JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.28.143

65.111.28.143 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 32%: ?

32%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.28.143

Whois 65.111.28.143

IP Abuse Reports for 65.111.28.143:

This IP address has been reported a total of 21 times from 12 distinct sources. 65.111.28.143 was first reported on June 27th 2024, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-22 09:06:04 (16 hours ago)	(mod_security) mod_security (id:900001) triggered by 65.111.28.143 (IT/Italy/Lazio/Rome/-/[AS200373 ... show more (mod_security) mod_security (id:900001) triggered by 65.111.28.143 (IT/Italy/Lazio/Rome/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Mon Jun 22 12:06:03.148333 2026] [security2:error] [pid 1934718:tid 1934899] [client 65.111.28.143:10375] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: ions.gr"] [severity "CRITICAL"] [tag "security"] [hostname "ions.gr"] [uri "/wp-login.php"] [unique_id "ajj6-559dcPKThU2ezBwZQAAANI"], referer: https://ions.gr/wp-login.php show less	Port Scan
🇲🇽 octageeks.com	2026-06-22 04:06:42 (21 hours ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇫🇷 pm33	2026-06-21 00:51:44 (2 days ago)	Wordpress login attempts	Brute-Force
🇩🇪 F242	2026-06-20 11:25:44 (2 days ago)	Wordpress Login or XMLRPC abuse	Web App Attack
Anonymous	2026-06-20 02:27:04 (2 days ago)	[da.kdns.gr] httpd-login-spray-site: sites=vougioukas-texniki.gr; logs=/var/log/httpd/domains/vougio ... show more [da.kdns.gr] httpd-login-spray-site: sites=vougioukas-texniki.gr; logs=/var/log/httpd/domains/vougioukas-texniki.gr.log; samples=site_wide=true \| distinct_ips=17 \| /wp-login.php show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:08:04 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:07:58.847567 2025] [security2:error] [pid 31154:tid 31154] [client 65.111.28.143:12001] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "keystonebrass.com"] [uri "/.svn/wc.db"] [unique_id "aVIMriNZy-8-tuJbTHMjgAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:35:58 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:35:52.317236 2025] [security2:error] [pid 6746:tid 6746] [client 65.111.28.143:43695] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "desarrollosdecolima.com"] [uri "/.svn/wc.db"] [unique_id "aVIFKIOPqjG2aPk_04SBTgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 20:01:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 15:01:33.456224 2025] [security2:error] [pid 10115:tid 10115] [client 65.111.28.143:35791] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lakependoreillemobility.com"] [uri "/.env"] [unique_id "aTiAHWeKjy4m9jmTp1ltnwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-07 20:45:36 (6 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 TPI-Abuse	2025-12-07 14:09:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 09:09:16.411338 2025] [security2:error] [pid 31241:tid 31241] [client 65.111.28.143:31283] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "midcityrotary.org"] [uri "/.git/HEAD"] [unique_id "aTWKjKshjtaynLZjR1K5kgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2025-12-06 22:59:36 (6 months ago)	Auto-ban: >3000 req/min op 2025-12-06	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-12-05 16:05:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 11:05:20.055033 2025] [security2:error] [pid 16199:tid 16199] [client 65.111.28.143:36437] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "taniagedik.com"] [uri "/.git/HEAD"] [unique_id "aTMCwMbGq2fhDrxfjfHnOAAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 08:37:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 03:37:54.829536 2025] [security2:error] [pid 4944:tid 4944] [client 65.111.28.143:38535] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "acmeradar.com"] [uri "/.env"] [unique_id "aTKZ4rd5j2aBwapbt4e6VgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:11:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:11:16.911550 2025] [security2:error] [pid 23853:tid 23853] [client 65.111.28.143:38577] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.chrismcc.com"] [uri "/.env"] [unique_id "aSZv1JgY_q-1zmh6o7VQIgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-26 01:39:38 (6 months ago)	Malicious activity detected	Hacking Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇨 196.251.121.149

🇱🇻 196.196.53.28

🇳🇱 185.246.155.234

🇳🇱 176.65.139.181

🇹🇭 147.50.231.135

🇺🇸 136.144.35.202

🇵🇱 77.83.246.97

🇸🇬 43.160.200.19

🇭🇰 42.200.78.166

🇪🇸 5.182.83.231

🇬🇧 217.146.80.101

🇪🇸 212.166.149.142

🇰🇷 211.253.31.30

🇺🇸 205.210.31.83

🇮🇳 193.203.160.216

🇳🇱 192.109.200.225

🇳🇱 192.42.116.59

🇲🇽 186.96.158.180

🇬🇧 185.247.137.105

🇨🇳 180.106.80.16