JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.9.148

65.111.9.148 was found in our database!

This IP was reported 63 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.9.148

Whois 65.111.9.148

IP Abuse Reports for 65.111.9.148:

This IP address has been reported a total of 63 times from 30 distinct sources. 65.111.9.148 was first reported on May 2nd 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 MAGIC	2026-03-14 00:26:25 (2 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇹🇷 rtbh.com.tr	2026-03-04 20:11:53 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
Anonymous	2026-02-15 13:18:12 (3 months ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 12:33:56 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 07:33:51.424478 2026] [security2:error] [pid 699699:tid 699722] [client 65.111.9.148:28535] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "quetzalcoatl2012.net"] [uri "/admin/.env"] [unique_id "aZG9Lz6RhBWn5rx309lS-AAAAJM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:19:52 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:19:47.723372 2026] [security2:error] [pid 19131:tid 19131] [client 65.111.9.148:16931] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sellingcarshandbook.com"] [uri "/v2/.git/config"] [unique_id "aZGr0yE16c3bM0EfK0xtrgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ecode hosting	2026-02-15 07:09:09 (3 months ago)	Domain : secertarim.com.tr Rule : env 2026-02-15 07:07:13 10.100.1.20 GET /api/.env - 443 - 65.111.9 ... show more Domain : secertarim.com.tr Rule : env 2026-02-15 07:07:13 10.100.1.20 GET /api/.env - 443 - 65.111.9.148 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 - secertarim.com.tr 301 0 0 363 162 149 - - show less	Hacking SQL Injection
🇭🇺 Adorjan Daczo	2026-02-15 05:40:50 (3 months ago)	Probe for vulnerabilities. Path attempted: /admin/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:39:49 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:39:45.764598 2026] [security2:error] [pid 2077:tid 2077] [client 65.111.9.148:9031] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scala-global.com"] [uri "/test/.git/config"] [unique_id "aZFcIYd6kul60Tb8Y1qDKAAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:24:08 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:24:01.758095 2026] [security2:error] [pid 6224:tid 6270] [client 65.111.9.148:56743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oftv.xyz"] [uri "/.env"] [unique_id "aZFYcQd6CwE1zZPIU6m4zQAAARA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 ddw	2026-02-15 04:04:39 (3 months ago)	Multiple ModSecurity detections - Rules: 930130(Restricted File Access Attempt)	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:59:23 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:59:16.203410 2026] [security2:error] [pid 14971:tid 14971] [client 65.111.9.148:25573] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "potamus.net"] [uri "/admin/.env"] [unique_id "aZFElLU4ehYUZUOjrG-fwgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:55:49 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:55:45.529197 2026] [security2:error] [pid 21588:tid 21588] [client 65.111.9.148:30529] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pocosfarm.com"] [uri "/test/.git/config"] [unique_id "aZE1sRkhe9d6qZmyb98VwgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:51:18 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:51:12.704886 2026] [security2:error] [pid 18386:tid 18386] [client 65.111.9.148:55639] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pist.org.tr"] [uri "/.env.staging"] [unique_id "aZEmkJvOBXrmqU4DoFgEvAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-02-15 01:13:21 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:07:47 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:07:43.589610 2026] [security2:error] [pid 18944:tid 18944] [client 65.111.9.148:26715] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "naturalhomebuilders.com"] [uri "/.env"] [unique_id "aZEcX39WJ_E6mETBD7KTqAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 63 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇪 213.35.128.24

🇬🇷 194.219.108.59

🇩🇪 130.12.181.106

🇮🇩 103.191.14.243

🇸🇬 94.231.206.248

🇩🇪 89.208.97.111

🇭🇺 77.74.204.176

🇺🇸 64.31.55.20

🇳🇱 45.156.128.127

🇺🇸 45.33.52.85

🇬🇧 198.244.226.63

🇧🇷 177.170.79.58

🇭🇰 101.36.106.75

🇺🇸 64.62.156.94

🇨🇳 59.82.0.36

🇬🇧 35.203.211.133

🇬🇧 35.203.211.41

🇧🇪 34.53.227.104

🇷🇴 2.57.121.112

🇧🇪 198.235.24.224