JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.161.18

209.50.161.18 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 16%: ?

16%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.161.18

Whois 209.50.161.18

IP Abuse Reports for 209.50.161.18:

This IP address has been reported a total of 43 times from 16 distinct sources. 209.50.161.18 was first reported on September 28th 2025, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 securejdprop	2026-06-24 13:51:31 (5 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus D ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus DROP Listed Traffic Inbound group 64). Ip 209.50.161.18 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-24 13:51:30.656579352 +0000 UTC show less	Hacking Web App Attack
🇪🇸 librebit	2026-05-17 07:55:17 (1 month ago)	Brute force	Brute-Force
Anonymous	2026-05-12 23:45:27 (1 month ago)	Multiple failed login attemps RDS-Web-Access-Server	Brute-Force Web App Attack
🇺🇸 fbarela	2026-01-25 04:01:14 (4 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇫🇷 vtchost.com	2026-01-13 05:58:36 (5 months ago)	Bad HTTP request ...	Web App Attack
🇺🇸 Starburst SysOp Team	2026-01-13 03:10:02 (5 months ago)	(mod_security-custom) mod_security (id:210492) triggered by 209.50.161.18 (US/United States/Virginia ... show more (mod_security-custom) mod_security (id:210492) triggered by 209.50.161.18 (US/United States/Virginia/Ashburn/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:41 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇮🇹 VHosting	2025-12-23 15:55:23 (6 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
Anonymous	2025-12-15 14:27:49 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-12-09 07:19:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 02:19:47.964596 2025] [security2:error] [pid 23835:tid 23835] [client 209.50.161.18:18231] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bundrenfarmstn.com"] [uri "/.git/HEAD"] [unique_id "aTfNkxR3qg3ycFLAGMzqDwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 09:21:23 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 04:21:19.359792 2025] [security2:error] [pid 10092:tid 10092] [client 209.50.161.18:38117] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pastorjohndunning.com"] [uri "/.env"] [unique_id "aTaYj3e7bVXPNq6I4UxKLwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 02:57:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 21:57:28.367709 2025] [security2:error] [pid 4784:tid 4784] [client 209.50.161.18:40701] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nifeconsult.com"] [uri "/.git/HEAD"] [unique_id "aTY-mGw1zhplgvplQvkmMAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 Valhalla	2025-12-06 19:11:08 (6 months ago)	/.aws/credentials	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 16:51:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 11:51:19.496031 2025] [security2:error] [pid 16115:tid 16115] [client 209.50.161.18:21903] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "techamerica.net"] [uri "/.env"] [unique_id "aTRfB6DYgaCx773VdrxGDAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 10:55:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.161.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 05:55:17.758493 2025] [security2:error] [pid 1640:tid 1640] [client 209.50.161.18:30005] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "diegogamazo.com"] [uri "/.env"] [unique_id "aTK6FZWz4LvW2y0pZK8kNgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇷 2a02:4e0:2d22:1406:89ea:d05d:79c9:9318

🇹🇼 198.235.24.108

🇳🇱 195.178.110.228

🇷🇴 193.32.162.60

🇧🇴 181.188.148.74

🇫🇷 91.231.89.85

🇰🇷 47.80.29.108

🇳🇱 45.156.128.101

🇺🇸 20.168.122.88

🇰🇷 119.209.12.20

🇹🇭 114.131.130.11

🇳🇱 80.82.77.33

🇱🇹 45.227.254.170

🇺🇸 20.29.75.69

🇺🇸 2a02:4780:b:1709:0:ed7:3d45:1

🇺🇸 216.180.246.148

🇮🇳 117.219.14.193

🇹🇼 114.34.106.146

🇨🇳 111.26.95.126

🇷🇴 92.118.39.77