JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.5.81

65.111.5.81 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 18%: ?

18%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.5.81

Whois 65.111.5.81

IP Abuse Reports for 65.111.5.81:

This IP address has been reported a total of 43 times from 19 distinct sources. 65.111.5.81 was first reported on June 27th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-25 03:34:54 (2 days ago)	(mod_security) mod_security (id:900001) triggered by 65.111.5.81 (US/United States/Virginia/Ashburn/ ... show more (mod_security) mod_security (id:900001) triggered by 65.111.5.81 (US/United States/Virginia/Ashburn/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 25 06:34:52.170685 2026] [security2:error] [pid 358185:tid 358297] [client 65.111.5.81:32205] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: villa-izabela.com"] [severity "CRITICAL"] [tag "security"] [hostname "villa-izabela.com"] [uri "/wp-login.php"] [unique_id "ajyh3DpPCootS5mrGd6f4AAAAZY"], referer: https://villa-izabela.com/wp-login.php show less	Port Scan
🇫🇷 Sklurk	2026-06-23 03:46:57 (4 days ago)	Web App Attack	Web App Attack
Anonymous	2026-06-09 00:23:38 (2 weeks ago)	Banned by SPAMHAUS ASN-DROP list (ASN: 200373)	DDoS Attack Hacking Bad Web Bot Web App Attack
Anonymous	2026-04-24 01:21:09 (2 months ago)	Banned by SPAMHAUS ASN-DROP list (ASN: 200373)	DDoS Attack Hacking Bad Web Bot Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (3 months ago)	"DDoS against public endpoint"	DDoS Attack
🇺🇸 TPI-Abuse	2026-03-04 02:13:33 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 03 21:13:26.620634 2026] [security2:error] [pid 29216:tid 29216] [client 65.111.5.81:10119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "damonmarks.com"] [uri "/.svn/wc.db"] [unique_id "aaeVRn3Fvom5ipB04doJbQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 kranem	2026-02-25 06:01:23 (4 months ago)	Triggered Cloudflare WAF from US. Action taken: BLOCK ASN: 200373 (DREI-K-TECH-GMBH) Protocol: HTTP/ ... show more Triggered Cloudflare WAF from US. Action taken: BLOCK ASN: 200373 (DREI-K-TECH-GMBH) Protocol: HTTP/2 (GET method) Endpoint: /login Timestamp: 2026-02-25T04:54:19Z User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15 show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-13 07:28:15 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 02:28:10.191317 2026] [security2:error] [pid 17822:tid 17822] [client 65.111.5.81:51329] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kurikka.eu"] [uri "/api/.env"] [unique_id "aY7SirbyraJbspvI13NA8wAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 06:00:23 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 01:00:19.921147 2026] [security2:error] [pid 2718253:tid 2718253] [client 65.111.5.81:41551] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "konzel.com"] [uri "/.env.local"] [unique_id "aY69846alFrlcErdEkciuAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 05:37:21 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 00:37:16.555336 2026] [security2:error] [pid 23419:tid 23419] [client 65.111.5.81:54743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kofcasamblea442.org"] [uri "/test/.git/config"] [unique_id "aY64jPul9vAdIV4GritDCwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-13 05:06:17 (4 months ago)	Too many Status 40X (12) Scanning/Probing (12)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 04:19:10 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 23:19:03.708341 2026] [security2:error] [pid 2294:tid 2294] [client 65.111.5.81:48569] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "anniversaryprintednapkins.com"] [uri "/.git/config"] [unique_id "aY6mN56JWgJVqgi8BjHCbwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 03:54:16 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 22:54:12.292230 2026] [security2:error] [pid 27676:tid 27676] [client 65.111.5.81:45847] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kinareemagazine.com"] [uri "/.env"] [unique_id "aY6gZH9Rf0JgBJmpZMi6fAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 03:39:01 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 22:38:51.540220 2026] [security2:error] [pid 13383:tid 13383] [client 65.111.5.81:12225] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kidswithcamerasmovie.com"] [uri "/backend/.env"] [unique_id "aY6cy6sOQC0kFQF6I2dSVQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 02:29:24 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.5.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 21:29:16.777058 2026] [security2:error] [pid 1163588:tid 1163588] [client 65.111.5.81:54727] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kellymalone.com"] [uri "/api/.git/config"] [unique_id "aY6MfPBo9W72ReVDwU2sEwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 217.250.183.222

🇪🇸 212.227.154.251

🇹🇼 198.235.24.60

🇺🇸 100.25.120.246

🇧🇬 79.124.56.146

🇧🇿 45.227.254.152

🇺🇸 45.146.54.121

🇺🇸 44.215.210.112

🇳🇱 31.58.51.38

🇺🇸 216.73.163.86

🇸🇪 192.36.109.117

🇮🇳 182.95.51.166

🇺🇸 173.239.224.90

🇦🇷 163.10.17.150

🇲🇦 160.178.206.155

🇧🇪 158.173.67.249

🇧🇪 158.173.67.203

🇺🇸 155.2.191.192

🇨🇳 118.145.104.105

🇨🇦 104.253.66.75