JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.3.180

65.111.3.180 was found in our database!

This IP was reported 78 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.3.180

Whois 65.111.3.180

IP Abuse Reports for 65.111.3.180:

This IP address has been reported a total of 78 times from 24 distinct sources. 65.111.3.180 was first reported on June 28th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇦🇺 oncord	2026-02-26 05:26:51 (3 months ago)	Form spam	Web Spam
🇦🇺 oncord	2026-02-22 11:03:31 (3 months ago)	Form spam	Web Spam
🇱🇻 garmtech.com	2026-02-20 01:40:03 (3 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 03-40.65.111.3.180.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 03-40.65.111.3.180.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇦🇺 oncord	2026-02-17 22:17:06 (4 months ago)	Form spam	Web Spam
🇺🇸 mw	2026-02-16 00:00:19 (4 months ago)	GET /.env.local HTTP/1.1	Web App Attack
🇬🇧 oncord	2026-02-15 22:45:13 (4 months ago)	Form spam	Web Spam
🇳🇱 oisecnet	2026-02-15 22:00:46 (4 months ago)	Automated report: Unauthorized vulnerability scanning detected on 2026-02-15. 24 requests from this ... show more Automated report: Unauthorized vulnerability scanning detected on 2026-02-15. 24 requests from this IP. show less	Brute-Force Web App Attack SSH
🇺🇸 TPI-Abuse	2026-02-15 11:56:42 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.3.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.3.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:56:33.388552 2026] [security2:error] [pid 13790:tid 13790] [client 65.111.3.180:15947] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "serpentstudios.com"] [uri "/config/.env"] [unique_id "aZG0cT-crHeSwbmwIyO_lQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-15 11:47:37 (4 months ago)	[Sun Feb 15 05:47:35.497577 2026] [authz_core:error] [pid 3929:tid 3976] [client 65.111.3.180:18531] ... show more [Sun Feb 15 05:47:35.497577 2026] [authz_core:error] [pid 3929:tid 3976] [client 65.111.3.180:18531] AH01630: client denied by server configuration: /var/www/html/.env [Sun Feb 15 05:47:35.605228 2026] [authz_core:error] [pid 3929:tid 3967] [client 65.111.3.180:18531] AH01630: client denied by server configuration: /var/www/html/.env.production [Sun Feb 15 05:47:35.724011 2026] [authz_core:error] [pid 3929:tid 3958] [client 65.111.3.180:18531] AH01630: client denied by server configuration: /var/www/html/.env.staging [Sun Feb 15 05:47:36.085435 2026] [authz_core:error] [pid 3929:tid 3977] [client 65.111.3.180:18531] AH01630: client denied by server configuration: /var/www/html/.env.save [Sun Feb 15 05:47:36.561842 2026] [authz_core:error] [pid 3929:tid 3966] [client 65.111.3.180:18531] AH01630: client denied by server configuration: /var/www/html/.env.local ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-02-15 11:07:20 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.3.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.3.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:07:12.617437 2026] [security2:error] [pid 4053:tid 4053] [client 65.111.3.180:33077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seizethisseason.com"] [uri "/.env.local"] [unique_id "aZGo4PpcMeQvPs4kr-tF-AAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 XICTRON	2026-02-15 07:05:05 (4 months ago)	ModSecurity rule violation detected by Fail2Ban	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 07:02:04 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.3.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.3.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 02:01:58.578260 2026] [security2:error] [pid 9917:tid 9917] [client 65.111.3.180:45933] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seatbeltstatistics.org"] [uri "/.env"] [unique_id "aZFvZmDxROdW5ki0dmiDFgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 06:35:59 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.3.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.3.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:35:52.042836 2026] [security2:error] [pid 31892:tid 31892] [client 65.111.3.180:27507] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "prospecinspections.com"] [uri "/site/.git/config"] [unique_id "aZFpSEnRigKF7aucLDE8vwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Swiptly	2026-02-15 06:10:33 (4 months ago)	Bot scanning for environment files .env .env/\* ...	Web App Attack

Showing 1 to 15 of 78 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 167.94.145.27

🇿🇦 165.165.110.239

🇲🇾 115.135.197.252

🇮🇳 103.178.253.58

🇱🇦 103.114.147.217

🇻🇳 103.75.183.177

🇳🇱 45.148.10.183

🇺🇸 45.41.160.68

🇺🇸 24.144.84.83

🇵🇰 203.101.186.255

🇩🇪 194.187.176.50

🇵🇾 181.123.62.210

🇳🇱 172.94.9.214

🇵🇹 161.123.131.113

🇫🇷 148.135.254.231

🇮🇹 87.12.222.204

🇺🇸 71.222.19.242

🇧🇷 20.226.32.175

🇺🇸 2607:f8b0:4001:c6a::120

🇺🇸 198.20.191.156