JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.20.36

65.111.20.36 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 9%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.20.36

Whois 65.111.20.36

IP Abuse Reports for 65.111.20.36:

This IP address has been reported a total of 20 times from 7 distinct sources. 65.111.20.36 was first reported on July 7th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-05-12 11:54:52 (3 weeks ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇫🇷 masterguru	2026-05-09 11:36:30 (4 weeks ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇫🇷 conseilgouz	2026-04-27 14:39:22 (1 month ago)	joe-6 : Trying access system files=>/wp-login.php(wp-login.php)	Hacking
🇫🇷 masterguru	2026-04-26 17:44:54 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇫🇷 masterguru	2026-04-21 02:33:21 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇫🇷 masterguru	2026-04-18 14:05:10 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 65.111.20.36 (BR/Brazil/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇺🇸 TPI-Abuse	2026-02-19 05:22:17 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 00:22:09.680651 2026] [security2:error] [pid 19329:tid 19329] [client 65.111.20.36:61395] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kristencorley.com"] [uri "/v2/.git/config"] [unique_id "aZaeAR7bz3dpW7GRzMfD2wAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 04:00:10 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 23:00:00.240705 2026] [security2:error] [pid 22945:tid 22945] [client 65.111.20.36:27045] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kirklandplumbing.ca"] [uri "/admin/.env"] [unique_id "aZaKwLWj0jJhuQf1lOEUrQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 02:11:42 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 21:11:29.044359 2026] [security2:error] [pid 2742503:tid 2742503] [client 65.111.20.36:57785] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kathiekate.com"] [uri "/app/.git/config"] [unique_id "aZZxUfnVKYj6-nTSKJJMlgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 18:43:00 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 13:42:56.936459 2026] [security2:error] [pid 13346:tid 13346] [client 65.111.20.36:51805] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thisisaboutscience.com"] [uri "/.env.production"] [unique_id "aZYIMBBNrYKjCuAYzM9g7gAAADI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 13:49:17 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 08:49:09.878880 2026] [security2:error] [pid 21499:tid 21499] [client 65.111.20.36:21609] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "woodburymeadows.org"] [uri "/.env.staging"] [unique_id "aZXDVYxZF3D5uPxdMoRkGwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-18 12:05:41 (3 months ago)	Too many Status 40X (12) Scanning/Probing (12)	Brute-Force Web App Attack
🇪🇸 10dencehispahard SL	2026-01-26 12:09:53 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2025-12-29 09:09:28 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 04:09:25.074448 2025] [security2:error] [pid 4940:tid 4940] [client 65.111.20.36:41281] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "21north.com"] [uri "/.svn/wc.db"] [unique_id "aVJFRV7RmLc8tTb6dEKSCQAAAEE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 08:36:27 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 03:36:21.235389 2025] [security2:error] [pid 28456:tid 28456] [client 65.111.20.36:22283] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "spotsysanta.com"] [uri "/.svn/wc.db"] [unique_id "aVI9hRfDxS-_0zZIO93E0wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 203.215.167.149

🇩🇪 185.242.3.226

🇭🇰 118.193.44.184

🇺🇸 103.143.231.24

🇺🇸 66.132.172.36

🇫🇷 62.210.38.102

🇺🇸 2604:a880:400:d1:0:4:8c02:9001

🇨🇳 220.250.52.75

🇨🇭 209.99.190.113

🇺🇸 136.117.153.84

🇮🇪 3.254.159.181

🇬🇧 195.96.139.167

🇺🇦 185.218.138.56

🇧🇷 170.80.65.140

🇻🇳 103.82.132.16

🇧🇬 91.191.209.46

🇪🇸 82.223.190.50

🇰🇿 37.151.47.27

🇸🇬 208.109.9.180

🇺🇸 137.184.228.138