JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.30.254

65.111.30.254 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.30.254

Whois 65.111.30.254

IP Abuse Reports for 65.111.30.254:

This IP address has been reported a total of 25 times from 11 distinct sources. 65.111.30.254 was first reported on July 10th 2024, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 10dencehispahard SL	2026-01-26 12:18:34 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-01-17 04:29:36 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 23:29:29.652220 2026] [security2:error] [pid 1938704:tid 1938704] [client 65.111.30.254:51923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.purelywhimsical.com"] [uri "/.env"] [unique_id "aWsQKakXCp4bD9mwhSfC_wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 01:34:02 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 20:33:59.274228 2026] [security2:error] [pid 7170:tid 7170] [client 65.111.30.254:27361] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.elitehomesfl.com"] [uri "/.env"] [unique_id "aWrnB8XozqJiuFadsLwkcAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 21:50:31 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 16:50:27.860499 2026] [security2:error] [pid 28554:tid 28554] [client 65.111.30.254:40561] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.pawzy.app"] [uri "/.env"] [unique_id "aWqyo39CXYorH1BaoaFKZAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:00:52 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-26 08:23:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 03:23:48.505013 2025] [security2:error] [pid 1000:tid 1000] [client 65.111.30.254:34893] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.brmccarpentry.com"] [uri "/.git/HEAD"] [unique_id "aSa5FEYgBjpwMrLa069H0wAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 07:11:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 02:11:31.486768 2025] [security2:error] [pid 20676:tid 20676] [client 65.111.30.254:59513] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.globalpackets.net"] [uri "/.env"] [unique_id "aSaoI4gNbKYobaN53NGoHQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:22:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:22:04.929012 2025] [security2:error] [pid 3137:tid 3137] [client 65.111.30.254:52565] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sinobit.org"] [uri "/.env"] [unique_id "aSZkTGY3Kh7yNh5lhxe_ggAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:10:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:10:31.854884 2025] [security2:error] [pid 25094:tid 25094] [client 65.111.30.254:43973] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.blue-attitude.net"] [uri "/.env"] [unique_id "aSZTh96iiQ1jxHqWgtI6mAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:41:59 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:41:55.225717 2025] [security2:error] [pid 8838:tid 8838] [client 65.111.30.254:57991] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.uklanor.com"] [uri "/.env"] [unique_id "aSZM0y3f8SqMRNcRhYS-YwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 kumiko	2025-11-26 00:28:58 (6 months ago)	[2025-11-26 02:28:57] Probing for dotfiles "GET /.aws/credentials HTTP/1.1" 301	Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-24 09:38:17 (6 months ago)	Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probin ... show more Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:37:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:37:37.694712 2025] [security2:error] [pid 10788:tid 10788] [client 65.111.30.254:57311] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.carl-fink.name"] [uri "/.git/HEAD"] [unique_id "aSQZUezT9nPN9M49MySsGwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:31:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:31:12.799442 2025] [security2:error] [pid 26410:tid 26410] [client 65.111.30.254:56947] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.barriebrown.com"] [uri "/.git/HEAD"] [unique_id "aSQJwA04z43oIezMHKfiVwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:35:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.30.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:35:49.877168 2025] [security2:error] [pid 21711:tid 21711] [client 65.111.30.254:22847] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.caferutadelaseda.com"] [uri "/.svn/wc.db"] [unique_id "aSP8xf38fXFrmnfE-ETRSAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇩 123.49.60.158

🇨🇳 218.25.89.208

🇳🇱 176.65.139.31

🇭🇰 152.32.170.230

🇧🇬 79.124.62.178

🇺🇦 37.221.159.22

🇻🇪 190.6.32.107

🇺🇦 185.218.138.55

🇫🇮 178.20.210.152

🇨🇳 123.145.3.137

🇧🇩 103.148.74.80

🇳🇬 102.88.137.80

🇩🇪 78.111.67.238

🇺🇸 66.132.195.91

🇺🇸 34.63.156.105

🇪🇸 200.234.227.20

🇸🇬 188.166.246.68

🇳🇱 107.189.27.179

🇩🇪 84.233.195.162

🇩🇪 84.233.195.159