JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.27.31

65.111.27.31 was found in our database!

This IP was reported 58 times. Confidence of Abuse is 37%: ?

37%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.27.31

Whois 65.111.27.31

IP Abuse Reports for 65.111.27.31:

This IP address has been reported a total of 58 times from 29 distinct sources. 65.111.27.31 was first reported on June 27th 2024, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 ELYAZ	2026-06-30 19:31:03 (2 hours ago)	(y4) Failed scan -byebye- from 65.111.27.31 (TH/Thailand/-): (CF_ENABLE)	Hacking
🇬🇧 poundawebsiteltd	2026-06-29 03:13:18 (1 day ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.27.31 - - [29/Jun/2026:04:13:14 +0100] PO ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.27.31 - - [29/Jun/2026:04:13:14 +0100] POST /wp-login.php HTTP/1.1 503 23833 https://[REDACTED_DOMAIN]/wp-login.php Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 show less	Web App Attack
Anonymous	2026-06-28 07:45:07 (2 days ago)	Web attack blocked by Wordfence on mezzia.nl (1 hit). Reported by CRMON.	Web App Attack
🇫🇷 pm33	2026-06-27 21:54:00 (3 days ago)	Wordpress login attempts	Brute-Force
🇬🇧 PeravixGroup	2026-06-10 15:06:24 (2 weeks ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇺🇸 lostswordfish.com	2026-05-22 20:28:03 (1 month ago)	Wordfence waf block on wp20190711M4	Web App Attack
🇩🇪 F242	2026-05-22 20:05:37 (1 month ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇱🇻 garmtech.com	2026-04-23 15:58:20 (2 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 18-58.65.111.27.31.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 18-58.65.111.27.31.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇩🇪 Lino Project	2026-02-15 11:03:14 (4 months ago)	CrowdSec abuse IP report (host SRV-2) Scenario: crowdsecurity/http-sensitive-files	Hacking
🇺🇸 mnsf	2026-02-15 06:07:56 (4 months ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇦🇺 2000cn.com.au	2026-02-15 05:54:25 (4 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-02-15 05:54:21 (4 months ago)	Try to access /site/.git/config	Web App Attack
🇺🇸 myagent.site	2026-02-15 04:33:48 (4 months ago)	Blocking for trying to access an exploit file: /test/.git/config	Hacking
🇺🇸 TPI-Abuse	2026-02-15 04:26:29 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.27.31 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.27.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:26:24.985887 2026] [security2:error] [pid 18702:tid 18702] [client 65.111.27.31:57407] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "praiseworthy.info"] [uri "/wp/.git/config"] [unique_id "aZFK8L2_3DJsB_GlXaBVdAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 poundawebsiteltd	2026-02-15 04:03:09 (4 months ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 65.111.27.31 - - [15/Feb/2026:04 ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 65.111.27.31 - - [15/Feb/2026:04:03:08 +0000] GET /.git/config HTTP/1.1 403 235 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 show less	Web App Attack

Showing 1 to 15 of 58 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 202.111.183.254

🇵🇱 194.180.49.220

🇲🇾 183.171.49.158

🇺🇸 152.32.182.8

🇹🇷 151.250.56.65

🇫🇮 147.185.133.190

🇳🇱 109.106.244.129

🇺🇸 97.74.6.204

🇺🇸 45.92.229.229

🇻🇪 38.172.174.126

🇰🇼 37.39.185.186

🇲🇰 37.26.96.147

🇵🇸 37.8.80.95

🇺🇸 3.130.168.2

🇰🇷 150.109.241.177

🇺🇸 135.237.125.137

🇦🇪 37.245.203.115

🇦🇪 37.245.164.180

🇰🇼 37.231.193.151

🇧🇾 37.214.21.172