JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 65.111.21.97

65.111.21.97 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 38%: ?

38%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 65.111.21.97

Whois 65.111.21.97

IP Abuse Reports for 65.111.21.97:

This IP address has been reported a total of 24 times from 15 distinct sources. 65.111.21.97 was first reported on July 8th 2024, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇹 Malta	2026-06-10 04:48:20 (21 hours ago)	65.111.21.97 - - [10/Jun/2026:06:48:19 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 65.111.21.97 - - [10/Jun/2026:06:48:19 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇺🇸 mnsf	2026-06-09 00:23:46 (2 days ago)	Login Too Frequent (6)	Brute-Force Web App Attack
🇦🇹 neo72	2026-06-02 07:50:17 (1 week ago)	Detected malicious activity - bulk block	Brute-Force Web App Attack
🇳🇱 wlt-blocker	2026-06-01 05:58:46 (1 week ago)	Unauthorized access to webpage admin	Web App Attack
🇫🇷 ELYAZ	2026-06-01 01:24:54 (1 week ago)	(y4) Failed scan -byebye- from 65.111.21.97 (BR/Brazil/-): (CF_ENABLE)	Hacking
Anonymous	2026-05-28 19:41:09 (1 week ago)	[server.tmg.gr] httpd-login-spray-site: sites=aidshep2019.gr; logs=/var/log/httpd/domains/aidshep201 ... show more [server.tmg.gr] httpd-login-spray-site: sites=aidshep2019.gr; logs=/var/log/httpd/domains/aidshep2019.gr.log; samples=site_wide=true \| distinct_ips=33 \| /wp-login.php show less	Hacking Web App Attack
🇳🇱 Mangelot Hosting	2025-11-01 17:34:39 (7 months ago)	(bad_user_agent) srv104 Bad User-Agent 65.111.21.97 (BR/Brazil/-): 10 in the last 3600 secs; Ports: ... show more (bad_user_agent) srv104 Bad User-Agent 65.111.21.97 (BR/Brazil/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 TPI-Abuse	2025-10-10 13:22:58 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 65.111.21.97 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 65.111.21.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 10 09:22:54.573201 2025] [security2:error] [pid 30543:tid 30543] [client 65.111.21.97:33667] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|beautyradio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "beautyradio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aOkIrt_ShH_xEvyNVH86owAAABs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2024-12-17 00:02:33 (1 year ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2024-12-14 19:42:11 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 65.111.21.97 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 65.111.21.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 14 14:42:07.968813 2024] [security2:error] [pid 19349:tid 19349] [client 65.111.21.97:54935] [client 65.111.21.97] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|hpepaper.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hpepaper.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z13fjwFAjgBaNBzKoY37hgAAAAc"], referer: https://hpepaper.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 lp	2024-11-25 12:01:44 (1 year ago)	Unauthorized VPN login attempts: 2 attempts were recorded from 65.111.21.97 2024-11-25T12:05:06+01:0 ... show more Unauthorized VPN login attempts: 2 attempts were recorded from 65.111.21.97 2024-11-25T12:05:06+01:00 vpn Access-Reject 'fiala' station: 65.111.21.97 auth-type: PAP realm: vse.cz nas: <redacted> called: <redacted> => address-pool: zam_pool msg: '<redacted>' 2024-11-25T12:05:48+01:00 vpn Access-Reject 'jablon' station: 65.111.21.97 auth-type: PAP realm: vse.cz nas: <redacted> called: <redacted> => address-pool: zam_pool msg: '<redacted>' show less	Brute-Force Web App Attack
Anonymous	2024-11-18 12:31:23 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
Anonymous	2024-11-17 00:26:58 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
🇺🇸 PulseServers	2024-11-10 00:51:19 (1 year ago)	Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com ... show more Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com - ISUS1 ... show less	DDoS Attack Exploited Host
🇺🇸 PulseServers	2024-11-09 03:25:09 (1 year ago)	Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com ... show more Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com - ISUS2 ... show less	DDoS Attack Exploited Host

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 118.212.122.24

🇸🇬 47.84.230.203

🇺🇸 216.25.89.125

🇧🇷 205.210.31.214

🇭🇰 154.221.20.92

🇨🇳 123.160.175.194

🇵🇭 120.28.216.36

🇨🇳 117.14.115.200

🇨🇳 106.117.109.215

🇨🇳 101.249.63.245

🇫🇷 84.247.129.208

🇱🇹 77.90.185.207

🇺🇸 54.91.180.173

🇩🇪 52.28.16.197

🇮🇳 45.40.57.172

🇨🇳 43.248.108.148

🇮🇳 43.225.164.6

🇸🇬 43.156.136.152

🇹🇼 35.194.141.75

🇺🇸 205.210.31.101