JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.20.252

65.111.20.252 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 26%: ?

26%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.20.252

Whois 65.111.20.252

IP Abuse Reports for 65.111.20.252:

This IP address has been reported a total of 22 times from 13 distinct sources. 65.111.20.252 was first reported on July 9th 2024, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 ELYAZ	2026-06-13 20:22:56 (21 hours ago)	(y4) Failed scan -byebye- from 65.111.20.252 (BR/Brazil/-): (CF_ENABLE)	Hacking
🇺🇸 lostswordfish.com	2026-06-13 08:14:06 (1 day ago)	Wordfence waf block on parsol	Web App Attack
🇫🇷 ELYAZ	2026-06-11 13:41:11 (3 days ago)	(y4) Failed scan -byebye- from 65.111.20.252 (BR/Brazil/-): (CF_ENABLE)	Hacking
Anonymous	2026-06-11 02:53:16 (3 days ago)	[da.kdns.gr] httpd-login-spray-site: sites=xlf.gr; logs=/var/log/httpd/domains/xlf.gr.log; samples=s ... show more [da.kdns.gr] httpd-login-spray-site: sites=xlf.gr; logs=/var/log/httpd/domains/xlf.gr.log; samples=site_wide=true \| distinct_ips=15 \| /wp-login.php show less	Hacking Web App Attack
🇩🇪 filstal.org	2026-05-12 01:41:55 (1 month ago)	Automated security scan or exploit attempt detected by Fail2Ban	Bad Web Bot Web App Attack
Anonymous	2025-12-31 08:25:24 (5 months ago)	"GET /.git/HEAD HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-30 10:22:26 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 05:21:37.106970 2025] [security2:error] [pid 22916:tid 22916] [client 65.111.20.252:17545] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.lazymanvegan.com"] [uri "/.git/HEAD"] [unique_id "aVOnsW7xvQCjDRZxnoaC2wAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2025-12-29 19:29:02 (5 months ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2025-11-29 01:02:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 20:02:46.119548 2025] [security2:error] [pid 14953:tid 14953] [client 65.111.20.252:57767] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "abramczuk.me"] [uri "/.env.old"] [unique_id "aSpGNnYfjD4kHvKHgBTbhwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 20:57:26 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 15:57:16.200150 2025] [security2:error] [pid 27904:tid 27904] [client 65.111.20.252:31223] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aavondalervstorage.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aavondalervstorage.com"] [uri "/dump.sql"] [unique_id "aSoMrJp0xTDIgdfZ-vh8VQAAAC8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 16:37:21 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 11:37:14.322546 2025] [security2:error] [pid 21368:tid 21368] [client 65.111.20.252:30855] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|amdavies15.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "amdavies15.com"] [uri "/backup.sql"] [unique_id "aSnPurHfGVTGYKgGd6WTUwAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:43:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:43:46.503610 2025] [security2:error] [pid 6400:tid 6400] [client 65.111.20.252:17751] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bogans.net"] [uri "/.svn/wc.db"] [unique_id "aSQo0uKTEoe9PFItKZJkagAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-05 13:48:44 (7 months ago)	wordpress-trap	Web App Attack
Anonymous	2025-11-02 21:15:49 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:37:47	Port Scan Brute-Force Exploited Host Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-10-30 18:49:41 (7 months ago)	WP Admin Scan Activities	Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.109.252.252

🇭🇰 152.32.171.184

🇳🇬 102.90.100.206

🇮🇷 85.133.193.72

🇺🇸 64.62.156.149

🇺🇸 50.116.49.221

🇺🇸 45.33.12.122

🇺🇸 34.58.124.191

🇻🇳 14.171.89.86

🇸🇬 8.222.210.33

🇬🇧 2a06:4880:2000::3e

🇮🇳 2400:d321:2215:8536::1

🇨🇦 209.209.8.82

🇺🇸 172.253.8.157

🇺🇸 154.83.197.70

🇺🇸 135.237.125.78

🇨🇳 117.62.22.127

🇮🇳 103.192.198.173

🇩🇪 69.5.169.117

🇩🇴 45.172.153.100