JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.24.104

65.111.24.104 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 30%: ?

30%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.24.104

Whois 65.111.24.104

IP Abuse Reports for 65.111.24.104:

This IP address has been reported a total of 25 times from 18 distinct sources. 65.111.24.104 was first reported on June 28th 2024, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-23 18:15:21 (3 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 LSPCCU	2026-06-16 07:43:26 (1 week ago)	TSEC Honeypot Network report. Threat score: 66/100. Categories: Port Scan, Hacking, Brute-Force, Web ... show more TSEC Honeypot Network report. Threat score: 66/100. Categories: Port Scan, Hacking, Brute-Force, Web App Attack, SSH. Honeypot: ssh-telnet, cowrie. Context: 65. show less	Port Scan Hacking Brute-Force Web App Attack SSH
🇫🇷 Sklurk	2026-06-16 01:21:06 (1 week ago)	Web App Attack	Web App Attack
🇩🇪 Holger	2026-06-14 08:12:51 (1 week ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇩🇪 Bedios GmbH	2026-06-10 17:18:24 (2 weeks ago)	SQL backup theft attempt	Hacking
🇩🇪 4server	2026-04-21 13:45:53 (2 months ago)	[TueApr2115:45:47.9660972026][security2:error][pid3025243:tid3025334][client65.111.24.104:0]ModSecur ... show more [TueApr2115:45:47.9660972026][security2:error][pid3025243:tid3025334][client65.111.24.104:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"agilityrossoblu.ch\"][uri\"/mysql.sql\"][unique_id\"aed_i2R1Z2zCLsvvYp9nWgAAAE4\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 FeG Deutschland	2026-04-19 12:50:49 (2 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
Anonymous	2026-01-05 20:28:28 (5 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2026.01.05 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
🇧🇪 madeit	2025-11-27 12:14:46 (7 months ago)		Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:28:11 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.24.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.24.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:28:02.700959 2025] [security2:error] [pid 5071:tid 5071] [client 65.111.24.104:17285] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blackweddingnapkins.com"] [uri "/.svn/wc.db"] [unique_id "aSQlIv4LyuXIV_ael2ZdfwAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:59:43 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.24.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.24.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:58:59.398346 2025] [security2:error] [pid 3318004:tid 3318004] [client 65.111.24.104:54077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.aden.us"] [uri "/.svn/wc.db"] [unique_id "aSPmE3sMb0xu9bozjWuPuQAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:31:47 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.24.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.24.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:31:41.445031 2025] [security2:error] [pid 27410:tid 27410] [client 65.111.24.104:20063] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.endriss.info"] [uri "/.svn/wc.db"] [unique_id "aSPfrZZp3zBqorZe8_4rFwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-13 18:09:57 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/13 12:07:20	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-11-02 15:04:18 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:36:38	Port Scan Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-11-02 01:15:46 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 65.111.24.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 65.111.24.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 21:15:40.452583 2025] [security2:error] [pid 28626:tid 28626] [client 65.111.24.104:13877] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|333w88.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "333w88.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQawvEONvJ3egktH4uXlAgAAABE"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 120.195.35.240

🇺🇦 77.52.212.182

🇨🇳 61.180.193.36

🇷🇺 188.170.76.248

🇵🇸 188.161.146.96

🇳🇱 176.65.149.236

🇺🇸 146.88.240.71

🇫🇷 146.70.194.246

🇨🇳 123.123.204.152

🇮🇳 103.146.233.187

🇨🇿 92.62.233.214

🇹🇷 78.174.68.119

🇮🇩 36.95.232.73

🇺🇸 13.220.39.244

🇷🇴 2.57.121.25

🇦🇷 190.181.99.141

🇮🇱 176.229.128.166

🇮🇩 163.7.6.41

🇮🇳 152.52.198.42

🇨🇳 101.201.155.141