JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.20.3

65.111.20.3 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 42%: ?

42%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.20.3

Whois 65.111.20.3

IP Abuse Reports for 65.111.20.3:

This IP address has been reported a total of 29 times from 15 distinct sources. 65.111.20.3 was first reported on June 28th 2024, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇹 Malta	2026-06-11 15:54:24 (17 hours ago)	65.111.20.3 - - [11/Jun/2026:17:54:24 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 65.111.20.3 - - [11/Jun/2026:17:54:24 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15" show less	Hacking Web App Attack
Anonymous	2026-06-11 04:30:04 (1 day ago)	65.111.20.3 - - [11/Jun/2026:06:30:03 +0200] "POST / HTTP/1.1" 301 169 "https:///" "Mozilla/5.0 (X11 ... show more 65.111.20.3 - - [11/Jun/2026:06:30:03 +0200] "POST / HTTP/1.1" 301 169 "https:///" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Web App Attack
🇺🇸 lostswordfish.com	2026-06-10 07:52:06 (2 days ago)	Wordfence waf block on kcuar	Web App Attack
🇫🇷 ELYAZ	2026-06-10 06:14:21 (2 days ago)	(y4) Failed scan -byebye- from 65.111.20.3 (BR/Brazil/-): (CF_ENABLE)	Hacking
🇦🇺 MAGIC	2026-06-10 01:25:17 (2 days ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇳🇱 homeshowdomain.nl	2026-05-18 21:59:02 (3 weeks ago)	Auto-ban: >3000 req/min op 2026-05-18	Web App Attack SSH Hacking
🇩🇪 Hazzard	2026-05-16 08:30:22 (3 weeks ago)	(wordpress) Failed wordpress login from 65.111.20.3 (BR/Brazil/São Paulo/São Paulo/-/[redacted]): ( ... show more (wordpress) Failed wordpress login from 65.111.20.3 (BR/Brazil/São Paulo/São Paulo/-/[redacted]): (CF_ENABLE) show less	Brute-Force
🇱🇻 garmtech.com	2026-01-06 11:04:24 (5 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 13-04.65.111.20.3.web-spammers ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 13-04.65.111.20.3.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
Anonymous	2026-01-03 02:00:24 (5 months ago)	65.111.20.3 - - [03/Jan/2026:03:00:14 +0100] "POST /xmlrpc.php HTTP/1.1" 302 8694 "-" "Mozilla/5.0 ( ... show more 65.111.20.3 - - [03/Jan/2026:03:00:14 +0100] "POST /xmlrpc.php HTTP/1.1" 302 8694 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 65.111.20.3 - - [03/Jan/2026:03:00:14 +0100] "POST /xmlrpc.php HTTP/1.1" 404 19526 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 65.111.20.3 - - [03/Jan/2026:03:00:16 +0100] "POST /xmlrpc.php HTTP/1.1" 302 8694 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" 65.111.20.3 - - [03/Jan/2026:03:00:16 +0100] "POST /xmlrpc.php HTTP/1.1" 404 19527 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15" 65.111.20.3 - - [03/Jan/2026:03:00:17 +0100] "POST /xmlrpc.php HTTP/1.1" 302 8694 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" 65.111.20.3 - - [03/Jan/2026:03:00:18 +0100] "POST /xmlrpc.php HTTP/1.1" 404 ... show less	Brute-Force
🇺🇸 TPI-Abuse	2025-12-29 04:41:53 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:41:46.654688 2025] [security2:error] [pid 28245:tid 28245] [client 65.111.20.3:14081] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rdsparts.com"] [uri "/.env"] [unique_id "aVIGip_96aeMPSDdfZAOJQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:26:06 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:25:58.828910 2025] [security2:error] [pid 5057:tid 5057] [client 65.111.20.3:21219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "title39.com"] [uri "/.svn/wc.db"] [unique_id "aVIC1vzX55qP5zOQ3MDq3QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 03:57:51 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 22:57:45.864195 2025] [security2:error] [pid 11586:tid 11586] [client 65.111.20.3:18703] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coffeewitheinstein.com"] [uri "/.env"] [unique_id "aVH8OTcYRUIGWew2NIxkXwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 14:32:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 09:32:29.153901 2025] [security2:error] [pid 8199:tid 8199] [client 65.111.20.3:41029] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pbeyer.org"] [uri "/.env"] [unique_id "aTWP_UVDccDpJ3N6WG9KmAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 16:42:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 11:42:22.720811 2025] [security2:error] [pid 2543:tid 2543] [client 65.111.20.3:22433] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "delucchi.net"] [uri "/.svn/wc.db"] [unique_id "aTRc7koiuBX9z-v-ph6e4wAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 02:46:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 21:46:26.509295 2025] [security2:error] [pid 15622:tid 15622] [client 65.111.20.3:49787] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "anthraxbook.info"] [uri "/.env"] [unique_id "aTOZAtuIcHwMIodstAOaAwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.182

🇨🇳 115.231.78.11

🇩🇪 69.5.169.118

🇮🇶 188.64.139.147

🇨🇭 179.43.146.227

🇺🇸 162.216.149.95

🇨🇳 113.240.110.0

🇫🇷 85.217.140.40

🇩🇪 69.5.169.69

🇷🇺 45.195.221.26

🇨🇳 221.229.220.180

🇺🇸 184.168.21.211

🇬🇧 138.68.144.227

🇮🇩 115.85.80.12

🇩🇪 92.208.231.46

🇬🇧 89.37.172.155

🇫🇷 75.119.132.109

🇫🇷 51.68.226.171

🇩🇪 213.209.159.56

🇩🇪 206.81.24.74