JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.169.149

209.50.169.149 was found in our database!

This IP was reported 46 times. Confidence of Abuse is 8%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.169.149

Whois 209.50.169.149

IP Abuse Reports for 209.50.169.149:

This IP address has been reported a total of 46 times from 16 distinct sources. 209.50.169.149 was first reported on September 29th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-22 11:32:29 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇨🇳 ThreatBook.io	2026-04-18 22:17:10 (1 month ago)	ThreatBook Intelligence: http_proxy,Spam more details on https://threatbook.io/ip/209.50.169.149 202 ... show more ThreatBook Intelligence: http_proxy,Spam more details on https://threatbook.io/ip/209.50.169.149 2026-04-18 13:32:05 /special/index.php?c=search&catid=23%20and%20(select%201%20from%20(select%20count(),concat(md5(1),floor(rand(0)2))x%20from%20information_schema.tables%20group%20by%20x)a) show less	Web App Attack
🇺🇸 cyfordtechnologies.com	2026-03-09 03:45:11 (3 months ago)	High-abuse ASN prefix: 209.50. : Reported by Cyford API	Web App Attack
🇨🇳 ThreatBook.io	2026-02-09 22:19:08 (4 months ago)	ThreatBook Intelligence: http_proxy,Spam more details on https://threatbook.io/ip/209.50.169.149 202 ... show more ThreatBook Intelligence: http_proxy,Spam more details on https://threatbook.io/ip/209.50.169.149 2026-02-09 03:19:00 /swagger/docs/v1 2026-02-09 03:19:02 /v3/api-docs 2026-02-09 03:18:58 /prod-api/v2/api-docs 2026-02-09 03:19:00 /swagger/v1/swagger.json 2026-02-09 03:18:59 /v2/api-docs 2026-02-09 03:19:01 /api/swagger.json show less	Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 12:12:50 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 07:12:43.927192 2026] [security2:error] [pid 14978:tid 14978] [client 209.50.169.149:59331] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "7319atwood.com"] [uri "/.git/HEAD"] [unique_id "aXDCu2kRxjBfdH862V8A7gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-01-12 22:24:12 (5 months ago)	ThreatBook Intelligence: http_proxy more details on http://threatbook.io/ip/209.50.169.149 2026-01-1 ... show more ThreatBook Intelligence: http_proxy more details on http://threatbook.io/ip/209.50.169.149 2026-01-12 08:10:06 /siteserver/bbs/background_keywordsFilting.aspx?grade=0&categoryid=0&keyword=test%27%20and%20@@version=1%20and%202=%271 2026-01-12 06:08:52 /druid/index.html show less	Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:02:02 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇨🇳 ThreatBook.io	2025-12-20 22:21:20 (5 months ago)	ThreatBook Intelligence: http_proxy more details on http://threatbook.io/ip/209.50.169.149 2025-12-2 ... show more ThreatBook Intelligence: http_proxy more details on http://threatbook.io/ip/209.50.169.149 2025-12-20 01:43:27 /actuator 2025-12-20 01:43:27 /jeecg-boot/actuator/ show less	Web App Attack
🇫🇷 mrcrassi	2025-12-16 13:07:47 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-16 03:10:26 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 15 22:10:18.534568 2025] [security2:error] [pid 5554:tid 5554] [client 209.50.169.149:33205] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jolankagroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jolankagroup.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aUDNmh643BvT4r6wjTl-RAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-12-15 22:24:43 (5 months ago)	ThreatBook Intelligence: http_proxy more details on http://threatbook.io/ip/209.50.169.149 2025-12-1 ... show more ThreatBook Intelligence: http_proxy more details on http://threatbook.io/ip/209.50.169.149 2025-12-15 19:32:55 /video/index.php?c=search&catid=23%20and%20(select%201%20from%20(select%20count(),concat(md5(1),floor(rand(0)2))x%20from%20information_schema.tables%20group%20by%20x)a) show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 20:28:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 15:28:23.734941 2025] [security2:error] [pid 3420:tid 3431] [client 209.50.169.149:14961] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "totalbodycare753.com"] [uri "/.git/HEAD"] [unique_id "aS9L59pYnVkZuI2SUNMX7gAAAEg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 20:07:36 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 15:07:30.162836 2025] [security2:error] [pid 21667:tid 21667] [client 209.50.169.149:50243] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "origenial.com"] [uri "/.env"] [unique_id "aS9HAi8LIUu2DzAKYOiw6wAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 18:54:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 13:54:02.895561 2025] [security2:error] [pid 22152:tid 22152] [client 209.50.169.149:23009] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "skomax.com"] [uri "/.env"] [unique_id "aS81ytZTuSUG_-6fi-ovLAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 15:38:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.169.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 10:38:22.386502 2025] [security2:error] [pid 11439:tid 11439] [client 209.50.169.149:25485] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "animecelgallery.com"] [uri "/.env"] [unique_id "aS8H7kUuNZI4cAt7Qx3SPgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 46 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.61.154.206

🇬🇧 217.146.80.121

🇬🇧 193.163.125.196

🇬🇧 185.61.154.2

🇷🇸 185.26.173.91

🇺🇸 172.215.144.32

🇳🇱 81.19.216.88

🇺🇸 64.227.14.170

🇺🇸 45.79.207.110

🇳🇱 213.177.179.62

🇺🇸 206.189.198.17

🇫🇷 185.252.234.215

🇳🇴 185.243.218.226

🇵🇱 185.241.208.231

🇨🇳 175.0.55.160

🇩🇪 109.237.97.85

🇹🇼 60.199.224.2

🇰🇷 34.22.95.20

🇷🇺 217.24.185.98

🇸🇬 185.223.207.115