JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.28.102

65.111.28.102 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 36%: ?

36%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.28.102

Whois 65.111.28.102

IP Abuse Reports for 65.111.28.102:

This IP address has been reported a total of 44 times from 25 distinct sources. 65.111.28.102 was first reported on June 27th 2024, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 dtorrer	2026-06-10 21:29:52 (2 hours ago)	Brute-force general attack.	Brute-Force
🇺🇸 lostswordfish.com	2026-06-09 18:38:04 (1 day ago)	Wordfence waf block on ohrsol	Web App Attack
🇫🇷 ELYAZ	2026-06-08 10:04:59 (2 days ago)	(y4) Failed scan -byebye- from 65.111.28.102 (IT/Italy/-): (CF_ENABLE)	Hacking
🇫🇮 JimArchon72	2026-06-07 12:30:04 (3 days ago)	2026/06/07 12:27:46 "GET /wp-login.php?action=register HTTP/1.1"	Web App Attack
🇫🇷 ELYAZ	2026-05-30 17:45:34 (1 week ago)	(y4) Failed scan -byebye- from 65.111.28.102 (IT/Italy/-): (CF_ENABLE)	Hacking
Anonymous	2026-05-29 12:19:49 (1 week ago)	Web attack blocked by Wordfence on kernoverlegsibbe-ijzeren.nl (1 hit). Reported by CRMON.	Web App Attack
🇺🇸 mw	2026-05-08 00:00:48 (1 month ago)	GET http://boatpubs.com/wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings HTTP/1.1	Web App Attack
🇺🇸 TPI-Abuse	2026-01-08 12:43:57 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 08 07:43:49.447549 2026] [security2:error] [pid 26572:tid 26572] [client 65.111.28.102:20185] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "darkestdaysclan.com"] [uri "/.env"] [unique_id "aV-mhcWTcwGe2u-HGeq7vAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-07 16:39:26 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 07 11:39:19.272099 2026] [security2:error] [pid 4028:tid 4028] [client 65.111.28.102:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sistememail.com"] [uri "/.env"] [unique_id "aV6MNw9bt-kHGz6PMFgy6gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Swiptly	2026-01-07 15:56:58 (5 months ago)	Bot scanning for environment files .env .env/\* ...	Web App Attack
Anonymous	2026-01-05 02:08:57 (5 months ago)	65.111.28.102 - - [05/Jan/2026:02:08:57 +0000] "GET /.env HTTP/1.1" 404 397 "-" "Mozilla/5.0 (Window ... show more 65.111.28.102 - - [05/Jan/2026:02:08:57 +0000] "GET /.env HTTP/1.1" 404 397 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" ... show less	Bad Web Bot Web App Attack
Anonymous	2025-12-30 01:40:30 (5 months ago)	2025-12-30T03:40:30.153849+02:00 zanati wp(www.sahpa.co.za)[594277]: Blocked authentication attempt ... show more 2025-12-30T03:40:30.153849+02:00 zanati wp(www.sahpa.co.za)[594277]: Blocked authentication attempt for [email protected] from 65.111.28.102 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:03:47 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:03:41.384245 2025] [security2:error] [pid 7239:tid 7239] [client 65.111.28.102:31997] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scifitimeline.com"] [uri "/.svn/wc.db"] [unique_id "aVH9nXEQRU4dT1LGJbSC9QAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 03:46:38 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 22:46:31.983956 2025] [security2:error] [pid 32666:tid 32666] [client 65.111.28.102:45703] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doctorbalog.com"] [uri "/.env"] [unique_id "aVH5l6bOVjzOXNGUXXLsJgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 01:48:43 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 20:48:36.403937 2025] [security2:error] [pid 17403:tid 17403] [client 65.111.28.102:17339] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jfexpressfr8.com"] [uri "/.env"] [unique_id "aVHd9HvbPWtNfFJKQN9OOQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 186.233.239.126

🇧🇷 179.108.83.130

🇮🇩 163.227.52.50

🇵🇱 144.31.171.99

🇰🇷 123.58.200.120

🇵🇱 109.205.211.117

🇸🇬 103.189.235.176

🇳🇱 64.89.162.55

🇧🇷 45.205.1.243

🇸🇬 8.219.126.236

🇷🇴 2.57.122.103

🇮🇹 2a01:9580:4409:93:9999::201

🇩🇪 213.209.159.227

🇫🇮 185.172.128.37

🇵🇰 153.117.8.157

🇺🇸 147.185.132.96

🇧🇷 136.248.121.226

🇺🇸 113.20.4.9

🇨🇦 66.85.30.4

🇳🇱 45.148.10.157