JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.28.167

65.111.28.167 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 32%: ?

32%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.28.167

Whois 65.111.28.167

IP Abuse Reports for 65.111.28.167:

This IP address has been reported a total of 17 times from 12 distinct sources. 65.111.28.167 was first reported on July 7th 2024, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇹 Malta	2026-06-01 18:12:05 (5 days ago)	65.111.28.167 - - [01/Jun/2026:20:12:05 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more 65.111.28.167 - - [01/Jun/2026:20:12:05 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 11.0; Win64; x64; rv:119.0) Gecko/20100101 Firefox/119.0" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇩🇪 FeG Deutschland	2026-05-30 17:28:41 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇫🇷 pm33	2026-05-30 13:47:46 (1 week ago)	Wordpress login attempts	Brute-Force
🇲🇽 octageeks.com	2026-05-27 04:15:04 (1 week ago)	Wordpress malicious attack:[octaflood]	Web App Attack
Anonymous	2026-05-27 01:21:04 (1 week ago)	Web attack blocked by Wordfence on cuypersinvalkenburg.nl (1 hit). Reported by CRMON.	Web App Attack
🇺🇸 TPI-Abuse	2025-12-31 00:53:04 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 19:52:47.928028 2025] [security2:error] [pid 4327:tid 4327] [client 65.111.28.167:54385] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.lsd36.com"] [uri "/.git/HEAD"] [unique_id "aVRz3wH6QHLfvJ5YbtlfaQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-12-30 23:40:00 (5 months ago)	ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/65.111.28.167 202 ... show more ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/65.111.28.167 2025-12-30 15:09:42 /.env show less	Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:02:01 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 11:05:58 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 06:05:52.076064 2025] [security2:error] [pid 31967:tid 31967] [client 65.111.28.167:31621] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "earlyeditionbooks.com"] [uri "/.svn/wc.db"] [unique_id "aVJgkESSGpN0-t4lZr9lvwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 07:34:26 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 02:34:22.043747 2025] [security2:error] [pid 23967:tid 23967] [client 65.111.28.167:35743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trompelart.com"] [uri "/.env"] [unique_id "aVIu_hDwgG-gcjYk_C7jkwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:35:56 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:35:47.788926 2025] [security2:error] [pid 12249:tid 12249] [client 65.111.28.167:17787] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "benefit-design.com"] [uri "/.svn/wc.db"] [unique_id "aVITM9xdgnl1Ns7hSZq7EQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:54:26 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:54:20.557957 2025] [security2:error] [pid 9194:tid 9194] [client 65.111.28.167:51983] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "samanthasomers.com"] [uri "/.env"] [unique_id "aVIJfEYdGo6r0Lr47l_s3wAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 AWW-Admin	2025-10-16 15:37:19 (7 months ago)	(wordpress) Failed wordpress login from 65.111.28.167 (IT/Italy/-)	Brute-Force
🇫🇷 dynamix	2025-10-16 10:32:45 (7 months ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2024-08-17 05:55:29 (1 year ago)	BruteForce IMAP/POP3	Brute-Force

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇾 121.123.141.251

🇸🇬 47.128.42.178

🇩🇪 217.154.173.63

🇮🇳 103.180.213.153

🇨🇳 14.29.214.161

🇺🇸 8.47.97.202

🇧🇬 213.91.179.26

🇺🇸 172.190.89.127

🇩🇪 138.68.110.17

🇸🇾 131.222.211.219

🇰🇷 112.175.29.94

🇶🇦 37.210.247.149

🇷🇴 2.57.122.238

🇺🇸 209.141.46.157

🇮🇱 203.159.81.45

🇨🇳 182.204.181.136

🇫🇷 173.212.228.191

🇲🇾 102.211.234.171

🇮🇹 93.66.124.53

🇩🇪 79.230.149.38