JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.28.214

65.111.28.214 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 41%: ?

41%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.28.214

Whois 65.111.28.214

IP Abuse Reports for 65.111.28.214:

This IP address has been reported a total of 29 times from 17 distinct sources. 65.111.28.214 was first reported on July 12th 2024, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-22 09:00:33 (10 hours ago)	(mod_security) mod_security (id:900001) triggered by 65.111.28.214 (IT/Italy/Lazio/Rome/-/[AS200373 ... show more (mod_security) mod_security (id:900001) triggered by 65.111.28.214 (IT/Italy/Lazio/Rome/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Mon Jun 22 12:00:29.713007 2026] [security2:error] [pid 1934813:tid 1934928] [client 65.111.28.214:53707] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: ions.gr"] [severity "CRITICAL"] [tag "security"] [hostname "ions.gr"] [uri "/wp-login.php"] [unique_id "ajj5rfVHAYoCTqtXWiUiqwAAAIY"], referer: https://ions.gr/wp-login.php show less	Port Scan
🇲🇹 Malta	2026-06-22 03:13:51 (16 hours ago)	65.111.28.214 - - [22/Jun/2026:05:13:50 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh ... show more 65.111.28.214 - - [22/Jun/2026:05:13:50 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1; rv:118.0) Gecko/20100101 Firefox/118.0" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇦🇺 MAGIC	2026-06-20 02:11:08 (2 days ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇫🇷 ELYAZ	2026-06-19 14:29:03 (3 days ago)	(y4) Failed scan -byebye- from 65.111.28.214 (IT/Italy/-): (CF_ENABLE)	Hacking
🇩🇪 FeG Deutschland	2026-06-18 19:47:37 (3 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇫🇷 ELYAZ	2026-05-30 23:45:45 (3 weeks ago)	(y4) Failed scan -byebye- from 65.111.28.214 (IT/Italy/-): (CF_ENABLE)	Hacking
🇺🇸 dtorrer	2026-05-29 21:35:35 (3 weeks ago)	Brute-force general attack.	Brute-Force
Anonymous	2026-05-28 15:56:50 (3 weeks ago)	[ns41.kdns.gr] httpd-login-spray-site: sites=global; logs=/var/log/httpd/access_log; samples=site_wi ... show more [ns41.kdns.gr] httpd-login-spray-site: sites=global; logs=/var/log/httpd/access_log; samples=site_wide=true \| distinct_ips=13 \| /wp-login.php show less	Hacking Web App Attack
🇲🇽 octageeks.com	2026-05-24 04:13:12 (4 weeks ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 oncord	2026-04-06 22:53:42 (2 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2025-11-26 07:13:19 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 02:13:12.874288 2025] [security2:error] [pid 14475:tid 14475] [client 65.111.28.214:48279] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.maidsinmalta.com"] [uri "/.svn/wc.db"] [unique_id "aSaoiA6Uhm5njq3rZWWp_gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:56:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:56:09.337908 2025] [security2:error] [pid 31341:tid 31341] [client 65.111.28.214:41357] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.golflavahotsprings.com"] [uri "/.svn/wc.db"] [unique_id "aSaWeYS2CtJn7fx9L6datAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:16:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:16:22.841900 2025] [security2:error] [pid 4216:tid 4216] [client 65.111.28.214:46671] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kwijlen.com"] [uri "/.git/HEAD"] [unique_id "aSZG1vPr_zoukGi1JmZ1hQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:13:49 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:13:43.913487 2025] [security2:error] [pid 953693:tid 953693] [client 65.111.28.214:15611] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.theklines.net"] [uri "/.env"] [unique_id "aSVXJ4_yJMJFff8sEazJGwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:39:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.28.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:39:42.813801 2025] [security2:error] [pid 28775:tid 28775] [client 65.111.28.214:50975] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.dalessalesandservice.com"] [uri "/.env"] [unique_id "aSVPLnuKU88bRKzJigY4VgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.107

🇺🇸 151.240.109.17

🇫🇷 94.183.188.148

🇺🇸 2a04:c300:400::18a

🇹🇼 198.235.24.87

🇺🇸 162.216.149.139

🇺🇸 100.29.192.26

🇩🇪 46.101.216.224

🇸🇬 43.172.198.83

🇷🇴 2.57.121.112

🇺🇿 213.230.87.129

🇮🇩 163.7.7.139

🇷🇴 80.94.92.182

🇳🇱 45.148.10.152

🇨🇳 42.49.50.247

🇺🇸 20.83.167.33

🇺🇸 205.210.31.71

🇳🇱 203.55.131.5

🇨🇳 183.199.195.121

🇹🇭 147.50.231.135