JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.23.20

65.111.23.20 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.23.20

Whois 65.111.23.20

IP Abuse Reports for 65.111.23.20:

This IP address has been reported a total of 16 times from 8 distinct sources. 65.111.23.20 was first reported on July 3rd 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 as211431.net	2026-04-05 13:36:33 (2 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇧🇷 hostseries	2026-02-23 18:32:25 (3 months ago)	Trigger: LF_DISTATTACK	Brute-Force
🇺🇸 TPI-Abuse	2025-11-24 08:44:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:44:01.318654 2025] [security2:error] [pid 1655:tid 1655] [client 65.111.23.20:60947] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.loupgaroubooks.com"] [uri "/.env"] [unique_id "aSQa0XDoOciTxMYed0pxZgAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:21:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:21:17.748221 2025] [security2:error] [pid 18193:tid 18263] [client 65.111.23.20:23791] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.koublacat.com"] [uri "/.env"] [unique_id "aSP5XZqABul9tZzps9kqhwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 london2038.com	2025-10-23 22:01:29 (7 months ago)	Connection atttempts against closed TCP ports Oct 24 00:01:26 BLOCK SRC=65.111.23.20 LEN=60 TOS=0x00 ... show more Connection atttempts against closed TCP ports Oct 24 00:01:26 BLOCK SRC=65.111.23.20 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=41237 DF PROTO=TCP SPT=12389 DPT=22 WINDOW=64240 RES=0x00 SYN Oct 24 00:01:27 BLOCK SRC=65.111.23.20 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=41238 DF PROTO=TCP SPT=12389 DPT=22 WINDOW=64240 RES=0x00 SYN Oct 24 00:01:28 BLOCK SRC=65.111.23.20 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=41239 DF PROTO=TCP SPT=12389 DPT=22 WINDOW=64240 RES=0x00 SYN show less	Port Scan
🇺🇸 TPI-Abuse	2025-10-16 15:13:49 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.23.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 65.111.23.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 16 11:13:42.743147 2025] [security2:error] [pid 6130:tid 6179] [client 65.111.23.20:27927] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|iamfluff.com\|F\|2"] [data ".iamfluff.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "iamfluff.com"] [uri "/ftp:/ftp.iamfluff.com"] [unique_id "aPELphLS5ngaqF6GewMhfgAAAQo"], referer: http://iamfluff.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2025-10-09 05:14:03 (7 months ago)	13 attacks on Wordpress URLs, PHP URLs: GET /cms/wp-includes/wlwmanifest.xml HTTP/1.1 GET /xmlrpc.ph ... show more 13 attacks on Wordpress URLs, PHP URLs: GET /cms/wp-includes/wlwmanifest.xml HTTP/1.1 GET /xmlrpc.php?rsd HTTP/1.1 show less	Web App Attack
Anonymous	2025-01-14 10:27:34 (1 year ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.01.14 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.01.14 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-01-11 01:47:12 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 65.111.23.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 65.111.23.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 10 20:47:07.926225 2025] [security2:error] [pid 19059:tid 19059] [client 65.111.23.20:46891] [client 65.111.23.20] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|seagrovesrealty.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "seagrovesrealty.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4HNmyDrUAQPXLHI0bfLnQAAAAg"], referer: https://seagrovesrealty.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-11-20 05:16:29 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
Anonymous	2024-11-18 05:25:50 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
Anonymous	2024-10-28 12:20:37 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
Anonymous	2024-07-18 00:02:07 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-07-16 08:34:22 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-07-09 03:48:00 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 165.154.134.156

🇩🇪 130.12.180.153

🇧🇬 79.124.40.174

🇺🇸 66.132.172.204

🇺🇸 20.169.91.107

🇺🇸 216.126.236.108

🇩🇪 209.38.237.233

🇺🇸 195.184.76.80

🇸🇪 193.138.218.204

🇨🇦 178.93.201.198

🇩🇪 167.94.146.52

🇩🇪 167.94.145.27

🇺🇸 156.229.163.164

🇺🇸 147.185.132.216

🇨🇳 139.170.73.14

🇺🇸 109.105.210.53

🇭🇰 103.231.14.54

🇭🇰 103.210.238.204

🇨🇮 102.209.221.188

🇺🇸 66.132.172.39