JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.21.0

65.111.21.0 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 55%: ?

55%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.21.0

Whois 65.111.21.0

IP Abuse Reports for 65.111.21.0:

This IP address has been reported a total of 36 times from 20 distinct sources. 65.111.21.0 was first reported on September 25th 2024, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 omc	2026-06-21 19:14:19 (17 hours ago)	AH01797: Unauthorized file	Bad Web Bot
🇲🇽 octageeks.com	2026-06-21 04:16:04 (1 day ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 xmission.com	2026-06-16 20:45:56 (5 days ago)	65.111.21.0 - - [16/Jun/2026:14:45:55 -0600] "POST /xmlrpc.php HTTP/1.1" 200 413 "-" "Mozilla/5.0 (M ... show more 65.111.21.0 - - [16/Jun/2026:14:45:55 -0600] "POST /xmlrpc.php HTTP/1.1" 200 413 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇷 pm33	2026-06-16 19:37:45 (5 days ago)	Wordpress login attempts	Brute-Force
🇺🇸 lostswordfish.com	2026-06-16 18:56:04 (5 days ago)	Wordfence waf block on 1105merrystreet	Web App Attack
🇩🇪 iNetWorker	2026-06-16 16:38:34 (5 days ago)	trolling for resource vulnerabilities	Web App Attack
🇬🇷 setupgr	2026-06-15 22:01:49 (6 days ago)	(mod_security) mod_security (id:900001) triggered by 65.111.21.0: 1 in the last 86400 secs; Ports: * ... show more (mod_security) mod_security (id:900001) triggered by 65.111.21.0: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 16 01:01:48.754378 2026] [security2:error] [pid 1965768:tid 1965816] [client 65.111.21.0:36549] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.ions.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.ions.gr"] [uri "/wp-login.php"] [unique_id "ajB2TJhSggell5vQAURiUQAAAVU"], referer: https://mail.ions.gr/wp-login.php show less	Port Scan
🇬🇷 setupgr	2026-06-14 12:24:46 (1 week ago)	(mod_security) mod_security (id:900001) triggered by 65.111.21.0: 1 in the last 86400 secs; Ports: * ... show more (mod_security) mod_security (id:900001) triggered by 65.111.21.0: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jun 14 15:24:41.105447 2026] [security2:error] [pid 948989:tid 949035] [client 65.111.21.0:54185] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.babis.photo"] [severity "CRITICAL"] [tag "security"] [hostname "mail.babis.photo"] [uri "/wp-login.php"] [unique_id "ai6didXD3_cY7WcDuxqDbgAAAJM"], referer: https://mail.babis.photo/wp-login.php show less	Port Scan
🇫🇷 ELYAZ	2026-06-12 15:02:37 (1 week ago)	(y4) Failed scan -byebye- from 65.111.21.0 (BR/Brazil/-): (CF_ENABLE)	Hacking
🇲🇹 Malta	2026-06-11 22:57:34 (1 week ago)	65.111.21.0 - - [12/Jun/2026:00:57:34 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 65.111.21.0 - - [12/Jun/2026:00:57:34 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇮🇩 zam	2026-06-11 20:08:06 (1 week ago)	65.111.21.0 - - [11/Jun/2026:20:07:43 +0000] "POST /wp-login.php HTTP/1.1" 301 277	Web App Attack
🇫🇷 ELYAZ	2026-06-10 16:00:19 (1 week ago)	(y4) Failed scan -byebye- from 65.111.21.0 (BR/Brazil/-): (CF_ENABLE)	Hacking
🇪🇸 10dencehispahard SL	2025-12-29 09:36:36 (5 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2025-11-26 11:28:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.0 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.0 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:28:18.457305 2025] [security2:error] [pid 8915:tid 8915] [client 65.111.21.0:13941] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.ashleycroft.com"] [uri "/.env"] [unique_id "aSbkUnLn956h77SKB4OOTgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 06:36:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.0 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.0 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:35:59.021898 2025] [security2:error] [pid 2485462:tid 2485462] [client 65.111.21.0:37163] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.hills-tax.com"] [uri "/.git/HEAD"] [unique_id "aSafz1tal4f28eo-3e7zFAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4001:c72::12b

🇺🇸 209.222.101.194

🇳🇱 204.76.203.219

🇨🇳 110.43.37.72

🇷🇸 109.207.35.145

🇮🇩 103.184.181.33

🇲🇾 49.124.152.225

🇲🇾 49.124.152.32

🇪🇸 212.227.235.203

🇷🇴 193.46.255.86

🇫🇷 85.217.140.22

🇳🇱 45.148.10.141

🇨🇳 14.103.115.213

🇫🇷 5.196.45.10

🇬🇧 2a06:4880:c000::e7

🇩🇪 212.132.119.238

🇨🇳 182.43.235.75

🇨🇭 107.189.2.75

🇫🇷 91.231.89.228

🇫🇷 85.217.140.50