JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.9.28

65.111.9.28 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 10%: ?

10%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.9.28

Whois 65.111.9.28

IP Abuse Reports for 65.111.9.28:

This IP address has been reported a total of 42 times from 18 distinct sources. 65.111.9.28 was first reported on June 26th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 inlink.ltd	2026-05-19 22:30:45 (2 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇱🇻 garmtech.com	2026-05-19 03:41:49 (2 weeks ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇪🇸 el-brujo	2026-01-21 05:24:29 (4 months ago)	Cloudflare WAF: Request Path: /whois.html Request Query: ?domain=%3Cscript%3Ealert%28%27XSS%27%29%3C ... show more Cloudflare WAF: Request Path: /whois.html Request Query: ?domain=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E Host: elhacker.net userAgent: Mozilla/5.0 (Linux; Android 9; ASUS_I005DA Build/PI; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/133.0.6943.122 Mobile Action: log Source: firewallManaged ASN Description: DREI-K-TECH-GMBH Country: US Method: GET Timestamp: 2026-01-21T05:24:29Z ruleId: 9c8dda9708cc4452ac76e7be7b58420b. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:54 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-10 14:52:11 (5 months ago)	"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized ac ... show more "Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized access" show less	DDoS Attack SQL Injection Exploited Host
🇺🇸 TPI-Abuse	2025-11-25 03:33:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:33:44.556735 2025] [security2:error] [pid 4036:tid 4036] [client 65.111.9.28:23077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.psychoatomicpower.com"] [uri "/.env"] [unique_id "aSUjmKGHKESqwQYfZULm1QAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:57:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:56:52.596631 2025] [security2:error] [pid 14602:tid 14602] [client 65.111.9.28:42597] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.graficasbis.com"] [uri "/.env"] [unique_id "aSUa9Jh78kJWt2C8ok70RAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:17:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:14:00.409382 2025] [security2:error] [pid 16267:tid 16267] [client 65.111.9.28:48827] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.americanflagcards.com"] [uri "/.git/HEAD"] [unique_id "aST0yOJcg4AbfW3wBLEMMwAAAEE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:15:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:15:18.779021 2025] [security2:error] [pid 22839:tid 22839] [client 65.111.9.28:16517] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nlc-calumet.org"] [uri "/.svn/wc.db"] [unique_id "aSQUFoZ-sH2eMq09o1WPyQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:48:53 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:48:45.618002 2025] [security2:error] [pid 13322:tid 13322] [client 65.111.9.28:30809] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.3905ccn.us"] [uri "/.git/HEAD"] [unique_id "aSPxvXPi5tRPjxqqKdDP4AAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 boxed-it	2025-11-24 05:37:53 (6 months ago)	GET /.git/HEAD (Tarpitted for 2m10s, wasted 7.73kB)	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:22:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:22:37.607258 2025] [security2:error] [pid 27208:tid 27208] [client 65.111.9.28:44233] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.engelhardtkraatz.com"] [uri "/.svn/wc.db"] [unique_id "aSPrnTGtbO61slUUl3IKzAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:32:33 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.9.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:32:29.485314 2025] [security2:error] [pid 32481:tid 32481] [client 65.111.9.28:22315] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.uhfcfoundation.org"] [uri "/.svn/wc.db"] [unique_id "aSPf3Vx19Mj_iVcKd3jXXAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 12:58:27 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇨🇦 wil.com	2025-10-28 23:55:27 (7 months ago)	GlobalProtect login attempts with user pandujar.	VPN IP Brute-Force

Showing 1 to 15 of 42 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 193.124.20.243

🇸🇪 188.151.176.48

🇷🇴 80.94.92.187

🇩🇪 69.5.169.225

🇩🇪 69.5.169.182

🇺🇸 34.197.70.90

🇩🇪 2.26.61.203

🇺🇸 205.210.31.53

🇺🇸 159.223.127.102

🇨🇳 113.31.103.129

🇫🇷 86.238.4.162

🇱🇹 45.227.254.170

🇪🇨 45.224.97.241

🇳🇱 185.242.226.74

🇨🇳 116.6.68.114

🇷🇴 93.114.194.159

🇫🇷 85.217.140.43

🇺🇸 64.62.156.142

🇳🇱 45.142.193.198

🇰🇷 222.108.147.76