JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 136.0.180.50

136.0.180.50 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 37%: ?

37%

ISP	Ace Data Centers II, L.L.C.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS27411
Hostname(s)	136-0-180-50.ips.acedatacenter.com
Domain Name	acedatacenter.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 136.0.180.50

Whois 136.0.180.50

IP Abuse Reports for 136.0.180.50:

This IP address has been reported a total of 14 times from 7 distinct sources. 136.0.180.50 was first reported on January 15th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-28 22:05:32 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 22:44:45 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 18:44:13.699639 2026] [security2:error] [pid 10792:tid 10792] [client 136.0.180.50:43873] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.volollc.anthonyjoseph.us"] [uri "/sftp-config.json"] [unique_id "ahdzvdZfvgeHDnQYHhmJsAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 15:42:33 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210730) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 11:42:27.010697 2026] [security2:error] [pid 13816:tid 13816] [client 136.0.180.50:54641] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|fritsknuf.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "fritsknuf.com"] [uri "/db_backup.sql"] [unique_id "ahcQ4y-Y4FcWsf6rfr7cogAAAEo"], referer: https://www.google.com/search?q=fritsknuf.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2026-05-27 11:51:01 (1 week ago)	block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638	Bad Web Bot
🇦🇹 René Hickersberger	2026-05-27 02:15:10 (1 week ago)	malicious bot detected: violations="ignored-robots-policy"; user_agent="Mozilla/5.0 AppleWebKit/537. ... show more malicious bot detected: violations="ignored-robots-policy"; user_agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com/bot)" show less	Bad Web Bot
🇺🇸 Vano Ganzzz	2026-05-27 01:07:57 (1 week ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK ASN: 27411 (Leaseweb USA, Inc ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK ASN: 27411 (Leaseweb USA, Inc.) Protocol: HTTP/1.1 (GET method) Endpoint: /.env.production Timestamp: 2026-05-27T01:07:57Z Ray ID: a021202aac95111f UA: Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.6422.113 Mobile Safari/537.36 show less	Bad Web Bot
🇩🇪 HandyTreff.de	2026-05-26 18:22:18 (1 week ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -68.444 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -68.444 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.6422.11 show less	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-26 16:27:29 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 12:27:20.131679 2026] [security2:error] [pid 22156:tid 22156] [client 136.0.180.50:52769] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "needtoorder.us"] [uri "/.env.development.local"] [unique_id "ahXJ6E_SGSDDEBWxjnj3IwAAABA"], referer: https://www.google.com/search?q=needtoorder.us show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 16:02:55 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 11:02:48.849722 2026] [security2:error] [pid 17467:tid 17467] [client 136.0.180.50:40037] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php.txt"] [unique_id "aWuyqJSp5rsowtSwY74NwQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 18:05:02 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.co ... show more (mod_security) mod_security (id:211190) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:04:57.969618 2025] [security2:error] [pid 12486:tid 12543] [client 136.0.180.50:56981] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?p=3232&wp_automatic=download&link=file:///etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/"] [unique_id "aVLCyZEinm-CivtncBSYGQAAAVE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 08:59:02 (6 months ago)	(mod_security) mod_security (id:211190) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.co ... show more (mod_security) mod_security (id:211190) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 03:58:09.010902 2025] [security2:error] [pid 2554:tid 2554] [client 136.0.180.50:33451] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "aRWdoXLAWlG0bzooYUQwiAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:42:27 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210730) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:42:22.342678 2025] [security2:error] [pid 783496:tid 783517] [client 136.0.180.50:44161] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/translate.sql"] [unique_id "aIWD_kBIVxi3CeAsEkDxJQAAAU0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 17:26:04 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.co ... show more (mod_security) mod_security (id:211190) triggered by 136.0.180.50 (136-0-180-50.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:25:53.239144 2025] [security2:error] [pid 3069607:tid 3069607] [client 136.0.180.50:37189] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.farmers123.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.farmers123.com"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "aDiYoTRuMQVofO-ktWi12QAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-15 06:10:53 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.227

🇹🇼 198.235.24.57

🇩🇪 139.19.117.131

🇳🇱 91.92.42.243

🇺🇸 66.132.195.122

🇺🇸 20.84.117.55

🇷🇴 2.57.121.112

🇩🇪 213.209.159.158

🇨🇳 114.80.142.20

🇺🇸 100.29.192.100

🇵🇱 87.251.64.157

🇩🇪 69.5.169.201

🇨🇭 51.154.42.200

🇲🇾 47.250.54.17

🇫🇷 45.154.138.11

🇻🇳 14.176.134.246

🇹🇼 198.235.24.120

🇭🇰 185.227.153.56

🇵🇰 175.107.233.125

🇺🇸 172.253.221.19