01:01 (3 weeks ago)	WordPress login brute-force botnet targeting ctrlpew.com. Distributed IPs cycling every 3 seconds wi ... show more WordPress login brute-force botnet targeting ctrlpew.com. Distributed IPs cycling every 3 seconds with UA rotation. All attempts against non-existent usernames. 2026-05-18. show less	Brute-Force Web App Attack
Anonymous	2026-04-29 01:56:14 (1 month ago)	Forum/form spam	Web Spam
🇱🇻 garmtech.com	2026-04-23 04:29:25 (1 month ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 07-29.65.111.23.194.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 07-29.65.111.23.194.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇱🇻 garmtech.com	2026-04-16 09:56:02 (1 month ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 12-56.65.111.23.194.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 12-56.65.111.23.194.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇺🇸 oncord	2026-03-11 05:26:45 (3 months ago)	Form spam	Web Spam
Anonymous	2026-03-01 07:01:32 (3 months ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
🇦🇺 oncord	2026-02-22 13:14:13 (3 months ago)	Form spam	Web Spam
🇦🇺 oncord	2026-02-12 15:00:57 (4 months ago)	Form spam	Web Spam
🇨🇭 backslash	2026-02-09 14:20:07 (4 months ago)	block ruleset 6A1105329D233F6F53B9B61CE056BD4DAAE75AB4	Web Spam
🇺🇸 TPI-Abuse	2025-12-10 14:52:11 (6 months ago)	"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized ac ... show more "Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized access" show less	DDoS Attack SQL Injection Exploited Host
🇺🇸 TPI-Abuse	2025-12-02 10:06:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.194 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 05:05:58.940754 2025] [security2:error] [pid 424354:tid 424410] [client 65.111.23.194:20285] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fastesttrademark.com"] [uri "/.git/HEAD"] [unique_id "aS66BkEx8a5AyelV2PFCJAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2025-12-02 00:49:21 (6 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 10:36:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.194 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:36:28.436098 2025] [security2:error] [pid 5660:tid 5660] [client 65.111.23.194:15787] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.fsmfl.com"] [uri "/.svn/wc.db"] [unique_id "aSbYLHzuPFzMZbGgwsEWAQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 06:38:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.194 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:38:24.178464 2025] [security2:error] [pid 22520:tid 22520] [client 65.111.23.194:24831] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.geckoturner.com"] [uri "/.svn/wc.db"] [unique_id "aSagYFWKXjlMIfETjUtQcwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2604:a880:400:d1:0:4:9624:d001

🇩🇪 213.209.159.226

🇺🇸 205.210.31.20

🇬🇧 193.163.125.252

🇺🇸 172.191.239.155

🇵🇱 83.168.110.24

🇳🇱 45.148.10.240

🇰🇷 1.238.106.229

🇨🇳 221.228.10.226

🇺🇸 191.101.33.114

🇮🇶 185.56.193.57

🇺🇸 162.216.149.236

🇯🇵 133.167.92.227

🇮🇳 128.185.201.26

🇺🇸 108.187.71.202

🇳🇱 45.148.10.141

🇭🇰 43.155.21.198

🇺🇸 35.224.120.198

🇬🇧 35.203.210.141

🇺🇸 34.173.114.165