JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.20.57

65.111.20.57 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 49%: ?

49%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.20.57

Whois 65.111.20.57

IP Abuse Reports for 65.111.20.57:

This IP address has been reported a total of 36 times from 22 distinct sources. 65.111.20.57 was first reported on July 16th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tecnicorioja	2026-06-17 22:01:27 (1 day ago)	wp-login attack [17/Jun/2026:07:38:39	Brute-Force Web App Attack
🇩🇪 london2038.com	2026-06-16 01:18:36 (2 days ago)	Attacking WordPress 65.111.20.57 - - [16/Jun/2026:03:18:32 +0200] "POST /wp-login.php HTTP/1.1" 503 ... show more Attacking WordPress 65.111.20.57 - - [16/Jun/2026:03:18:32 +0200] "POST /wp-login.php HTTP/1.1" 503 19309 "https://<REDACTED>/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15" show less	Brute-Force Web App Attack
🇬🇧 poundawebsiteltd	2026-06-15 02:20:00 (3 days ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.20.57 - - [15/Jun/2026:03:19:53 +0100] PO ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.20.57 - - [15/Jun/2026:03:19:53 +0100] POST /wp-login.php HTTP/1.1 200 6801 https://[REDACTED_DOMAIN]/wp-login.php Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Web App Attack
🇩🇪 F242	2026-06-14 19:08:48 (4 days ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇬🇷 setupgr	2026-06-14 12:05:34 (4 days ago)	(mod_security) mod_security (id:900001) triggered by 65.111.20.57: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 65.111.20.57: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jun 14 15:05:31.219647 2026] [security2:error] [pid 921870:tid 922029] [client 65.111.20.57:19889] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.fashionfragonard.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.fashionfragonard.gr"] [uri "/wp-login.php"] [unique_id "ai6ZCyiyK_EXlfCi56cRLgAAAFU"], referer: https://mail.fashionfragonard.gr/wp-login.php show less	Port Scan
🇬🇷 setupgr	2026-06-13 09:50:16 (5 days ago)	(mod_security) mod_security (id:900001) triggered by 65.111.20.57: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 65.111.20.57: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sat Jun 13 12:50:15.579011 2026] [security2:error] [pid 705243:tid 705309] [client 65.111.20.57:26703] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.setworldup.com"] [severity "CRITICAL"] [tag "security"] [hostname "mail.setworldup.com"] [uri "/wp-login.php"] [unique_id "ai0n1_TTK8tviUcnqp_QbAAAAAQ"], referer: https://mail.setworldup.com/wp-login.php show less	Port Scan
🇩🇪 FeG Deutschland	2026-06-13 01:58:38 (5 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇧🇪 cmbplf	2026-06-11 20:34:03 (1 week ago)	2.351 POST requests with url.path */wp-login.php	Brute-Force Bad Web Bot
🇺🇸 lostswordfish.com	2026-06-11 10:26:04 (1 week ago)	Wordfence waf block on wvrsol	Web App Attack
🇬🇧 PeravixGroup	2026-05-07 04:46:39 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇨🇿 Honzas	2026-02-17 11:21:45 (4 months ago)	Unsolicited connection attemps(9), port 443/TCP	Brute-Force
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:05 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-27 21:09:59 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.57 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 16:09:55.400986 2025] [security2:error] [pid 31186:tid 31186] [client 65.111.20.57:47979] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seizethisseason.com"] [uri "/.env"] [unique_id "aVBLI8ZKjRd-pEAozr8r0gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 19:04:21 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.57 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 14:04:16.055880 2025] [security2:error] [pid 27650:tid 27656] [client 65.111.20.57:45941] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "managementlaw.com"] [uri "/.env"] [unique_id "aVAtsCzOhx1-DO4Goc0VfAAAAQM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-11 01:50:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.20.57 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.20.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 20:50:51.942450 2025] [security2:error] [pid 30779:tid 30796] [client 65.111.20.57:52451] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "barstow-station.com"] [uri "/.git/HEAD"] [unique_id "aTojewsR_TSyCUqNC7UOCwAAAM4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇵 103.130.207.227

🇹🇼 111.70.23.231

🇱🇹 45.227.254.170

🇺🇸 45.8.19.52

🇺🇿 5.182.26.69

🇫🇮 147.185.133.160

🇺🇸 91.193.232.133

🇱🇹 62.60.130.60

🇨🇳 61.170.156.39

🇷🇴 2.57.122.177

🇮🇳 182.95.185.14

🇧🇷 177.11.17.179

🇺🇸 172.174.46.118

🇦🇺 170.64.143.34

🇹🇷 91.151.88.168

🇱🇹 81.30.98.158

🇺🇸 71.6.147.254

🇺🇸 40.124.175.155

🇺🇸 91.230.168.155

🇳🇱 45.198.224.120