JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.8.104

65.111.8.104 was found in our database!

This IP was reported 46 times. Confidence of Abuse is 2%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.8.104

Whois 65.111.8.104

IP Abuse Reports for 65.111.8.104:

This IP address has been reported a total of 46 times from 23 distinct sources. 65.111.8.104 was first reported on July 3rd 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 librebit	2026-05-17 07:15:03 (2 weeks ago)	Brute force	Brute-Force
🇳🇱 homeshowdomain.nl	2026-02-15 22:59:16 (3 months ago)	Auto-ban: >3000 req/min op 2026-02-15	Hacking Web App Attack SSH
Anonymous	2026-02-15 16:31:09 (3 months ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇺🇸 TPI-Abuse	2026-02-15 12:00:53 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 07:00:48.041999 2026] [security2:error] [pid 10026:tid 10026] [client 65.111.8.104:29055] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pamelalambert.com"] [uri "/admin/.env"] [unique_id "aZG1cMEj1IwAt1zftIYgdAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:04:24 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:04:16.475652 2026] [security2:error] [pid 26874:tid 26874] [client 65.111.8.104:24545] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "otfes.com"] [uri "/v2/.git/config"] [unique_id "aZGoML2wWdI5EruZdOvy2gAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-15 06:50:53 (3 months ago)	Blocking for trying to access an exploit file: /.env.staging	Hacking
🇺🇸 TPI-Abuse	2026-02-15 06:29:06 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:29:02.445502 2026] [security2:error] [pid 15179:tid 15202] [client 65.111.8.104:44919] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oohrah.us"] [uri "/app/.git/config"] [unique_id "aZFnrhTYrrASWRUQoAVXvQAAAFI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:41:48 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:41:08.801131 2026] [security2:error] [pid 24229:tid 24229] [client 65.111.8.104:36165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "probiopharmaceutical.com"] [uri "/backend/.env"] [unique_id "aZFcdK6vcSHJF4gAgZR1oQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:24:55 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:24:48.255460 2026] [security2:error] [pid 8346:tid 8346] [client 65.111.8.104:26395] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "savoiapower.com"] [uri "/.env.staging"] [unique_id "aZFYoKkYIZRxyBjn9t_xyAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:46:11 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:46:03.847072 2026] [security2:error] [pid 27821:tid 27821] [client 65.111.8.104:52039] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nypdkids.org"] [uri "/frontend/.env"] [unique_id "aZFPi0kvfdJgHcoX4HA9bAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:09:55 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:09:50.017230 2026] [security2:error] [pid 9733:tid 9733] [client 65.111.8.104:61049] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powerlessons.net"] [uri "/frontend/.env"] [unique_id "aZFHDr8UUSzho03oPmMANwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-15 04:06:11 (3 months ago)	Scanning/Probing (19)	Brute-Force Web App Attack
🇩🇪 big-cloud.nl	2026-02-15 03:24:19 (3 months ago)	Try to access /backup/.git/config	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:46:48 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:46:41.252660 2026] [security2:error] [pid 31888:tid 31888] [client 65.111.8.104:35343] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nickersoncarpentry.com"] [uri "/api/.git/config"] [unique_id "aZEzkaRoDonKY8Y9X3zRZgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:22:34 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.8.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:22:25.617959 2026] [security2:error] [pid 184120:tid 184172] [client 65.111.8.104:22101] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "newyorkgazette.com"] [uri "/.env.save"] [unique_id "aZEt4UzIfPaCyFBPJIk6_AAAAY8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 46 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 152.32.182.41

🇦🇱 104.243.247.72

🇱🇾 102.211.7.162

🇸🇦 82.167.30.156

🇲🇽 177.242.1.2

🇺🇸 172.253.210.80

🇩🇪 167.94.146.69

🇺🇸 165.154.206.246

🇨🇳 117.72.153.160

🇬🇧 37.10.113.213

🇲🇦 197.144.58.102

🇲🇽 186.96.145.241

🇺🇸 172.172.196.177

🇻🇳 171.231.196.85

🇲🇦 105.66.4.122

🇺🇸 104.234.32.101

🇬🇧 95.154.200.41

🇱🇹 81.30.98.144

🇬🇧 35.203.211.151

🇬🇧 35.203.211.47