JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.21.30

65.111.21.30 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 31%: ?

31%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.21.30

Whois 65.111.21.30

IP Abuse Reports for 65.111.21.30:

This IP address has been reported a total of 20 times from 11 distinct sources. 65.111.21.30 was first reported on October 12th 2024, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 poundawebsiteltd	2026-06-14 07:29:46 (8 hours ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.21.30 - - [14/Jun/2026:08:29:31 +0100] PO ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 65.111.21.30 - - [14/Jun/2026:08:29:31 +0100] POST /wp-login.php HTTP/1.1 301 3362 https://[REDACTED_DOMAIN]/wp-login.php Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 show less	Web App Attack
Anonymous	2026-06-12 15:24:15 (2 days ago)	Failed Wordpress Logins	Web App Attack
🇬🇷 setupgr	2026-06-12 00:55:36 (2 days ago)	(mod_security) mod_security (id:900001) triggered by 65.111.21.30: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 65.111.21.30: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 03:55:36.192993 2026] [security2:error] [pid 52836:tid 52998] [client 65.111.21.30:16601] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: tavernadimitris.com"] [severity "CRITICAL"] [tag "security"] [hostname "tavernadimitris.com"] [uri "/wp-login.php"] [unique_id "aitZCLpBQysRnUxz414DpgAAAFc"], referer: https://tavernadimitris.com/wp-login.php show less	Port Scan
🇲🇽 octageeks.com	2026-06-11 04:12:39 (3 days ago)	Wordpress malicious attack:[octaflood]	Web App Attack
Anonymous	2026-06-10 00:10:48 (4 days ago)	[ns31.kdns.gr] httpd-login-spray-site: sites=inpv.gr; logs=/var/log/httpd/domains/inpv.gr.log; sampl ... show more [ns31.kdns.gr] httpd-login-spray-site: sites=inpv.gr; logs=/var/log/httpd/domains/inpv.gr.log; samples=site_wide=true \| distinct_ips=50 \| /wp-login.php show less	Hacking Web App Attack
🇨🇭 backslash	2025-12-25 05:40:03 (5 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-24 19:05:44 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 24 14:05:40.923602 2025] [security2:error] [pid 32133:tid 32133] [client 65.111.21.30:38499] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gonzalez.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gonzalez.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aUw5hEMwr9BLx6DcYnIaWQAAAA0"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:56:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:56:00.160681 2025] [security2:error] [pid 25245:tid 25245] [client 65.111.21.30:17381] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kontikimotorcycles.com"] [uri "/.env"] [unique_id "aSQdoL_tqlL9C-IqXcNNQwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:47:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:47:41.853295 2025] [security2:error] [pid 12103:tid 12157] [client 65.111.21.30:53253] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.torreymanagement.com"] [uri "/.git/HEAD"] [unique_id "aSQNned3pxroRSWDTtpuVAAAANg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:20:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:20:37.661607 2025] [security2:error] [pid 3556:tid 3556] [client 65.111.21.30:15325] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.guardiancns.com"] [uri "/.svn/wc.db"] [unique_id "aSQHRR2fIRwUzhoZ-rUpowAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-24 04:45:55 (6 months ago)	Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing ... show more Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:35:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:35:47.248508 2025] [security2:error] [pid 3297843:tid 3297843] [client 65.111.21.30:39799] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.teeandpanteeshop.srtmanagementservices.com"] [uri "/.env"] [unique_id "aSPgo9tmk1Pnb1gd1U01xQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-02 21:40:52 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:24:10	Port Scan Brute-Force Exploited Host Web App Attack
🇬🇧 openstrike.co.uk	2025-10-18 09:23:45 (7 months ago)	12 packets to port 22	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-02-09 02:44:01 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 65.111.21.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 08 21:43:55.796004 2025] [security2:error] [pid 23083:tid 23117] [client 65.111.21.30:13081] [client 65.111.21.30] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|kwainet.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kwainet.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z6gWa2jZNsbCtNG08KuukAAAAMo"], referer: https://kwainet.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 195.178.191.5

🇫🇷 195.83.2.34

🇳🇱 193.176.31.252

🇹🇼 111.70.29.130

🇷🇴 80.94.92.165

🇺🇸 74.125.181.145

🇺🇸 66.132.195.18

🇺🇸 65.49.1.114

🇸🇬 47.79.11.168

🇳🇱 34.158.97.46

🇺🇸 18.216.20.213

🇺🇸 2607:f8b0:400e:c09::12d

🇬🇧 194.50.235.151

🇬🇧 185.247.137.193

🇮🇳 183.82.144.142

🇳🇵 103.189.161.37

🇷🇺 92.100.16.28

🇪🇪 90.190.215.203

🇺🇸 64.62.156.42

🇷🇴 2.57.122.238