JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.180.230

209.50.180.230 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.180.230

Whois 209.50.180.230

IP Abuse Reports for 209.50.180.230:

This IP address has been reported a total of 7 times from 5 distinct sources. 209.50.180.230 was first reported on October 10th 2025, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-23 03:53:57 (2 hours ago)	Web App Attack	Web App Attack
🇨🇳 ThreatBook.io	2026-05-10 23:45:25 (1 month ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/209.50.180.230 2026-0 ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/209.50.180.230 2026-05-10 13:10:26 /console/login/LoginForm.jsp 2026-05-10 13:10:32 /management/tenant-monitoring/servers 2026-05-10 13:10:36 /config/config.xml 2026-05-10 13:10:28 /weblogic/ready 2026-05-10 13:10:38 /wls-wsat/CoordinatorPortType show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:39:48 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.180.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.180.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:39:40.561818 2025] [security2:error] [pid 3965261:tid 3965323] [client 209.50.180.230:15457] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.strengthsmatter.com"] [uri "/.env"] [unique_id "aSPhjB7XGNzpCBYjvUvi0QAAAlg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:13:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.180.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.180.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:13:22.803519 2025] [security2:error] [pid 19672:tid 19672] [client 209.50.180.230:9615] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.npcsouthernclassic.com"] [uri "/.svn/wc.db"] [unique_id "aSPbYuO8Wqs9v5SKNtGjvwAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 london2038.com	2025-10-27 13:05:10 (7 months ago)	Connection atttempts against closed TCP ports Oct 27 14:05:07 BLOCK SRC=209.50.180.230 LEN=60 TOS=0x ... show more Connection atttempts against closed TCP ports Oct 27 14:05:07 BLOCK SRC=209.50.180.230 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=3327 DF PROTO=TCP SPT=23145 DPT=22 WINDOW=64240 RES=0x00 SYN Oct 27 14:05:08 BLOCK SRC=209.50.180.230 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=3328 DF PROTO=TCP SPT=23145 DPT=22 WINDOW=64240 RES=0x00 SYN Oct 27 14:05:09 BLOCK SRC=209.50.180.230 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=3329 DF PROTO=TCP SPT=23145 DPT=22 WINDOW=64240 RES=0x00 SYN show less	Port Scan
Anonymous	2025-10-24 05:12:03 (7 months ago)	(sshd) Failed SSH login from 209.50.180.230 (GB/United Kingdom/-)	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-10-10 20:24:22 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 209.50.180.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 209.50.180.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 10 16:24:15.761105 2025] [security2:error] [pid 9416:tid 9420] [client 209.50.180.230:57677] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|killyourattitude.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "killyourattitude.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aOlrbwonKwOrG4eOCDerlwAAAAI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 200.26.188.219

🇧🇪 198.235.24.206

🇲🇴 182.93.7.194

🇫🇮 178.20.210.208

🇩🇴 152.166.145.205

🇮🇹 151.95.107.227

🇮🇹 95.229.5.248

🇺🇸 84.21.190.140

🇵🇱 31.182.220.15

🇮🇳 223.196.174.143

🇮🇩 180.243.177.224

🇺🇸 107.151.196.205

🇲🇦 105.158.19.173

🇰🇪 102.0.20.194

🇱🇻 81.30.98.44

🇷🇺 80.253.31.232

🇺🇸 52.20.198.190

🇧🇷 45.205.1.247

🇳🇱 45.148.10.151

🇺🇸 209.46.125.221