JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.171.114

209.50.171.114 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.171.114

Whois 209.50.171.114

IP Abuse Reports for 209.50.171.114:

This IP address has been reported a total of 37 times from 13 distinct sources. 209.50.171.114 was first reported on September 27th 2025, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-22 19:16:43 (6 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-05-20 22:27:59 (1 month ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 01-27.209.50.171.114.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 01-27.209.50.171.114.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇵🇱 cheatmaster.store	2026-02-25 23:27:11 (4 months ago)	Automated report: This IP address has been identified as an active public open proxy. Classification ... show more Automated report: This IP address has been identified as an active public open proxy. Classification: Open Proxy \| Spoofing \| VPN/Anonymizer \| Bad Web Bot. Country: United States Threat level: High. This host is listed across multiple public proxy databases and poses a risk of abuse, credential stuffing, scraping, and spoofed traffic. Reported by automated threat intelligence pipeline. Do not whitelist without manual verification. show less	Web Spam Port Scan Web App Attack
Anonymous	2025-12-11 17:31:21 (6 months ago)	botnet	DDoS Attack
🇫🇷 Little Iguana	2025-12-07 09:42:19 (6 months ago)	Attempt to hack Wordpress Login, XMLRPC or other login	Hacking
🇺🇸 TPI-Abuse	2025-11-26 18:25:22 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 13:25:17.590454 2025] [security2:error] [pid 22906:tid 22906] [client 209.50.171.114:13895] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.modestosoftwater.com"] [uri "/.svn/wc.db"] [unique_id "aSdGDWC3677wlTH1yJ5KxAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 11:34:30 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:34:23.345648 2025] [security2:error] [pid 20347:tid 20347] [client 209.50.171.114:14717] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.haywardcarpentry.com"] [uri "/.env"] [unique_id "aSblv_jyMMqyW02V3hEwFAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2025-11-26 04:56:50 (7 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.svn/wc.db (Rule ID: 920440) - URL file extension is restricted by policy show less	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:43:41 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:43:35.218682 2025] [security2:error] [pid 22086:tid 22271] [client 209.50.171.114:9009] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.stateabbreviationlist.com"] [uri "/.svn/wc.db"] [unique_id "aSZNNxCcVYSuHH558FyChwAAAM8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:04:05 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:04:00.884784 2025] [security2:error] [pid 25901:tid 25901] [client 209.50.171.114:19913] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.ilil.net"] [uri "/.svn/wc.db"] [unique_id "aSVU4Cn3szVjRJ33OKbnFAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:39:19 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:39:13.289114 2025] [security2:error] [pid 16982:tid 16982] [client 209.50.171.114:20109] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.ggaccounting.services"] [uri "/.env"] [unique_id "aSVPEfBWzr5bOZ0uQl_IZQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:15:12 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:15:09.535234 2025] [security2:error] [pid 22629:tid 22629] [client 209.50.171.114:25345] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.platinumcapitalpartners.net"] [uri "/.git/HEAD"] [unique_id "aSVJbWLodsOP1P7Gk1gODgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:32:11 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:32:01.177533 2025] [security2:error] [pid 11634:tid 11634] [client 209.50.171.114:48459] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.morefrogs.com"] [uri "/.svn/wc.db"] [unique_id "aSU_UYaG_9qZpRrhQz1jVgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:09:38 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.171.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:09:32.894383 2025] [security2:error] [pid 14224:tid 14261] [client 209.50.171.114:58851] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "atheistink.xxxmain.com"] [uri "/.env"] [unique_id "aSU6DHsnUhcrY-PSxvYJIwAAAUQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Little Iguana	2025-11-25 04:43:54 (7 months ago)	Attempt to hack Wordpress Login, XMLRPC or other login	Hacking

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 54.37.118.87

🇻🇳 222.252.102.136

🇩🇪 209.38.234.169

🇭🇰 199.45.155.93

🇱🇹 185.36.81.23

🇳🇱 176.65.148.156

🇵🇰 160.187.180.146

🇰🇷 112.164.195.219

🇻🇳 103.42.57.146

🇫🇷 85.217.140.28

🇺🇸 64.62.156.148

🇺🇸 52.225.97.27

🇱🇹 45.227.254.170

🇬🇧 2a06:4883:5000::5f

🇸🇪 213.66.197.199

🇸🇪 195.178.191.5

🇨🇭 159.100.242.227

🇧🇩 103.120.166.62

🇺🇸 18.189.74.1

🇭🇰 2a09:bac5:398a:16c8::245:a3