JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.180.165

209.50.180.165 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 49%: ?

49%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.180.165

Whois 209.50.180.165

IP Abuse Reports for 209.50.180.165:

This IP address has been reported a total of 24 times from 17 distinct sources. 209.50.180.165 was first reported on October 29th 2025, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tecnicorioja	2026-06-23 22:00:55 (4 hours ago)	wp-login attack [23/Jun/2026:17:30:09	Brute-Force Web App Attack
🇬🇧 poundawebsiteltd	2026-06-22 09:24:00 (1 day ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 209.50.180.165 - - [22/Jun/2026:10:23:53 +0100] ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 209.50.180.165 - - [22/Jun/2026:10:23:53 +0100] POST /wp-login.php HTTP/1.1 200 6736 https://[REDACTED_DOMAIN]/wp-login.php Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15 show less	Web App Attack
🇫🇷 ELYAZ	2026-06-20 21:47:09 (3 days ago)	(y4) Failed scan -byebye- from 209.50.180.165 (GB/United Kingdom/-): (CF_ENABLE)	Hacking
🇫🇷 pm33	2026-06-20 03:16:14 (3 days ago)	Wordpress login attempts	Brute-Force
🇫🇷 ELYAZ	2026-06-18 19:35:24 (5 days ago)	(y4) Failed scan -byebye- from 209.50.180.165 (GB/United Kingdom/-): (CF_ENABLE)	Hacking
🇫🇷 mrcrassi	2026-06-17 16:05:33 (6 days ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇬🇷 setupgr	2026-06-16 23:05:23 (1 week ago)	(mod_security) mod_security (id:900001) triggered by 209.50.180.165: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 209.50.180.165: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Wed Jun 17 02:05:22.798378 2026] [security2:error] [pid 2210176:tid 2210278] [client 209.50.180.165:61791] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: asteriassantorini.com"] [severity "CRITICAL"] [tag "security"] [hostname "asteriassantorini.com"] [uri "/wp-login.php"] [unique_id "ajHWso0pb6dkgQfaMdDSuwAAARc"], referer: https://asteriassantorini.com/wp-login.php show less	Port Scan
🇲🇹 Malta	2026-06-14 17:34:34 (1 week ago)	209.50.180.165 - - [14/Jun/2026:19:34:34 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintos ... show more 209.50.180.165 - - [14/Jun/2026:19:34:34 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇺🇸 lostswordfish.com	2026-06-13 08:14:06 (1 week ago)	Wordfence waf block on parsol	Web App Attack
🇮🇩 zam	2026-06-11 20:08:38 (1 week ago)	209.50.180.165 - - [11/Jun/2026:20:08:10 +0000] "POST /wp-login.php HTTP/1.1" 301 277	Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 04:27:29 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 23:27:22.864074 2026] [security2:error] [pid 22437:tid 22437] [client 209.50.180.165:38781] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kmashburn.com"] [uri "/admin/.env"] [unique_id "aZaRKvmsO6_f-YlUgfrrKQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 02:11:21 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 21:11:18.480767 2026] [security2:error] [pid 2747903:tid 2747903] [client 209.50.180.165:37035] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kathiekate.com"] [uri "/v2/.git/config"] [unique_id "aZZxRnBb05aiq47Lr1P32QAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 22:11:41 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 17:11:34.800500 2026] [security2:error] [pid 17209:tid 17304] [client 209.50.180.165:19579] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "upperwilds.com"] [uri "/.env.production"] [unique_id "aZY5FoEOLnuQeE-oPoeFzQAAAkA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 21:40:51 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 16:40:47.364364 2026] [security2:error] [pid 4817:tid 4835] [client 209.50.180.165:47689] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ultimate-billiards.com"] [uri "/.env.production"] [unique_id "aZYx31phMObGR2uq3JdgQgAAAE0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 20:32:55 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.180.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 15:32:47.468742 2026] [security2:error] [pid 16064:tid 16064] [client 209.50.180.165:35079] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trigonom.com"] [uri "/.env.staging"] [unique_id "aZYh78gRYPmZWjRNKEbNPQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇻 81.30.98.44

🇨🇳 218.64.60.122

🇺🇸 216.237.199.79

🇺🇸 107.172.58.36

🇺🇸 71.173.196.72

🇺🇸 50.46.141.125

🇷🇺 46.158.39.208

🇳🇱 45.148.10.200

🇻🇳 45.119.81.245

🇮🇩 36.64.131.68

🇺🇸 216.180.246.126

🇨🇳 182.245.254.127

🇺🇸 162.216.150.169

🇨🇦 149.22.82.32

🇮🇩 103.168.135.187

🇹🇷 103.83.86.43

🇻🇳 103.77.215.69

🇳🇱 92.112.126.183

🇳🇱 81.19.216.93

🇺🇸 65.49.1.109