JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.6.157

65.111.6.157 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 2%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.6.157

Whois 65.111.6.157

IP Abuse Reports for 65.111.6.157:

This IP address has been reported a total of 21 times from 11 distinct sources. 65.111.6.157 was first reported on June 28th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-05-23 10:56:20 (1 week ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 13-56.65.111.6.157.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 13-56.65.111.6.157.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇮🇹 VHosting	2026-02-18 22:11:28 (3 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:49 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2025-12-13 11:27:57 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-26 10:37:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.157 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:37:08.581446 2025] [security2:error] [pid 3530:tid 3530] [client 65.111.6.157:46803] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.oldcuyama.com"] [uri "/.svn/wc.db"] [unique_id "aSbYVBjMtwveFkrKV3Z-VwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 06:00:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.157 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:00:28.414682 2025] [security2:error] [pid 20560:tid 20560] [client 65.111.6.157:45959] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.rocketbattle.org"] [uri "/.env"] [unique_id "aSaXfEgNgeMQb7YGZyL-uwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:27:23 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.157 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:27:19.138288 2025] [security2:error] [pid 10835:tid 10835] [client 65.111.6.157:12375] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.firewoodstudio.com"] [uri "/.env"] [unique_id "aST3530pxm2vObVzlQahhwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 IROK	2025-11-24 15:59:31 (6 months ago)	24/Nov/2025:16:59:25.499228 +0100Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client ... show more 24/Nov/2025:16:59:25.499228 +0100Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 65.111.6.157] ModSecurity: Access denied with code 403 (phase 2). String match "/.env" at REQUEST_URI. [file "remote server"] [line "-1"] [id "430057"] [msg "Malware.Expert - request_uri: .ENV Files"] [tag "MEWAF"] [hostname "webmail.blog.elblag.pl"] [uri "/.env"] [unique_id "aSSA3QEb9DTYhSzQLieuaQAAAAE"] ... show less	Hacking
🇺🇸 TPI-Abuse	2025-11-24 09:44:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.157 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:43:59.986077 2025] [security2:error] [pid 26299:tid 26299] [client 65.111.6.157:14381] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.mikeziegler.com"] [uri "/.env"] [unique_id "aSQo3zShlLJYMXqc6DafDwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-13 22:49:18 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-02 21:54:26 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:15:40	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-10-15 22:34:20 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇨🇦 wil.com	2025-10-15 02:48:58 (7 months ago)	GlobalProtect login attempts with user intiharc.	VPN IP Brute-Force
Anonymous	2025-10-07 06:21:46 (7 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.07 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.07 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-04 06:04:52 (8 months ago)	Attempted brute force login to web vpn 3 time(s); last attempt for 2025.10.04 is noted in report tim ... show more Attempted brute force login to web vpn 3 time(s); last attempt for 2025.10.04 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 2a00:1450:4013:c1c::120

🇳🇱 204.76.203.81

🇬🇧 193.163.125.232

🇺🇸 172.110.223.97

🇻🇳 171.231.196.49

🇨🇳 139.9.191.197

🇮🇩 103.122.67.223

🇨🇦 51.222.30.51

🇺🇸 216.25.89.106

🇺🇿 213.230.93.202

🇩🇪 213.209.159.235

🇬🇧 185.216.145.171

🇿🇦 185.132.186.5

🇳🇬 158.255.76.68

🇨🇭 140.86.213.131

🇨🇳 139.198.19.38

🇮🇳 135.13.28.35

🇸🇬 68.183.178.130

🇹🇼 61.221.30.145

🇨🇦 51.222.205.120