JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.4.137

65.111.4.137 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 15%: ?

15%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.4.137

Whois 65.111.4.137

IP Abuse Reports for 65.111.4.137:

This IP address has been reported a total of 30 times from 13 distinct sources. 65.111.4.137 was first reported on July 6th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-30 19:21:30 (2 weeks ago)	[ssd5.kdns.gr] httpd-login-spray-site: sites=e-anastasiadis.gr; logs=/var/log/httpd/domains/e-anasta ... show more [ssd5.kdns.gr] httpd-login-spray-site: sites=e-anastasiadis.gr; logs=/var/log/httpd/domains/e-anastasiadis.gr.log; samples=site_wide=true \| distinct_ips=64 \| /wp-login.php show less	Hacking Web App Attack
🇱🇻 garmtech.com	2026-05-27 23:50:59 (3 weeks ago)	IM360 WAF: Prohibited WordPress username login/registration	Web App Attack
🇪🇸 librebit	2026-05-17 03:59:36 (1 month ago)	Brute force	Brute-Force
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
Anonymous	2025-12-02 09:40:56 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-26 12:40:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 07:40:17.215687 2025] [security2:error] [pid 2382:tid 2382] [client 65.111.4.137:17979] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.asbechiro.com"] [uri "/.svn/wc.db"] [unique_id "aSb1McOc40Jc58eF75rq4QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 11:57:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:56:53.081451 2025] [security2:error] [pid 9469:tid 9469] [client 65.111.4.137:50485] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.anatolyaleksin.com"] [uri "/.svn/wc.db"] [unique_id "aSbrBXj57BGbHn84Pnjr8wAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 04:26:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 23:26:37.505652 2025] [security2:error] [pid 2907:tid 2907] [client 65.111.4.137:43507] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.jbservicesinc.net"] [uri "/.git/HEAD"] [unique_id "aSaBfZxnTDiLnWyGQMwtXgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:18:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:18:10.223121 2025] [security2:error] [pid 14115:tid 14115] [client 65.111.4.137:31579] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.blastjet.gulftelecom.com"] [uri "/.env"] [unique_id "aSZxctzZSRDr349zxOSJpAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:13:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:13:10.918376 2025] [security2:error] [pid 3365544:tid 3365628] [client 65.111.4.137:60743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.dreyerlabs.com"] [uri "/.env"] [unique_id "aSZUJp6gyU3zOv0h7a5iYAAAAgY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:31:02 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:30:53.755909 2025] [security2:error] [pid 24068:tid 24068] [client 65.111.4.137:26943] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.paintedoverwhite.com"] [uri "/.env"] [unique_id "aSQXvVRG4E641ZzDQ-pHVQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-24 03:55:08 (6 months ago)	Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing ... show more Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing. show less	Web App Attack
Anonymous	2025-11-14 16:28:57 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-02 18:24:35 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:22:17	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-10-18 12:28:01 (8 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.18 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.18 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 30 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 35.203.210.132

🇺🇸 199.48.128.86

🇺🇸 172.253.0.20

🇨🇦 85.217.149.53

🇺🇦 194.42.205.100

🇫🇮 178.20.210.208

🇳🇱 176.65.139.85

🇭🇰 119.28.72.111

🇮🇳 106.214.8.44

🇮🇩 103.165.195.130

🇱🇹 45.227.254.170

🇬🇧 35.203.211.226

🇭🇰 194.187.178.124

🇺🇸 162.216.149.36

🇮🇳 152.32.158.219

🇧🇬 151.237.115.208

🇩🇪 138.199.236.179

🇮🇳 103.84.236.222

🇺🇸 98.85.224.54

🇩🇪 68.183.212.68