JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.28.193

65.111.28.193 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 15%: ?

15%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.28.193

Whois 65.111.28.193

IP Abuse Reports for 65.111.28.193:

This IP address has been reported a total of 19 times from 13 distinct sources. 65.111.28.193 was first reported on June 26th 2024, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 ELYAZ	2026-06-20 20:27:32 (9 hours ago)	(y4) Failed scan -byebye- from 65.111.28.193 (IT/Italy/-): (CF_ENABLE)	Hacking
🇩🇪 4server	2026-06-19 15:22:39 (1 day ago)	[FriJun1917:22:36.2460692026][security2:error][pid2406922:tid2407041][client65.111.28.193:0]ModSecur ... show more [FriJun1917:22:36.2460692026][security2:error][pid2406922:tid2407041][client65.111.28.193:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"studio-portale.ch\"][uri\"/wp-login.php\"][unique_id\"ajVevGhsOIIUJpduVwqjIAAAAQs\"]\,referer:https://studio-portale.ch/wp-login.php show less	Port Scan Brute-Force Web App Attack
🇵🇱 nfsec.pl	2026-01-22 04:17:39 (4 months ago)	65.111.28.193 - - [22/Jan/2026:04:17:36 +0000] "GET /index.php?option=com_search&searchword=%20atak& ... show more 65.111.28.193 - - [22/Jan/2026:04:17:36 +0000] "GET /index.php?option=com_search&searchword=%20atak&searchphrase=exact%60%20WHERE%201221%3D1221%20OR%20CHAR%28107%29%7C%7CCHAR%28114%29%7C%7CCHAR%2870%29%7C%7CCHAR%2871%29%3DREGEXP_SUBSTRING%28REPEAT%28RIGHT%28CHAR%288393%29%2C0%29%2C5000000000%29%2CNULL%29--%20lhzg&ordering=newest HTTP/1.1" 403 5840 "-" "Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 65.111.28.193 - - [22/Jan/2026:04:17:37 +0000] "GET /index.php?option=com_search&searchword=%20atak&searchphrase=exact%60%29%20WHERE%204889%3D4889%20OR%20CHAR%28107%29%7C%7CCHAR%28114%29%7C%7CCHAR%2870%29%7C%7CCHAR%2871%29%3DREGEXP_SUBSTRING%28REPEAT%28RIGHT%28CHAR%288393%29%2C0%29%2C5000000000%29%2CNULL%29--%20Qjii&ordering=newest HTTP/1.1" 403 5840 "-" "Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 65.111.28.193 - - [22/Jan/2026:04:17:37 +0000] "GET /index. ... show less	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 06:39:40 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:39:33.241300 2025] [security2:error] [pid 25030:tid 25030] [client 65.111.28.193:55219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "frogmouthatx.com"] [uri "/.git/HEAD"] [unique_id "aVIiJRvqZcqrfEDSI0DiEQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:18:37 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:18:32.671320 2025] [security2:error] [pid 28530:tid 28530] [client 65.111.28.193:13701] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "engravingbyangela.com"] [uri "/.svn/wc.db"] [unique_id "aVIPKPbU3ZgUQ0vr_YXorAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:15:28 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:15:24.310041 2025] [security2:error] [pid 1845:tid 1845] [client 65.111.28.193:36267] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "icansayit.com"] [uri "/.svn/wc.db"] [unique_id "aVIAXKLhX7Ij2_TiwbopbAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 23:51:10 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 18:51:05.341051 2025] [security2:error] [pid 27846:tid 27846] [client 65.111.28.193:34835] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "roguetechhub.com"] [uri "/.svn/wc.db"] [unique_id "aVBw6UZARzQYzE4A2BsFxgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 21:36:03 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 16:35:58.473619 2025] [security2:error] [pid 31854:tid 31854] [client 65.111.28.193:60701] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thegolfhole.com"] [uri "/.env"] [unique_id "aVBRPiWJZZEwLIFOb3BfTgAAACs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 20:31:46 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.193 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 15:31:41.506577 2025] [security2:error] [pid 25566:tid 25566] [client 65.111.28.193:24287] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dorismitchell.com"] [uri "/.git/HEAD"] [unique_id "aVBCLfwC3mTvpXi7BGvU1QAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-27 14:34:26 (5 months ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
Anonymous	2025-12-27 13:18:13 (5 months ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇮🇹 LTM	2025-12-27 07:20:02 (5 months ago)	WebServer - Attempts to exploit	Hacking Brute-Force Web App Attack
Anonymous	2025-11-14 14:59:24 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/14 08:57:11	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-11-02 14:57:30 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 06:58:11	Port Scan Brute-Force Exploited Host Web App Attack
🇩🇪 Bigbear3	2025-10-27 02:04:56 (7 months ago)	Report-by-bigbear3	Brute-Force SSH

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 159.89.172.199

🇺🇸 147.185.132.42

🇮🇳 122.179.11.120

🇨🇦 85.217.149.50

🇯🇵 45.43.60.220

🇺🇸 216.25.89.82

🇪🇹 196.190.180.18

🇵🇪 190.119.63.81

🇸🇬 185.200.116.43

🇺🇸 147.185.132.50

🇭🇰 118.193.47.155

🇷🇴 92.118.39.227

🇷🇴 92.118.39.225

🇩🇪 87.106.204.59

🇱🇹 81.30.98.44

🇺🇸 69.116.113.163

🇺🇸 50.38.134.17

🇸🇬 47.84.137.6

🇷🇴 2.57.122.238

🇰🇷 1.241.64.237