JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.21.165

65.111.21.165 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 2%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.21.165

Whois 65.111.21.165

IP Abuse Reports for 65.111.21.165:

This IP address has been reported a total of 17 times from 9 distinct sources. 65.111.21.165 was first reported on July 9th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-10 20:05:46 (1 week ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 21:11:20 (6 months ago)	(mod_security) mod_security (id:210740) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210740) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 16:10:34.874714 2025] [security2:error] [pid 19154:tid 19154] [client 65.111.21.165:28109] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy\|\|advancedmotorsports.com\|F\|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "advancedmotorsports.com"] [uri "/g_book.cgi"] [unique_id "aS9Vyjb-sH0f6fNoU37S5wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 06:24:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:23:59.594232 2025] [security2:error] [pid 4397:tid 4397] [client 65.111.21.165:60209] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.dianogah.com"] [uri "/.svn/wc.db"] [unique_id "aSac_xdu1B1Oi-Qe7NbJMQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:33:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:33:06.337350 2025] [security2:error] [pid 32572:tid 32572] [client 65.111.21.165:20899] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.comicvolumes.edgeimprov.com"] [uri "/.git/HEAD"] [unique_id "aST5QsfsN3-kAUuZ_7mF5QAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:42:43 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:42:39.804626 2025] [security2:error] [pid 17706:tid 17706] [client 65.111.21.165:11269] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.purebinary.com"] [uri "/.git/HEAD"] [unique_id "aSQoj7xxHYeDqo2im_kWMwAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:32:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:32:25.167314 2025] [security2:error] [pid 21608:tid 21608] [client 65.111.21.165:19871] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.gestiofiscal.com"] [uri "/.svn/wc.db"] [unique_id "aSQYGV-t6cL56znA-keXvQAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 21:05:52 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 65.111.21.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 16:05:44.744546 2025] [security2:error] [pid 18951:tid 18951] [client 65.111.21.165:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.swarnar.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.swarnar.com"] [uri "/s3cmd.ini"] [unique_id "aRT2qLAPq6SN7j1mSXEVCwAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 maxxsense	2025-10-19 06:10:32 (8 months ago)	(sshd) Failed SSH login from 65.111.21.165 (BR/Brazil/-)	Brute-Force SSH
🇳🇱 GabrielJST	2025-10-15 02:41:15 (8 months ago)	(sshd) Failed SSH login from 65.111.21.165 (BR/Brazil/-)	Brute-Force SSH
Anonymous	2024-11-30 20:17:18 (1 year ago)	Infected user bad webscan	Exploited Host
Anonymous	2024-10-30 13:38:30 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
Anonymous	2024-10-17 01:41:33 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
🇨🇿 lp	2024-10-03 17:24:31 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 65.111.21.165 2024-10-03T15:46:20+02: ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 65.111.21.165 2024-10-03T15:46:20+02:00 vpn Access-Reject 'xplas00' station: 65.111.21.165 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2024-09-24 23:36:45 (1 year ago)	WP Login Scan Activities	Web App Attack
Anonymous	2024-07-18 01:29:40 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 34.7.187.222

🇺🇸 3.232.39.98

🇳🇱 176.65.139.249

🇺🇸 163.245.217.198

🇺🇸 162.144.61.95

🇫🇷 82.66.118.40

🇬🇧 81.168.119.20

🇰🇿 45.8.117.100

🇮🇳 14.194.125.58

🇮🇳 187.127.173.14

🇧🇷 177.92.240.138

🇺🇸 162.216.150.82

🇭🇰 152.32.226.102

🇳🇱 138.226.239.11

🇺🇸 107.181.228.82

🇨🇳 101.87.29.92

🇨🇳 101.70.108.68

🇫🇷 91.231.89.244

🇺🇸 64.62.156.49

🇬🇧 35.203.210.23