JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.23.208

65.111.23.208 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 4%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.23.208

Whois 65.111.23.208

IP Abuse Reports for 65.111.23.208:

This IP address has been reported a total of 19 times from 9 distinct sources. 65.111.23.208 was first reported on July 6th 2024, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 4server	2026-06-19 10:42:47 (3 days ago)	[FriJun1912:42:41.1391712026][security2:error][pid2734459:tid2734755][client65.111.23.208:0]ModSecur ... show more [FriJun1912:42:41.1391712026][security2:error][pid2734459:tid2734755][client65.111.23.208:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\^/wp-content/plugins/[\^/] /\(readme\\\\\\\\.txt\\|changelog\\\\\\\\.txt\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"382\"][id\"960828\"][msg\"WordPresspluginenumerationblocked\"][hostname\"www.edomustech.ch.81-17-25-250.cpanel.site\"][uri\"/wp-content/plugins/download-manager/readme.txt\"][unique_id\"ajUdIVB5fhSx-FxsE7q-UgAAARA\"] show less	Hacking Web App Attack
🇷🇴 INTEQ	2026-02-08 12:09:38 (4 months ago)	Web attack from 65.111.23.208	Web App Attack
🇺🇸 TPI-Abuse	2025-12-28 14:29:08 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 09:29:03.023437 2025] [security2:error] [pid 21003:tid 21003] [client 65.111.23.208:11969] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "americanvaluesbooks.com"] [uri "/.git/HEAD"] [unique_id "aVE-r_B35FX4Ltewo4YFtwAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-28 13:08:12 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 08:08:07.654574 2025] [security2:error] [pid 19272:tid 19272] [client 65.111.23.208:58925] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "roselowry.com"] [uri "/.svn/wc.db"] [unique_id "aVErt65Cu4SrwLKIl8_TTAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-28 12:42:55 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 07:42:51.220185 2025] [security2:error] [pid 6933:tid 6933] [client 65.111.23.208:17095] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shiverdigital.com"] [uri "/.git/HEAD"] [unique_id "aVEly82z13Nrl2IIwNR-OwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-28 08:50:42 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 03:50:37.197145 2025] [security2:error] [pid 5592:tid 5592] [client 65.111.23.208:28709] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "avmarep.com"] [uri "/.git/HEAD"] [unique_id "aVDvXZvI7txrZ7SbIVsEewAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 21:12:15 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 16:12:11.254217 2025] [security2:error] [pid 22028:tid 22028] [client 65.111.23.208:60111] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cuddliesforkids.com"] [uri "/.env"] [unique_id "aVBLq7xDUzH3AN4PmKRlsgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 iNetWorker	2025-12-27 19:04:07 (5 months ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 16:23:52 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 11:23:46.992471 2025] [security2:error] [pid 3597:tid 3597] [client 65.111.23.208:39383] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jaynawilliamsrealty.com"] [uri "/.svn/wc.db"] [unique_id "aVAIEis4KSzzrt_IkCcqUAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-27 14:34:19 (5 months ago)	"GET /.git/HEAD HTTP/1.1"	Hacking Web App Attack
🇵🇱 Roper123	2025-12-27 13:35:02 (5 months ago)	Web app exploits	Web App Attack
🇺🇸 TPI-Abuse	2025-12-26 03:57:03 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 25 22:56:50.457194 2025] [security2:error] [pid 32479:tid 32479] [client 65.111.23.208:47005] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dodgersboosterclub.com"] [uri "/.env"] [unique_id "aU4Hgk6qFIwReZcrlfVAQgAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-07 06:25:36 (1 year ago)	This IP was involved in an brute force and password spray attack on 2025/01/07 00:22:52	Port Scan Brute-Force Exploited Host Web App Attack
🇺🇸 anon333	2024-10-06 19:36:45 (1 year ago)	Hacker syslog review 1728243404	Hacking
Anonymous	2024-07-18 00:08:52 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 205.254.174.222

🇷🇴 80.94.92.178

🇺🇸 72.153.5.141

🇨🇳 223.93.164.218

🇺🇸 162.216.149.168

🇺🇸 152.32.150.7

🇩🇪 128.1.121.245

🇨🇳 125.110.236.15

🇨🇳 118.145.237.236

🇺🇸 98.89.204.118

🇸🇪 31.208.220.217

🇺🇸 20.121.139.67

🇺🇸 20.46.250.163

🇩🇪 213.209.159.242

🇬🇧 195.224.191.196

🇺🇸 186.233.184.67

🇪🇸 139.28.190.161

🇺🇸 107.150.98.168

🇹🇼 104.199.176.250

🇺🇸 66.132.172.131