JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.23.6

65.111.23.6 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 19%: ?

19%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.23.6

Whois 65.111.23.6

IP Abuse Reports for 65.111.23.6:

This IP address has been reported a total of 19 times from 13 distinct sources. 65.111.23.6 was first reported on July 9th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 mrcrassi	2026-05-27 21:56:43 (2 weeks ago)	Triggered Cloudflare WAF (firewallManaged) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET meth ... show more Triggered Cloudflare WAF (firewallManaged) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /wp-config.php.dist UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇦🇺 paulshipley.com.au	2026-05-27 21:21:46 (2 weeks ago)	[Thu May 28 07:21:44.838075 2026] [security2:error] [pid 447035] [client 65.111.23.6:64285] [client ... show more [Thu May 28 07:21:44.838075 2026] [security2:error] [pid 447035] [client 65.111.23.6:64285] [client 65.111.23.6] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "furst.com.au"] [uri "/wp-config.php.bak"] [unique_id "ahdgaE5iuLaTniUxkfk87QAAAAE"] ... show less	Web App Attack
🇱🇻 garmtech.com	2026-05-03 15:36:54 (1 month ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇨🇭 4server	2026-04-30 10:09:50 (1 month ago)	[ThuApr3012:09:47.5996672026][security2:error][pid1974880:tid1975272][client65.111.23.6:0]ModSecurit ... show more [ThuApr3012:09:47.5996672026][security2:error][pid1974880:tid1975272][client65.111.23.6:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"server-privato.com\"][uri\"/\"][unique_id\"afMqa96aSmAiZDrcTVNdWwAAAJA\"] show less	Hacking Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:12 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-09 04:33:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 23:33:06.592802 2025] [security2:error] [pid 16767:tid 16767] [client 65.111.23.6:17299] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chblanchard.com"] [uri "/.svn/wc.db"] [unique_id "aTemgphyIi29T6mimwQIdwAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 15:54:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 10:54:36.476456 2025] [security2:error] [pid 14335:tid 14335] [client 65.111.23.6:38229] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "4115thewestford.com"] [uri "/.env"] [unique_id "aTb0vK9CInfzLzL4GobzogAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 13:14:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 08:14:54.744259 2025] [security2:error] [pid 10047:tid 10047] [client 65.111.23.6:18065] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "enespiral.net"] [uri "/.git/HEAD"] [unique_id "aTQsThAj47ZWJIkqpmnhVwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 02:58:53 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 21:58:47.468840 2025] [security2:error] [pid 27170:tid 27177] [client 65.111.23.6:17559] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "draas.info"] [uri "/.svn/wc.db"] [unique_id "aTOb58qECa93uwD2UtzumgAAAEU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 11:36:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.23.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 06:36:22.405871 2025] [security2:error] [pid 22850:tid 22850] [client 65.111.23.6:58073] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sprektech.com"] [uri "/.git/HEAD"] [unique_id "aTLDtqF0XYP5l44k1BFyJgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2025-10-16 07:07:49 (7 months ago)	WP probing for vulnerabilities	Hacking Exploited Host
🇦🇺 oncord	2025-10-15 17:29:41 (7 months ago)	Form spam	Web Spam
Anonymous	2025-10-13 07:17:47 (7 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇫🇮 tjs	2025-01-30 12:50:00 (1 year ago)	web attack, SQL injection attempt	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.217.163.98

🇺🇸 91.230.168.166

🇺🇸 74.235.100.142

🇺🇸 71.6.134.232

🇺🇸 45.79.92.218

🇺🇸 135.148.217.213

🇺🇸 109.105.210.57

🇮🇳 103.248.120.6

🇨🇳 58.49.26.202

🇳🇱 45.148.10.157

🇯🇵 8.216.16.157

🇩🇪 213.209.159.231

🇭🇰 199.45.155.68

🇳🇱 160.119.71.12

🇹🇼 110.25.110.135

🇫🇷 91.231.89.203

🇫🇮 77.42.47.60

🇩🇪 69.5.169.106

🇷🇴 2.57.121.25

🇺🇸 172.203.134.70