JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.164.85

209.50.164.85 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 12%: ?

12%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.164.85

Whois 209.50.164.85

IP Abuse Reports for 209.50.164.85:

This IP address has been reported a total of 23 times from 12 distinct sources. 209.50.164.85 was first reported on September 28th 2025, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-05 17:05:42 (14 hours ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇺🇸 mnsf	2026-06-01 14:06:49 (4 days ago)	Scanning/Probing (34)	Brute-Force Web App Attack
🇫🇮 inlink.ltd	2026-05-19 22:30:17 (2 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
Anonymous	2025-11-30 20:04:55 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-25 07:26:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:26:19.674173 2025] [security2:error] [pid 27089:tid 27089] [client 209.50.164.85:52989] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.slc.com.gt"] [uri "/.env"] [unique_id "aSVaG274D1HgLjc3XnmZpwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:07:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:07:22.893295 2025] [security2:error] [pid 23919:tid 23919] [client 209.50.164.85:14199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.designsbyyvonne.net"] [uri "/.env"] [unique_id "aSU5igLWOJfvaMOKTkZ1wgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:36:48 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:36:43.150396 2025] [security2:error] [pid 20810:tid 20810] [client 209.50.164.85:48063] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.marthasvineyardweddingideas.com"] [uri "/.git/HEAD"] [unique_id "aSUkS_6EFRUjpVCLkFLqRwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:39:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:39:17.642083 2025] [security2:error] [pid 1898:tid 1898] [client 209.50.164.85:41103] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.lendren.com"] [uri "/.git/HEAD"] [unique_id "aSUW1ccdSgo-W_OJurG0ggAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:10:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.164.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:10:53.141755 2025] [security2:error] [pid 10674:tid 10674] [client 209.50.164.85:24615] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.rocksolidhomebuilders.com"] [uri "/.svn/wc.db"] [unique_id "aSUQLdLiPxhfmg3IIeaFSgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-13 20:40:53 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-02 18:05:23 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:30:07	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-11-01 23:05:58 (7 months ago)	[redacted] 209.50.164.85 - - [02/Nov/2025:00:05:43 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "M ... show more [redacted] 209.50.164.85 - - [02/Nov/2025:00:05:43 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36" [redacted] 209.50.164.85 - - [02/Nov/2025:00:05:46 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36" [redacted] 209.50.164.85 - - [02/Nov/2025:00:05:47 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:48.0) Gecko/20100101 Firefox/48.0" [redacted] 209.50.164.85 - - [02/Nov/2025:00:05:48 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.1 Safari/605.1.15" [redacted] 209.50.164.85 - - [02/Nov/2025:00:05:49 +0100] "POST /xmlrpc.php HTTP/2.0 ... show less	Hacking Web App Attack
🇫🇷 applemooz	2025-11-01 10:41:55 (7 months ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
Anonymous	2025-10-30 14:15:08 (7 months ago)	WordPress Brute Force	Brute-Force
🇩🇪 Marc	2025-10-29 19:15:22 (7 months ago)		Brute-Force Web App Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇷 181.0.214.136

🇺🇸 167.89.3.71

🇺🇸 165.154.254.143

🇺🇸 162.216.149.13

🇸🇬 162.158.88.127

🇨🇦 154.3.163.26

🇺🇸 99.92.204.98

🇳🇱 45.148.10.157

🇬🇧 35.203.210.196

🇨🇳 14.103.34.138

🇨🇳 218.21.250.151

🇺🇸 207.90.244.12

🇧🇷 205.210.31.219

🇺🇸 205.210.31.73

🇳🇱 204.76.203.81

🇭🇰 203.198.173.137

🇨🇳 182.150.58.250

🇸🇬 162.158.88.170

🇵🇭 136.158.102.13

🇳🇱 85.121.127.124