JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.23.46

65.111.23.46 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 42%: ?

42%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.23.46

Whois 65.111.23.46

IP Abuse Reports for 65.111.23.46:

This IP address has been reported a total of 18 times from 14 distinct sources. 65.111.23.46 was first reported on June 28th 2024, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 georgengelmann	2026-06-30 17:46:53 (4 hours ago)	Failed login attempt for root	Brute-Force Web App Attack
Anonymous	2026-06-30 13:21:25 (8 hours ago)	Web attack blocked by Wordfence on gedichtenlangsdegeul.nl (1 hit). Reported by CRMON.	Web App Attack
🇲🇽 octageeks.com	2026-06-30 04:24:35 (17 hours ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇩🇪 iNetWorker	2026-06-29 22:32:51 (23 hours ago)	trolling for resource vulnerabilities	Web App Attack
🇩🇰 ScamAware	2026-06-27 16:36:08 (3 days ago)	Detected by Cloudflare Security Events via WordPress automation. Detection: user_enumeration (WordPr ... show more Detected by Cloudflare Security Events via WordPress automation. Detection: user_enumeration (WordPress user enumeration). Hits from same IP in last 60 minutes: 1. Unique request paths counted internally: 1. Cloudflare action: block. Cloudflare source: firewallCustom. show less	Brute-Force Web App Attack
🇫🇷 Sklurk	2026-06-23 04:42:23 (1 week ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 08:09:07 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.46 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.46 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 03:08:59.312040 2025] [security2:error] [pid 13233:tid 13233] [client 65.111.23.46:60181] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.neoprogrammics.com"] [uri "/.svn/wc.db"] [unique_id "aSa1m0g91CrM74k78cRsgAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-26 03:16:06 (7 months ago)	Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probin ... show more Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:34:42 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.46 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.46 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:34:38.217378 2025] [security2:error] [pid 20732:tid 20732] [client 65.111.23.46:41337] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.jvcsat.com"] [uri "/.git/HEAD"] [unique_id "aSQmrgPjHbfdKQQkNMHUNAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 21:14:42 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.46 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.46 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 17:14:37.450357 2025] [security2:error] [pid 8161:tid 8161] [client 65.111.23.46:50185] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.thesunvegan.com"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aQZ4PZEQHNSXz-Hvnv8tcgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-16 11:59:41 (8 months ago)	WordPress Brute Force	Brute-Force
🇧🇪 cmbplf	2025-10-08 23:22:44 (8 months ago)	2.447 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2025-01-20 14:06:31 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 65.111.23.46 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 65.111.23.46 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 20 09:06:28.380009 2025] [security2:error] [pid 2479:tid 2612] [client 65.111.23.46:35801] [client 65.111.23.46] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|richardleeweatherman.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "richardleeweatherman.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z45YZMABBCCcHHtdrlsZuQAAARE"], referer: https://richardleeweatherman.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 wil.com	2025-01-01 05:54:21 (1 year ago)	GlobalProtect login attempts with user user1.	VPN IP Brute-Force
🇮🇹 Progetto1	2024-12-11 19:41:02 (1 year ago)	Mail - Multiple failed login attempts	Brute-Force Exploited Host

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 185.243.242.161

🇺🇦 159.224.244.103

🇰🇷 116.125.120.27

🇪🇸 68.221.67.111

🇫🇷 62.210.185.4

🇳🇱 45.156.87.147

🇨🇦 45.3.41.239

🇫🇮 178.20.210.151

🇧🇷 177.38.71.226

🇧🇩 110.76.129.88

🇸🇬 107.155.56.47

🇺🇸 20.29.49.134

🇷🇺 188.114.0.66

🇩🇪 138.68.70.45

🇫🇷 130.185.119.23

🇳🇱 104.28.217.139

🇻🇳 103.75.182.108

🇨🇳 60.18.191.67

🇺🇸 45.3.35.227

🇦🇪 5.32.61.6