JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.165.220

209.50.165.220 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 23%: ?

23%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.165.220

Whois 209.50.165.220

IP Abuse Reports for 209.50.165.220:

This IP address has been reported a total of 36 times from 19 distinct sources. 209.50.165.220 was first reported on September 26th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 dispaisyenterprises	2026-06-11 00:05:20 (1 week ago)	Honeypot [fra-de-honeypot]: MSSQL traffic (on 1433) without login credentials Reported by DisPaisy E ... show more Honeypot [fra-de-honeypot]: MSSQL traffic (on 1433) without login credentials Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇪🇸 librebit	2026-06-06 07:43:31 (2 weeks ago)	Brute force	Brute-Force
🇫🇷 MatStef132	2026-05-19 21:18:22 (1 month ago)	MatShield L7: blocked on mathost.eu (click-id-direct-nav)	DDoS Attack
🇳🇱 MatStef132	2026-05-19 21:05:47 (1 month ago)	MatShield L7: blocked on anonymous (ua-quarantined)	Bad Web Bot
🇳🇱 MatStef132	2026-05-19 20:59:02 (1 month ago)	MatShield L7: blocked on dstat.selify.io (click-id-direct-nav)	DDoS Attack
🇫🇷 MatStef132	2026-05-19 20:55:42 (1 month ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇳🇱 MatStef132	2026-05-16 13:11:52 (1 month ago)	MatShield L7: blocked on justchat.icu (chrome-ua-hint-missing)	DDoS Attack
🇳🇱 MatStef132	2026-05-15 13:30:00 (1 month ago)	MatShield L7 blocked request to fivemtest.mathost.eu for reason ua-q	DDoS Attack Bad Web Bot Web App Attack
🇫🇷 MatStef132	2026-05-14 21:32:37 (1 month ago)	[mathost.eu] ua-q	DDoS Attack Bad Web Bot Web App Attack
🇩🇪 4server	2026-05-13 13:04:45 (1 month ago)	[WedMay1315:04:41.9370672026][security2:error][pid1725163:tid1725202][client209.50.165.220:0]ModSecu ... show more [WedMay1315:04:41.9370672026][security2:error][pid1725163:tid1725202][client209.50.165.220:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Stringmatchwithin\".asa/.asax/.ascx/.backup/.bak/.bat/.cdx/.cer/.cfg/.cmd/.com/.config/.conf/.cs/.csproj/.csr/.dat/.db/.dbf/.dll/.dos/.htr/.htw/.ida/.idc/.idq/.inc/.ini/.key/.licx/.lnk/.log/.mdb/.old/.pass/.pdb/.pol/.printer/.pwd/.rdb/.resources/.resx/.sql/.swp/.sys/.vb/.vbs/.vbproj/.vsdisco/.webinfo/.xsx/\"atTX:extension.[file\"/etc/apache2/conf.d/modsec_rules/00_asl_zz_strict.conf\"][line\"91\"][id\"390716\"][rev\"2\"][msg\"Atomicorp.comWAFRules:URLfileextensionisrestrictedbypolicy\"][data\".db\"][severity\"ERROR\"][hostname\"titancapital.ch\"][uri\"/.svn/wc.db\"][unique_id\"agR26f1K6GEz-zwKJpPanwAAAEM\"] show less	Port Scan Brute-Force Web App Attack
🇪🇸 el-brujo	2026-04-28 15:44:20 (1 month ago)	Cloudflare WAF: Request Path: /123456 Request Query: ?utm_content=1777391060245562162 Host: elhacker ... show more Cloudflare WAF: Request Path: /123456 Request Query: ?utm_content=1777391060245562162 Host: elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.130 Safari/537.36 Action: block Source: ratelimit ASN Description: 3xK Tech GmbH Country: US Method: GET Timestamp: 2026-04-28T15:44:20Z ruleId: 11a71ad4659e48b29b5173e3bcc61b4a. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇫🇮 as211431.net	2026-02-12 07:37:58 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /admin/.git/config UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-10 01:34:40 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.165.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.165.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 20:34:33.336244 2026] [security2:error] [pid 21263:tid 21263] [client 209.50.165.220:47973] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "khovanov.com"] [uri "/config/.env"] [unique_id "aYqLKcb6v7tPEtZJ7OxGlAAAAG8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 23:58:43 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.165.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.165.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 18:58:39.889908 2026] [security2:error] [pid 18143:tid 18143] [client 209.50.165.220:22771] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kennythompson.com"] [uri "/.env"] [unique_id "aYp0r7ZwPnM2T01K0UAHFQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 23:14:52 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.165.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.165.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 18:14:47.457189 2026] [security2:error] [pid 7513:tid 7513] [client 209.50.165.220:15979] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "keepaustinnuts.com"] [uri "/.env"] [unique_id "aYpqZxbCrFwSjQxPhZFL2wAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.141

🇳🇱 93.174.95.106

🇱🇹 81.30.98.142

🇺🇸 64.227.30.120

🇧🇭 37.131.111.149

🇺🇸 20.46.231.161

🇺🇸 2604:a880:400:d1:0:4:9e8e:6001

🇧🇷 200.217.87.154

🇺🇸 198.199.88.161

🇺🇸 172.253.9.156

🇺🇸 172.81.62.90

🇯🇵 146.70.201.108

🇻🇳 116.101.123.227

🇮🇳 103.101.110.142

🇺🇸 69.229.227.44

🇩🇪 69.5.169.204

🇩🇪 54.93.84.48

🇷🇺 45.88.210.203

🇧🇷 20.226.42.95

🇺🇸 20.65.193.199