JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.3.203

65.111.3.203 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 16%: ?

16%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.3.203

Whois 65.111.3.203

IP Abuse Reports for 65.111.3.203:

This IP address has been reported a total of 38 times from 16 distinct sources. 65.111.3.203 was first reported on July 9th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 4server	2026-05-20 09:48:28 (3 weeks ago)	[WedMay2011:48:19.2542652026][security2:error][pid1599421:tid1599457][client65.111.3.203:0]ModSecuri ... show more [WedMay2011:48:19.2542652026][security2:error][pid1599421:tid1599457][client65.111.3.203:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:10\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.gamotors.ch\"][uri\"/.aws/credentials\"][unique_id\"ag2DY_IFt6QhE7Fpvk6jRAAAAMU\"] show less	Hacking Web App Attack
Anonymous	2026-04-30 01:10:02 (1 month ago)	suspicious request in access.log	Web App Attack
🇳🇱 homeshowdomain.nl	2026-04-29 22:08:43 (1 month ago)	Auto-ban: >3000 req/min op 2026-04-29	Web App Attack SSH Hacking
🇨🇳 ThreatBook.io	2026-04-23 23:48:17 (1 month ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/65.111.3.203 2026-04-23 06: ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/65.111.3.203 2026-04-23 06:44:49 /static/ 2026-04-23 06:44:47 / 2026-04-23 06:48:35 /static/ show less	Web App Attack
🇵🇱 sefinek.net	2026-01-02 19:08:46 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.svn/wc.db UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇮🇹 VHosting	2025-12-24 06:10:39 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
Anonymous	2025-12-22 14:40:34 (5 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-12-09 10:07:18 (6 months ago)	botnet	DDoS Attack
🇩🇪 Packets-Decreaser.NET	2025-11-30 13:09:57 (6 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-29 01:48:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 20:48:37.950841 2025] [security2:error] [pid 19301:tid 19301] [client 65.111.3.203:47199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "abundancecompany.com"] [uri "/.env.development"] [unique_id "aSpQ9Rcgwh8dFpiYlqapywAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 Gem	2025-11-28 23:12:28 (6 months ago)	Unauthorized web scan.	Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 13:47:02 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 08:46:55.114780 2025] [security2:error] [pid 11015:tid 11015] [client 65.111.3.203:37641] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.amazinghydraulics.com"] [uri "/wp-config.php.bak"] [unique_id "aSmnzxXcA-kvNP6tYUum8QAAAAM"], referer: http://amazingfittings.com/wp-config.php.bak show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 17:05:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 12:05:22.199803 2025] [security2:error] [pid 12796:tid 12796] [client 65.111.3.203:56363] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fundaciondamashcc.org.ec"] [uri "/.env"] [unique_id "aSczUmjaGALYcugYTRWQawAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:23:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:23:06.260094 2025] [security2:error] [pid 10665:tid 10665] [client 65.111.3.203:33975] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.globalhotels.com.co"] [uri "/.svn/wc.db"] [unique_id "aSVZWo3Pd9jGRVPVRKmUdAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:38:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.3.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:38:40.022936 2025] [security2:error] [pid 21608:tid 21608] [client 65.111.3.203:32865] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.friedasbookfinds.com"] [uri "/.env"] [unique_id "aSVO8D_ETgikqVu1rMVqpwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 152.32.209.166

🇨🇳 120.232.0.21

🇨🇳 106.38.205.224

🇳🇬 102.91.93.17

🇲🇽 98.98.33.36

🇳🇱 91.92.40.11

🇫🇷 85.217.140.3

🇮🇹 83.224.177.45

🇧🇷 45.205.1.243

🇨🇳 221.12.37.6

🇬🇧 193.163.125.203

🇮🇶 185.166.25.150

🇺🇸 185.61.219.128

🇧🇩 182.48.68.82

🇮🇹 172.253.13.155

🇮🇳 154.84.242.115

🇻🇳 103.7.41.117

🇻🇳 14.225.7.70

🇷🇺 2.63.211.145

🇧🇷 179.83.134.101