JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.6.249

65.111.6.249 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.6.249

Whois 65.111.6.249

IP Abuse Reports for 65.111.6.249:

This IP address has been reported a total of 23 times from 12 distinct sources. 65.111.6.249 was first reported on July 5th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-06 09:36:11 (1 month ago)	Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Sever ... show more Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇺🇸 Penny Packer	2026-02-26 00:29:38 (3 months ago)	Fail2Ban apache-tripwires	Web App Attack
Anonymous	2026-02-11 09:01:00 (3 months ago)	SMS pumping	DDoS Attack VPN IP Bad Web Bot Web App Attack
🇵🇱 nfsec.pl	2026-01-22 04:08:11 (4 months ago)	65.111.6.249 - - [22/Jan/2026:04:08:02 +0000] "GET /index.php?option=com_search&searchword=%20atak&s ... show more 65.111.6.249 - - [22/Jan/2026:04:08:02 +0000] "GET /index.php?option=com_search&searchword=%20atak&searchphrase=exact%60%20WHERE%201167%3D1167%20AND%20CHAR%2899%29%7C%7CCHAR%2882%29%7C%7CCHAR%28103%29%7C%7CCHAR%2876%29%3DREGEXP_SUBSTRING%28REPEAT%28RIGHT%28CHAR%289647%29%2C0%29%2C5000000000%29%2CNULL%29--%20RBlh&ordering=newest HTTP/1.1" 403 5838 "-" "Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 65.111.6.249 - - [22/Jan/2026:04:08:04 +0000] "GET /index.php?option=com_search&searchword=%20atak&searchphrase=exact%60%29%20WHERE%202588%3D2588%20AND%20CHAR%2899%29%7C%7CCHAR%2882%29%7C%7CCHAR%28103%29%7C%7CCHAR%2876%29%3DREGEXP_SUBSTRING%28REPEAT%28RIGHT%28CHAR%289647%29%2C0%29%2C5000000000%29%2CNULL%29--%20rzDB&ordering=newest HTTP/1.1" 403 5838 "-" "Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 65.111.6.249 - - [22/Jan/2026:04:08:06 +0000] "GET /index.php ... show less	Exploited Host Web App Attack
🇪🇸 10dencehispahard SL	2025-12-31 06:28:09 (5 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
Anonymous	2025-12-12 21:53:22 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-25 05:59:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:59:09.492577 2025] [security2:error] [pid 22902:tid 22902] [client 65.111.6.249:49603] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.yarbroughfamily.org"] [uri "/.env"] [unique_id "aSVFrXRuNefFSKRcVStP5AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:00:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:00:18.107350 2025] [security2:error] [pid 23676:tid 23676] [client 65.111.6.249:29313] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.houseofbates.net"] [uri "/.git/HEAD"] [unique_id "aSUp0pktz-v7dlt-Yl40mwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:17:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:17:06.732376 2025] [security2:error] [pid 27727:tid 27729] [client 65.111.6.249:52259] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.neotienda.com"] [uri "/.svn/wc.db"] [unique_id "aSUfsveXMnwYTnmV60PffAAAAMA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:54:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:54:00.274913 2025] [security2:error] [pid 24597:tid 24597] [client 65.111.6.249:25741] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "surfsideautomotive.rosemeadefarms.com"] [uri "/.svn/wc.db"] [unique_id "aSUaSJbIl7RqIznlYQho_AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:00:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:00:49.649588 2025] [security2:error] [pid 18114:tid 18114] [client 65.111.6.249:26789] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.oceanicpier.com"] [uri "/.svn/wc.db"] [unique_id "aSUN0RirpsHExMvsWhXoFAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:31:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:30:56.543786 2025] [security2:error] [pid 17911:tid 17911] [client 65.111.6.249:49879] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.playerpianorestorations.player-care.com"] [uri "/.svn/wc.db"] [unique_id "aSUG0CA2bxyYHlAZ0vPSWgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:00:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:00:40.963501 2025] [security2:error] [pid 30736:tid 30736] [client 65.111.6.249:44705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.tarakanov.com"] [uri "/.env"] [unique_id "aST_uAxP6e6IcrphlAxzKQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-17 22:10:38 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇨🇦 wil.com	2025-10-15 16:54:19 (7 months ago)	GlobalProtect login attempts with user gregorydparker.	VPN IP Brute-Force

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇭 41.155.88.184

🇨🇳 203.93.173.11

🇮🇳 128.185.231.6

🇺🇸 104.236.99.179

🇻🇳 103.200.25.79

🇧🇬 95.43.150.36

🇲🇾 47.254.244.233

🇭🇰 47.242.37.198

🇰🇷 36.38.56.82

🇺🇸 23.234.118.245

🇮🇪 18.202.236.24

🇷🇴 2.57.122.177

🇵🇪 161.132.38.88

🇻🇳 152.32.162.15

🇫🇯 103.52.89.114

🇫🇷 62.210.142.170

🇨🇴 38.225.40.59

🇺🇸 23.234.117.68

🇪🇹 196.189.237.172

🇳🇱 195.178.110.31