JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.180.139

209.50.180.139 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 33%: ?

33%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.180.139

Whois 209.50.180.139

IP Abuse Reports for 209.50.180.139:

This IP address has been reported a total of 14 times from 10 distinct sources. 209.50.180.139 was first reported on October 10th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Victor López	2026-06-22 10:31:57 (1 day ago)	buscaempresas.co 209.50.180.139 - - [22/Jun/2026:05:29:40 -0500] "POST /wp-login.php HTTP/1.1" 404 7 ... show more buscaempresas.co 209.50.180.139 - - [22/Jun/2026:05:29:40 -0500] "POST /wp-login.php HTTP/1.1" 404 7699 "https://buscaempresas.co/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1; rv:120.0) Gecko/20100101 Firefox/120.0" buscaempresas.co 209.50.180.139 - - [22/Jun/2026:05:30:35 -0500] "POST /wp-login.php HTTP/1.1" 404 7699 "https://buscaempresas.co/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; rv:120.0) Gecko/20100101 Firefox/120.0" buscaempresas.co 209.50.180.139 - - [22/Jun/2026:05:31:57 -0500] "POST /wp-login.php HTTP/1.1" 404 7699 "https://buscaempresas.co/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; rv:120.0) Gecko/20100101 Firefox/120.0" ... show less	Hacking Web App Attack
🇫🇷 pm33	2026-06-20 03:17:48 (3 days ago)	Wordpress login attempts	Brute-Force
🇫🇷 ELYAZ	2026-06-18 19:35:50 (4 days ago)	(y4) Failed scan -byebye- from 209.50.180.139 (GB/United Kingdom/-): (CF_ENABLE)	Hacking
🇫🇷 ELYAZ	2026-06-17 09:42:20 (6 days ago)	(y4) Failed scan -byebye- from 209.50.180.139 (GB/United Kingdom/-): (CF_ENABLE)	Hacking
🇫🇷 pm33	2026-06-16 17:37:59 (6 days ago)	Wordpress login attempts	Brute-Force
🇬🇷 setupgr	2026-06-15 22:00:09 (1 week ago)	(mod_security) mod_security (id:900001) triggered by 209.50.180.139: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 209.50.180.139: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 16 01:00:03.800443 2026] [security2:error] [pid 1917071:tid 1917257] [client 209.50.180.139:38157] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.ions.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.ions.gr"] [uri "/wp-login.php"] [unique_id "ajB143brIXpbmq-1FoWmdwAAAQc"], referer: https://mail.ions.gr/wp-login.php show less	Port Scan
🇳🇿 billyborsht	2026-06-15 00:17:42 (1 week ago)	2026-06-15T12:17:41.189488+12:00 southern wordpress(leanpolicy.org)[792692]: Authentication attempt ... show more 2026-06-15T12:17:41.189488+12:00 southern wordpress(leanpolicy.org)[792692]: Authentication attempt for unknown user root from 209.50.180.139 ... show less	Hacking Web App Attack
🇬🇷 setupgr	2026-06-14 12:39:12 (1 week ago)	(mod_security) mod_security (id:900001) triggered by 209.50.180.139: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 209.50.180.139: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jun 14 15:39:09.915320 2026] [security2:error] [pid 921871:tid 921996] [client 209.50.180.139:39573] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.babis.photo"] [severity "CRITICAL"] [tag "security"] [hostname "mail.babis.photo"] [uri "/wp-login.php"] [unique_id "ai6g7e2clReoPvlJKlgTLAAAAME"], referer: https://mail.babis.photo/wp-login.php show less	Port Scan
🇺🇸 factor1	2026-06-13 09:51:41 (1 week ago)	Fail2ban at saturn Reports Abuse.	Brute-Force Web App Attack
🇬🇷 setupgr	2026-06-12 07:10:16 (1 week ago)	(mod_security) mod_security (id:900001) triggered by 209.50.180.139: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 209.50.180.139: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 10:10:15.922841 2026] [security2:error] [pid 104034:tid 104105] [client 209.50.180.139:47393] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: gyrosplace.gr"] [severity "CRITICAL"] [tag "security"] [hostname "gyrosplace.gr"] [uri "/wp-login.php"] [unique_id "aiuw11abcBA3ZH61lLfwuwAAAA4"], referer: https://gyrosplace.gr/wp-login.php show less	Port Scan
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:44 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-04 16:03:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.180.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.180.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 11:03:13.890984 2025] [security2:error] [pid 2206:tid 2226] [client 209.50.180.139:19989] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bodytherapies.us"] [uri "/.svn/wc.db"] [unique_id "aTGwwf8iLdtlPyBFWLrZxQAAAI8"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2025-10-11 11:25:43 (8 months ago)	Form spam	Web Spam
Anonymous	2025-10-10 08:19:53 (8 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 188.235.145.22

🇺🇸 184.105.247.232

🇷🇺 176.208.128.192

🇺🇸 172.82.210.10

🇮🇳 163.223.49.17

🇲🇾 102.211.234.171

🇺🇸 74.7.241.51

🇺🇸 64.62.156.187

🇭🇰 47.82.87.119

🇸🇬 43.160.246.215

🇯🇵 156.227.232.198

🇯🇵 118.194.228.101

🇳🇱 31.59.95.52

🇬🇧 193.163.125.99

🇺🇸 143.110.228.80

🇺🇸 64.62.156.90

🇷🇺 31.173.31.59

🇺🇸 23.19.216.7

🇳🇱 172.94.9.117

🇺🇸 165.227.82.94