JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.166.60

209.50.166.60 was found in our database!

This IP was reported 52 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.166.60

Whois 209.50.166.60

IP Abuse Reports for 209.50.166.60:

This IP address has been reported a total of 52 times from 19 distinct sources. 209.50.166.60 was first reported on September 26th 2025, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-05-31 21:26:51 (5 days ago)	5.444 requests with url.path */xmlrpc.php 5.444 requests with url.path //xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 cyfordtechnologies.com	2026-05-01 19:27:34 (1 month ago)	High-abuse ASN prefix: 209.50. : Reported by Cyford API	Web App Attack
🇺🇸 cyfordtechnologies.com	2026-03-24 23:02:58 (2 months ago)	High-abuse ASN prefix: 209.50. : Reported by Cyford API	Web App Attack
🇦🇺 oncord	2026-03-14 13:16:42 (2 months ago)	Form spam	Web Spam
🇦🇺 MAGIC	2026-03-06 01:01:59 (3 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-10 03:15:57 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 22:15:52.326765 2026] [security2:error] [pid 2393:tid 2393] [client 209.50.166.60:34315] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "maem.cloud"] [uri "/.env"] [unique_id "aYqi6OTpv4iDZqHwrXKC_QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 00:35:14 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 19:35:01.079337 2026] [security2:error] [pid 21387:tid 21387] [client 209.50.166.60:46065] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kevinfranz.com"] [uri "/backup/.git/config"] [unique_id "aYp9NRr7bhJsJvzNDTwGOAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-09 20:06:31 (3 months ago)	Blocking for trying to access an exploit file: /site/.git/config	Hacking
🇩🇪 F242	2026-01-30 05:30:50 (4 months ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇬🇧 openstrike.co.uk	2025-12-22 08:49:10 (5 months ago)	9 packets to port 2083	Port Scan
🇨🇭 backslash	2025-12-07 01:05:03 (5 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-24 09:19:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:18:59.976657 2025] [security2:error] [pid 3780961:tid 3780961] [client 209.50.166.60:16235] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "automotive.smogsandiego.com"] [uri "/.env"] [unique_id "aSQjA3B_2BYUGQ4IWNBGhAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:02:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:02:46.938963 2025] [security2:error] [pid 31274:tid 31274] [client 209.50.166.60:16885] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.rlharmongroup.com"] [uri "/.git/HEAD"] [unique_id "aSQfNlYv--KBAON4sPUXHwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:44:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:43:59.444426 2025] [security2:error] [pid 11271:tid 11271] [client 209.50.166.60:30201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.monteriggioni.net"] [uri "/.svn/wc.db"] [unique_id "aSQaz9VZFWIfnW36SwJXcwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:01:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.166.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:01:09.052606 2025] [security2:error] [pid 4130:tid 4130] [client 209.50.166.60:16671] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bb103.us"] [uri "/.env"] [unique_id "aSQQxUvRsESZfx0W12QvkQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 52 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.138

🇸🇬 206.189.81.2

🇨🇳 113.249.101.175

🇳🇵 36.253.9.128

🇩🇪 213.209.159.56

🇸🇬 165.154.236.104

🇿🇦 102.37.220.188

🇷🇺 79.104.0.82

🇬🇧 45.82.76.135

🇸🇬 34.21.242.214

🇬🇧 185.247.137.133

🇷🇺 128.71.112.46

🇧🇩 103.174.50.49

🇰🇿 95.59.244.67

🇲🇦 81.192.46.32

🇨🇲 2605:59c0:1e9a:9008:a1de:f950:9612:5865

🇺🇸 165.154.255.26

🇫🇷 163.5.241.66

🇹🇼 111.70.22.154

🇺🇸 107.173.85.31