JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.172.164

209.50.172.164 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 4%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.172.164

Whois 209.50.172.164

IP Abuse Reports for 209.50.172.164:

This IP address has been reported a total of 26 times from 13 distinct sources. 209.50.172.164 was first reported on September 26th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-01 22:06:15 (3 days ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇪🇸 el-brujo	2026-03-24 01:50:50 (2 months ago)	Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Mozilla ... show more Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Action: managed_challenge Source: firewallManaged ASN Description: DREI-K-TECH-GMBH Country: US Method: GET Timestamp: 2026-03-24T01:50:50Z ruleId: 5de7edfa648c4d6891dc3e7f84534ffa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 oncord	2026-02-22 01:27:21 (3 months ago)	Form spam	Web Spam
🇺🇸 oncord	2026-02-14 20:46:59 (3 months ago)	Form spam	Web Spam
🇦🇺 oncord	2026-02-08 19:21:49 (3 months ago)	Form spam	Web Spam
🇺🇸 VeteranOwnedBusiness.com	2026-02-04 19:46:00 (4 months ago)	seo spammer	Web Spam
🇺🇸 fbarela	2026-01-25 04:02:00 (4 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
Anonymous	2025-12-09 09:29:48 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-24 09:51:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:51:32.785947 2025] [security2:error] [pid 243930:tid 244015] [client 209.50.172.164:26759] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "traduction.callaplusfirst.com"] [uri "/.svn/wc.db"] [unique_id "aSQqpCGfGLJwz49-AzKYbQAAAIg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:03:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:03:09.778033 2025] [security2:error] [pid 8142:tid 8142] [client 209.50.172.164:27211] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.mylert.org"] [uri "/.git/HEAD"] [unique_id "aSP1HTUIMVnfByBXlT0mxAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:19:32 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:19:23.725886 2025] [security2:error] [pid 25708:tid 25708] [client 209.50.172.164:45641] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.scrunchiebuttbikinis.com"] [uri "/.svn/wc.db"] [unique_id "aSPq29ywMw7JiUGk-Qk1DgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:59:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:58:55.388271 2025] [security2:error] [pid 3320449:tid 3320449] [client 209.50.172.164:18037] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.aden.us"] [uri "/.env"] [unique_id "aSPmD9xJuJUbq3niBQSADgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 03:47:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 22:47:45.299414 2025] [security2:error] [pid 10970:tid 10970] [client 209.50.172.164:33785] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.ik3co.com"] [uri "/.svn/wc.db"] [unique_id "aSPVYYx6Zdo_Bl0hQBCU6AAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-23 21:31:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 16:31:29.968579 2025] [security2:error] [pid 31747:tid 31747] [client 209.50.172.164:55561] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.blountmuseum.org"] [uri "/.svn/wc.db"] [unique_id "aSN9MZQ4UhX2F03qviaQHwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 techboy117	2025-11-14 00:51:07 (6 months ago)	Blocking due to password spraying.	Brute-Force

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 103.154.77.48

🇮🇳 20.204.156.53

🇷🇴 2.57.121.112

🇹🇭 203.154.158.195

🇳🇱 195.178.110.30

🇪🇸 193.46.192.20

🇲🇽 187.228.173.125

🇳🇱 185.213.174.34

🇮🇳 165.140.164.99

🇫🇷 82.65.142.32

🇮🇳 20.193.141.133

🇮🇳 4.213.99.137

🇩🇪 213.209.159.11

🇫🇷 161.97.122.225

🇸🇬 152.42.219.80

🇷🇺 130.49.181.91

🇺🇸 63.46.42.51

🇮🇳 59.180.135.81

🇺🇸 40.126.28.14

🇨🇳 36.32.104.4