JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.28.148

65.111.28.148 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.28.148

Whois 65.111.28.148

IP Abuse Reports for 65.111.28.148:

This IP address has been reported a total of 17 times from 8 distinct sources. 65.111.28.148 was first reported on July 6th 2024, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2025-12-30 23:41:56 (5 months ago)	Blocked by UFW (TCP on 80) Source port: 31579 TTL: 52 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 80) Source port: 31579 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 65.111.28.148) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2025-12-30 10:21:54 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 05:21:40.253531 2025] [security2:error] [pid 16427:tid 16427] [client 65.111.28.148:25243] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.dodgersboosterclub.com"] [uri "/.svn/wc.db"] [unique_id "aVOntIvqYx-5HEJgAK1nxwAAACo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Vegascosmetics	2025-12-29 22:50:25 (5 months ago)	Kingcopy(AI-IDS):IP does Multiple AWS Environment Abuse	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 09:15:25 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 04:15:17.689789 2025] [security2:error] [pid 23665:tid 23665] [client 65.111.28.148:34723] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gictd.com"] [uri "/.svn/wc.db"] [unique_id "aVJGpfKJL7N9gN19YBmKXQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 08:54:50 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 03:54:43.263117 2025] [security2:error] [pid 11014:tid 11014] [client 65.111.28.148:19289] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hayrun.com"] [uri "/.git/HEAD"] [unique_id "aVJB01-pozzBd_z4SA0hfQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 08:17:15 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 03:17:08.770964 2025] [security2:error] [pid 31904:tid 31904] [client 65.111.28.148:34959] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "franknash.com"] [uri "/.env"] [unique_id "aVI5BE_ZXzmjRW_CupGtpQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 06:55:03 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:54:59.880695 2025] [security2:error] [pid 14910:tid 14910] [client 65.111.28.148:53583] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "robertseyewear.com"] [uri "/.git/HEAD"] [unique_id "aVIlw5JYslUvDLwT8b2uHgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 06:17:08 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:17:02.696520 2025] [security2:error] [pid 2657969:tid 2657981] [client 65.111.28.148:49661] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "secretdecoded.com"] [uri "/.env"] [unique_id "aVIc3poqqgnjHSV2TaReGQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-29 05:46:46 (5 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 TPI-Abuse	2025-12-29 05:16:58 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:16:51.533024 2025] [security2:error] [pid 27980:tid 27980] [client 65.111.28.148:55647] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mdsshop.com"] [uri "/.svn/wc.db"] [unique_id "aVIOw4kooOZOnoG3OVdrJwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:51:36 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:51:31.232451 2025] [security2:error] [pid 7666:tid 7666] [client 65.111.28.148:20731] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "martinez-morera.com"] [uri "/.svn/wc.db"] [unique_id "aVII01MAi2zqG8UpAKXvtwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Burayot	2025-12-29 04:29:44 (5 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 65.111.28.148 (IT/Italy/-): 1 in th ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 65.111.28.148 (IT/Italy/-): 1 in the last 3600 secs show less	Web App Attack
Anonymous	2025-11-19 21:10:31 (6 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-02-27 22:27:06 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 65.111.28.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 17:26:59.403065 2025] [security2:error] [pid 2730135:tid 2730135] [client 65.111.28.148:22891] [client 65.111.28.148] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|taacorp.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "taacorp.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z8Dms_NymIfhUiL7Yk6uQAAAAAY"], referer: https://taacorp.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 lp	2024-11-25 12:03:10 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 65.111.28.148 2024-11-25T12:05:25+01: ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 65.111.28.148 2024-11-25T12:05:25+01:00 vpn Access-Reject 'heglasa' station: 65.111.28.148 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 115.190.160.80

🇺🇸 20.85.246.45

🇳🇱 176.65.139.236

🇨🇿 172.68.213.239

🇻🇳 160.250.186.220

🇳🇱 89.125.61.90

🇺🇸 172.71.203.121

🇺🇸 162.216.150.205

🇭🇰 103.52.153.215

🇹🇿 41.59.156.9

🇻🇳 14.180.128.169

🇳🇱 2.58.56.131

🇷🇴 2.57.121.25

🇺🇸 216.25.89.132

🇨🇳 203.76.241.18

🇫🇮 157.240.205.174

🇸🇬 139.99.52.218

🇨🇳 116.76.24.14

🇺🇸 104.28.213.40

🇩🇪 69.5.169.13