JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.168.225

209.50.168.225 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 10%: ?

10%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.168.225

Whois 209.50.168.225

IP Abuse Reports for 209.50.168.225:

This IP address has been reported a total of 37 times from 18 distinct sources. 209.50.168.225 was first reported on September 28th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 MusicLibrary	2026-06-10 18:32:35 (1 week ago)	Attempted access to sensitive configuration files (.env, .git, etc.)	Bad Web Bot Web App Attack
🇪🇸 librebit	2026-05-17 04:54:56 (1 month ago)	Brute force	Brute-Force
🇺🇸 cyfordtechnologies.com	2026-03-09 16:26:48 (3 months ago)	High-abuse ASN prefix: 209.50. : Reported by Cyford API	Web App Attack
🇺🇸 TPI-Abuse	2026-01-20 21:40:13 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 16:39:48.084333 2026] [security2:error] [pid 1834534:tid 1834534] [client 209.50.168.225:21769] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sandiegobeachrentals.com"] [uri "/.git/HEAD"] [unique_id "aW_2JBuJbwUzV6H00EOitQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-20 19:30:01 (4 months ago)	File repository snooping: 209.50.168.225 - - [20/Jan/2026:19:20:50 +0000] "GET /.git/HEAD HTTP/1.1" ... show more File repository snooping: 209.50.168.225 - - [20/Jan/2026:19:20:50 +0000] "GET /.git/HEAD HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇫🇷 tecnicorioja	2026-01-15 23:00:11 (5 months ago)	wp-login attack [15/Jan/2026:14:56:16	Brute-Force Web App Attack
Anonymous	2025-12-14 21:59:58 (6 months ago)	botnet	DDoS Attack
🇫🇮 Shaik Sai Meera	2025-12-11 05:00:11 (6 months ago)	IM360 WAF: Hidden file access	Brute-Force
🇵🇱 sefinek.net	2025-12-11 01:38:47 (6 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.svn/wc.db UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 OceanTreasure	2025-12-10 10:55:10 (6 months ago)	tcp/443; Probing for exposed Subversion repository database files: "GET /.svn/wc.db" @ 2025-12-10T10 ... show more tcp/443; Probing for exposed Subversion repository database files: "GET /.svn/wc.db" @ 2025-12-10T10:51:03Z [proxy] show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 23:20:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 18:19:57.825556 2025] [security2:error] [pid 28234:tid 28234] [client 209.50.168.225:18219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "love-n-promises.com"] [uri "/.env"] [unique_id "aTddHe2Jw7LxgeYKkXQA3wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 16:26:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 11:26:42.643724 2025] [security2:error] [pid 21461:tid 21461] [client 209.50.168.225:34217] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ohioaci.org"] [uri "/.svn/wc.db"] [unique_id "aTWqwtvDTPXN_RcJdZm4pAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 14:38:39 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 09:38:36.046551 2025] [security2:error] [pid 27923:tid 27923] [client 209.50.168.225:29941] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pondplain.org"] [uri "/.git/HEAD"] [unique_id "aTWRbK--RwtMbzhFyP9QMAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2025-12-07 04:54:46 (6 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.aws/credentials (Rule ID: 930130) - Restricted File Access Attempt show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 19:36:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.168.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 14:36:50.291564 2025] [security2:error] [pid 394:tid 394] [client 209.50.168.225:34321] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "handankoc.net"] [uri "/.svn/wc.db"] [unique_id "aTSF0hvH-WgmVLiJyhUNTAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 180.125.231.80

🇸🇬 114.119.143.207

🇺🇸 143.198.54.86

🇵🇱 83.168.95.29

🇧🇬 79.124.49.194

🇺🇸 74.7.243.48

🇺🇸 66.132.195.22

🇺🇸 66.132.186.132

🇳🇱 45.148.10.151

🇬🇧 35.203.211.127

🇮🇷 2.188.34.119

🇺🇸 216.25.89.75

🇸🇬 172.188.218.162

🇨🇳 59.110.239.11

🇮🇳 182.95.113.122

🇷🇺 178.178.194.136

🇺🇸 162.216.149.117

🇺🇸 142.248.80.196

🇨🇳 106.75.184.33

🇻🇳 103.173.154.45