JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.172.196

209.50.172.196 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.172.196

Whois 209.50.172.196

IP Abuse Reports for 209.50.172.196:

This IP address has been reported a total of 26 times from 11 distinct sources. 209.50.172.196 was first reported on September 27th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 LSPCCU	2026-06-03 20:24:37 (2 weeks ago)	TSEC Honeypot Network report. Threat score: 66/100. Categories: Hacking. Honeypot: ssh-telnet, cowri ... show more TSEC Honeypot Network report. Threat score: 66/100. Categories: Hacking. Honeypot: ssh-telnet, cowrie. Context: 209. show less	Hacking
Anonymous	2026-04-06 03:33:47 (2 months ago)	Forum/form spam	Web Spam
Anonymous	2026-03-11 17:33:13 (3 months ago)	Forum/form spam	Web Spam
🇩🇪 Lino Project	2026-03-05 09:35:10 (3 months ago)	209.50.172.196 - - [05/Mar/2026:10:35:07 +0100] "GET /xmlrpc.php HTTP/1.1" 403 3963 "https://www.pri ... show more 209.50.172.196 - - [05/Mar/2026:10:35:07 +0100] "GET /xmlrpc.php HTTP/1.1" 403 3963 "https://www.primobio.it/mio-account/?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 209.50.172.196 - - [05/Mar/2026:10:35:10 +0100] "GET /wp-admin/post-new.php HTTP/1.1" 403 6555 "https://www.primobio.it/mio-account/?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-31 01:51:21 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 20:51:11.572514 2025] [security2:error] [pid 1065125:tid 1065136] [client 209.50.172.196:57203] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.selecttech.org"] [uri "/.git/HEAD"] [unique_id "aVSBj_tuR2rJeGLz2GwLwQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Security_Whaller	2025-12-30 06:29:06 (5 months ago)	Malicious activity detected on Honeypot.	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 08:37:54 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 03:37:50.295865 2025] [security2:error] [pid 25718:tid 25718] [client 209.50.172.196:49701] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ostarek.com"] [uri "/.svn/wc.db"] [unique_id "aVI93jCvsYC3OfAnxPN2yAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 08:12:52 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 03:12:48.292216 2025] [security2:error] [pid 13011:tid 13011] [client 209.50.172.196:41037] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "salazartransfers.com"] [uri "/.env"] [unique_id "aVI4AJtapz0gYG1BIBU2bwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 07:47:33 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 02:47:27.418437 2025] [security2:error] [pid 11717:tid 11717] [client 209.50.172.196:14949] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sigridsnaturalfoods.com"] [uri "/.svn/wc.db"] [unique_id "aVIyD-RgFaHBepUB0yredAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 07:20:25 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 02:20:18.484068 2025] [security2:error] [pid 14684:tid 14684] [client 209.50.172.196:20867] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "suffolksystems.com"] [uri "/.env"] [unique_id "aVIrsl3iVIYFKyx0WLXItAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:30:16 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:30:07.910088 2025] [security2:error] [pid 16848:tid 16857] [client 209.50.172.196:28977] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "onenessrecords.com"] [uri "/.svn/wc.db"] [unique_id "aVIR3-Y3Wlk-Bgm76UqzrwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-29 05:14:56 (5 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 TPI-Abuse	2025-12-29 04:35:46 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:35:42.226462 2025] [security2:error] [pid 5743:tid 5743] [client 209.50.172.196:54665] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "synergenicnetworks.com"] [uri "/.git/HEAD"] [unique_id "aVIFHrWU5Y7MQn5IQFJ3UAAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-10 13:52:51 (6 months ago)	botnet	DDoS Attack
🇫🇮 Shaik Sai Meera	2025-11-25 00:03:28 (6 months ago)	IM360 WAF: Hidden file access	Brute-Force

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇺 103.30.211.135

🇺🇸 65.49.1.232

🇺🇸 64.62.197.180

🇩🇪 63.178.243.8

🇧🇷 205.210.31.213

🇳🇱 192.109.200.220

🇺🇸 192.3.127.40

🇳🇱 176.65.132.24

🇨🇳 139.170.141.170

🇮🇳 122.160.59.87

🇨🇦 85.217.149.12

🇺🇸 72.215.33.197

🇨🇳 60.16.208.227

🇹🇼 198.235.24.78

🇭🇳 190.53.248.74

🇳🇱 185.242.226.87

🇨🇲 154.70.102.114

🇨🇳 139.224.230.230

🇨🇳 120.48.98.75

🇮🇳 103.174.34.49