JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.27.141

65.111.27.141 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.27.141

Whois 65.111.27.141

IP Abuse Reports for 65.111.27.141:

This IP address has been reported a total of 24 times from 14 distinct sources. 65.111.27.141 was first reported on July 12th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 oncord	2026-03-08 22:56:36 (2 months ago)	Form spam	Web Spam
Anonymous	2026-02-25 13:13:53 (3 months ago)	"POST /xmlrpc.php HTTP/1.1"	Hacking Web App Attack
🇦🇺 oncord	2026-02-18 12:03:25 (3 months ago)	Form spam	Web Spam
🇦🇺 oncord	2026-02-14 09:21:33 (3 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-02-09 21:21:05 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 16:20:41.691839 2026] [security2:error] [pid 26886:tid 26886] [client 65.111.27.141:55435] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "garanzuayrec.com"] [uri "/backup/.git/config"] [unique_id "aYpPqfVUsYFmfkqbCffKvQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 19:55:34 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 14:55:26.384935 2026] [security2:error] [pid 9898:tid 9898] [client 65.111.27.141:25163] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gainow.net"] [uri "/dev/.git/config"] [unique_id "aYo7rrNK_C5KUd8AtGNFwwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-09 18:25:43 (3 months ago)	Blocking for trying to access an exploit file: /app/.env	Hacking
🇺🇸 TPI-Abuse	2026-02-09 16:27:10 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 11:27:04.399854 2026] [security2:error] [pid 1171790:tid 1171790] [client 65.111.27.141:44015] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftiptondds.com"] [uri "/.env"] [unique_id "aYoK2A2zifNoXuM2Es1XCwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 10:13:24 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 05:13:19.093256 2026] [security2:error] [pid 12725:tid 12725] [client 65.111.27.141:14131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gabver.com"] [uri "/config/.env"] [unique_id "aYmzPxKvA6am9T47XFROBwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 04:40:01 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 08 23:39:58.172118 2026] [security2:error] [pid 13799:tid 13799] [client 65.111.27.141:21251] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fulshearlocal.com"] [uri "/api/.git/config"] [unique_id "aYllHrnJympnEqwcg7rFZwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HERA - Operations	2026-01-15 09:47:31 (4 months ago)	club-herrmann - searching for vulnerable scripts: .env 2026/01/15 10:47:31	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:43:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:43:40.814882 2025] [security2:error] [pid 14682:tid 14682] [client 65.111.27.141:59441] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.auguststoten.com"] [uri "/.svn/wc.db"] [unique_id "aSP-nJjmiqmJmfLLFPzr8gAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:07:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.27.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:06:58.167024 2025] [security2:error] [pid 20818:tid 20818] [client 65.111.27.141:33983] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.modalguitarist.com"] [uri "/.env"] [unique_id "aSPZ4v5Z6BZpfU3UCh3M4QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-07 20:17:12 (6 months ago)		Bad Web Bot Web App Attack
Anonymous	2025-11-02 16:14:27 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 06:47:51	Port Scan Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.119

🇰🇷 183.104.26.197

🇦🇪 165.154.12.9

🇮🇳 154.84.242.115

🇳🇿 121.73.168.56

🇧🇩 103.204.210.114

🇳🇱 193.176.31.152

🇧🇷 177.104.171.149

🇨🇳 113.221.39.62

🇨🇳 111.61.175.117

🇨🇳 109.244.96.105

🇱🇹 81.30.98.144

🇧🇬 78.128.114.118

🇳🇱 45.198.224.114

🇷🇴 2.57.122.177

🇧🇪 198.235.24.232

🇹🇼 198.235.24.48

🇳🇱 193.176.31.148

🇲🇽 187.174.143.179

🇨🇳 180.115.74.139