JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.4.248

65.111.4.248 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.4.248

Whois 65.111.4.248

IP Abuse Reports for 65.111.4.248:

This IP address has been reported a total of 26 times from 16 distinct sources. 65.111.4.248 was first reported on June 28th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-04-30 03:37:36 (1 month ago)	Forum/form spam	Web Spam
Anonymous	2026-03-24 07:36:21 (2 months ago)	Forum/form spam	Web Spam
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:26 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇪🇸 10dencehispahard SL	2025-12-03 07:39:32 (6 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
Anonymous	2025-11-30 02:53:03 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-26 08:49:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 03:49:04.783004 2025] [security2:error] [pid 28596:tid 28596] [client 65.111.4.248:40789] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kneupper.com"] [uri "/.svn/wc.db"] [unique_id "aSa_AJO_H7hJamcogKgSEQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 07:32:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 02:32:17.683832 2025] [security2:error] [pid 2488:tid 2488] [client 65.111.4.248:52111] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.running.boens.org"] [uri "/.svn/wc.db"] [unique_id "aSatAQfqOI-1t4tTPDxpmgAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:42:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:42:39.591779 2025] [security2:error] [pid 3365543:tid 3365666] [client 65.111.4.248:59989] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.sasintegrated.com"] [uri "/.env"] [unique_id "aSZM_2zJ-U6IElkF6xMgOQAAAdE"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-24 18:45:39 (6 months ago)	Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probin ... show more Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:38:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:37:54.196438 2025] [security2:error] [pid 7032:tid 7032] [client 65.111.4.248:54089] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.gp-cm.com"] [uri "/.env"] [unique_id "aSQZYn-4ikkZC7g53drqCwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 06:11:11 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇺🇸 techboy117	2025-11-14 00:26:07 (6 months ago)	Blocking due to password spraying.	Brute-Force
🇺🇸 TPI-Abuse	2025-11-12 04:59:47 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 11 23:59:43.042074 2025] [security2:error] [pid 15614:tid 15614] [client 65.111.4.248:44239] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.sunshinenv.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.sunshinenv.com"] [uri "/s3cmd.ini"] [unique_id "aRQUP16rj8FoNJG-gohZbgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-11 00:05:00 (6 months ago)	(mod_security) mod_security (id:210831) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 65.111.4.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 10 19:04:53.359482 2025] [security2:error] [pid 11963:tid 11978] [client 65.111.4.248:38555] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.jasperfoothills.alabamacentralrailroad.com\|F\|4"] [data "EmailWolf"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jasperfoothills.alabamacentralrailroad.com"] [uri "/s3cmd.ini"] [unique_id "aRJ9pVm6Zo-4ZkhDsyoJCQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-01 21:25:54 (7 months ago)	[redacted] 65.111.4.248 - - [01/Nov/2025:22:25:42 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mo ... show more [redacted] 65.111.4.248 - - [01/Nov/2025:22:25:42 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0" [redacted] 65.111.4.248 - - [01/Nov/2025:22:25:43 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2" [redacted] 65.111.4.248 - - [01/Nov/2025:22:25:45 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" [redacted] 65.111.4.248 - - [01/Nov/2025:22:25:46 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1" [redacted] 65.111.4.248 - - [01/Nov/2025:22:25:47 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Lin ... show less	Hacking Web App Attack

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 174.35.25.181

🇺🇸 147.182.183.153

🇺🇸 88.223.84.182

🇷🇴 80.94.92.165

🇸🇬 43.156.136.152

🇧🇴 181.115.167.198

🇩🇪 152.53.22.186

🇰🇷 121.161.242.168

🇨🇳 116.207.127.158

🇭🇰 101.36.111.119

🇸🇬 34.87.42.171

🇹🇭 202.29.236.76

🇲🇽 189.203.103.93

🇮🇳 182.95.116.118

🇬🇧 91.108.97.247

🇬🇧 81.99.77.146

🇱🇹 81.30.98.144

🇳🇱 45.148.146.52

🇷🇴 2.57.121.112

🇧🇷 179.126.53.65