JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.201.50.160

138.201.50.160 was found in our database!

This IP was reported 469 times. Confidence of Abuse is 93%: ?

93%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	server.3hand.net
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.201.50.160

Whois 138.201.50.160

IP Abuse Reports for 138.201.50.160:

This IP address has been reported a total of 469 times from 159 distinct sources. 138.201.50.160 was first reported on October 2nd 2025, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-18 16:50:13 (1 hour ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 20:31:19 (21 hours ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 16:31:12.718144 2026] [security2:error] [pid 23141:tid 23141] [client 138.201.50.160:9058] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.benchmarkbcs.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.benchmarkbcs.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajMEEKrFSPz8phuBad9jfQAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 NotCool	2026-06-17 09:36:37 (1 day ago)	[7200] (WPLOGIN,XMLRPC) Login failure/trigger from 138.201.50.160 (DE/Germany/server.3hand.net): 50 ... show more [7200] (WPLOGIN,XMLRPC) Login failure/trigger from 138.201.50.160 (DE/Germany/server.3hand.net): 50 in the last 3600 secs show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-17 05:07:31 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 01:07:26.553767 2026] [security2:error] [pid 27454:tid 27454] [client 138.201.50.160:42246] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.nypatriotcards.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nypatriotcards.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajIrjmU6l8i7vWOLWrvczAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 01:42:35 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 21:42:28.836859 2026] [security2:error] [pid 10113:tid 10113] [client 138.201.50.160:26100] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.energycapitalinvestments.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.energycapitalinvestments.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajH7hBAkAlAG-_av_0syswAAADw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 19:52:14 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 15:52:08.558639 2026] [security2:error] [pid 1475:tid 1475] [client 138.201.50.160:17712] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.disio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.disio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajGpaGRyItpulVLSFOtiigAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 09:28:50 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 05:28:46.615986 2026] [security2:error] [pid 12785:tid 12785] [client 138.201.50.160:32506] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.cliniquecavalancia.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cliniquecavalancia.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajEXTv7fzS43_dj1y3Y70QAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 04:55:59 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 00:55:54.381900 2026] [security2:error] [pid 12361:tid 12361] [client 138.201.50.160:35586] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.bickleton.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bickleton.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajDXWtwb7StvecPrczCpCQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 00:44:58 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 20:44:51.967819 2026] [security2:error] [pid 5763:tid 5763] [client 138.201.50.160:61916] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.speedysremodeling.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.speedysremodeling.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajCcg6toFvrwENeMq6nJUQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 00:25:59 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 20:25:51.522782 2026] [security2:error] [pid 19840:tid 19840] [client 138.201.50.160:24194] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.kaylamaclaincounseling.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.kaylamaclaincounseling.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajCYDwUv2GrhBPZ7-80IkQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 22:17:40 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 18:17:34.047883 2026] [security2:error] [pid 19910:tid 19910] [client 138.201.50.160:40626] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.crep-psych.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.crep-psych.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajB5_ripY7FVZo3CHedM_wAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 21:58:59 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the las ... show more (mod_security) mod_security (id:225170) triggered by 138.201.50.160 (server.3hand.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 17:58:55.155829 2026] [security2:error] [pid 662:tid 662] [client 138.201.50.160:19556] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.cienmalos.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cienmalos.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajB1nzXctqBf69DXBBm7WwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-04 20:25:57 (1 week ago)	Failed Wordpress Logins	Web App Attack
🇺🇸 xmission.com	2026-06-01 01:24:42 (2 weeks ago)	Blocked 12 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 12 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam
🇺🇸 xmission.com	2026-05-31 17:14:42 (2 weeks ago)	Blocked 14 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 14 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam

Showing 1 to 15 of 469 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.95

🇳🇱 195.178.110.157

🇨🇳 171.83.60.120

🇺🇸 154.83.197.212

🇺🇸 45.63.4.69

🇫🇷 2001:41d0:33a:a00::40d

🇸🇬 188.166.251.103

🇸🇬 172.188.89.41

🇹🇭 122.154.74.204

🇯🇵 103.147.14.125

🇺🇸 68.67.112.218

🇮🇳 66.116.224.161

🇪🇸 62.93.179.154

🇺🇸 44.192.109.81

🇸🇬 43.134.96.24

🇺🇸 40.124.120.41

🇺🇸 34.23.37.255

🇹🇷 31.145.131.202

🇺🇸 20.163.15.141

🇷🇺 193.31.101.49