JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.6.49

65.111.6.49 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 21%: ?

21%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.6.49

Whois 65.111.6.49

IP Abuse Reports for 65.111.6.49:

This IP address has been reported a total of 27 times from 13 distinct sources. 65.111.6.49 was first reported on July 3rd 2024, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇹 Malta	2026-06-11 22:56:54 (13 hours ago)	65.111.6.49 - - [12/Jun/2026:00:56:54 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Ubuntu ... show more 65.111.6.49 - - [12/Jun/2026:00:56:54 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇲🇽 octageeks.com	2026-06-11 04:20:59 (1 day ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇫🇷 MatStef132	2026-05-19 21:11:04 (3 weeks ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇳🇱 MatStef132	2026-05-19 20:59:02 (3 weeks ago)	MatShield L7: blocked on dstat.selify.io (ua-quarantined)	Bad Web Bot
🇫🇷 MatStef132	2026-05-15 15:39:09 (3 weeks ago)	MatShield L7 blocked request to mathost.eu for reason ua-q	DDoS Attack Bad Web Bot Web App Attack
🇫🇷 MatStef132	2026-05-14 21:32:37 (4 weeks ago)	[mathost.eu] ua-q	DDoS Attack Bad Web Bot Web App Attack
🇫🇷 tilellit.pro	2026-04-09 09:24:30 (2 months ago)	Fail2Ban banned 65.111.6.49 for security violations in jail nginx-aggressive. Log: 2026/04/09 09:24: ... show more Fail2Ban banned 65.111.6.49 for security violations in jail nginx-aggressive. Log: 2026/04/09 09:24:28 [error] FastCGI sent in stderr: "Primary script unknown" , client: 65.111.6.49, server: [REDACTED], request: "POST /wp-admin/xmlrpc.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] 2026/04/09 09:24:29 [error] FastCGI sent in stderr: "Primary script unknown" , client: 65.111.6.49, server: [REDACTED], request: "POST /wp-admin/xmlrpc.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] ... show less	Bad Web Bot Web App Attack
Anonymous	2026-03-12 23:02:07 (2 months ago)	Forum/form spam	Web Spam
🇺🇸 TPI-Abuse	2026-01-10 08:44:42 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.49 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 10 03:44:36.712231 2026] [security2:error] [pid 9794:tid 9794] [client 65.111.6.49:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jspsf.com"] [uri "/.svn/wc.db"] [unique_id "aWIRdLW4ktJlwDqTYFLgGgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 Progetto1	2026-01-07 21:10:09 (5 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇬🇧 Swiptly	2026-01-07 20:27:15 (5 months ago)	Bot scanning for environment files .env .env/\* ...	Web App Attack
🇺🇸 TPI-Abuse	2025-12-30 16:52:16 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.49 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 11:52:00.082156 2025] [security2:error] [pid 9123:tid 9123] [client 65.111.6.49:41307] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.les-volets-bleus.com"] [uri "/.svn/wc.db"] [unique_id "aVQDMHpyFHeGGOPfICxl1AAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:06:33 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.49 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:06:28.008351 2025] [security2:error] [pid 27826:tid 27826] [client 65.111.6.49:14717] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lakeviewstudiopro.com"] [uri "/.svn/wc.db"] [unique_id "aVIMVMvc7Tuw9r18lMiJcAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:14:17 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.6.49 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.6.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:14:14.148104 2025] [security2:error] [pid 32681:tid 32681] [client 65.111.6.49:15255] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "notearsweb.com"] [uri "/.env"] [unique_id "aVIAFo6mpXGGCjAnV7D1kAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 16:41:22 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 192.42.116.62

🇮🇹 172.213.140.80

🇹🇭 122.154.74.204

🇨🇳 113.221.15.212

🇺🇸 107.172.250.235

🇻🇳 103.97.135.244

🇧🇬 91.92.199.36

🇬🇧 81.19.219.205

🇺🇸 65.49.1.176

🇬🇧 51.75.161.33

🇱🇹 45.227.254.170

🇺🇸 44.99.215.63

🇸🇬 43.173.175.205

🇺🇸 34.138.36.143

🇷🇴 2.57.121.112

🇺🇦 185.143.145.61

🇺🇸 172.253.242.54

🇩🇪 141.11.250.239

🇭🇰 101.36.124.220

🇺🇸 71.6.233.182