JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.172.21

209.50.172.21 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 16%: ?

16%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.172.21

Whois 209.50.172.21

IP Abuse Reports for 209.50.172.21:

This IP address has been reported a total of 26 times from 13 distinct sources. 209.50.172.21 was first reported on September 27th 2025, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 librebit	2026-06-24 03:36:52 (11 hours ago)	Brute force	Brute-Force
🇨🇳 ThreatBook.io	2026-05-16 23:28:10 (1 month ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/209.50.172.21 2026-05 ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/209.50.172.21 2026-05-16 13:56:13 / 2026-05-16 13:57:16 / show less	Web App Attack
Anonymous	2026-05-12 20:43:05 (1 month ago)	scanning for potential vulnerable apps (wordpress etc.) and database accesses (GHR). Requested URI: ... show more scanning for potential vulnerable apps (wordpress etc.) and database accesses (GHR). Requested URI: /wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings show less	Web App Attack
Anonymous	2025-12-02 12:09:27 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-26 08:46:03 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 03:45:58.691211 2025] [security2:error] [pid 9297:tid 9297] [client 209.50.172.21:50343] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.genesis-castle.com"] [uri "/.git/HEAD"] [unique_id "aSa-RrhoXV3fndpHXy86fwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:32:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:32:21.367681 2025] [security2:error] [pid 2313281:tid 2313281] [client 209.50.172.21:32947] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fourdogsandadrone.celtickyss.com"] [uri "/.env"] [unique_id "aSZ0xYhpYjfFoLFtZ6M06QAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:00:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:00:41.367030 2025] [security2:error] [pid 27074:tid 27074] [client 209.50.172.21:40239] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.coolcustomweddingproducts.com"] [uri "/.svn/wc.db"] [unique_id "aSZfScfNKG_q-LxyS4UxogAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:16:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:16:32.360503 2025] [security2:error] [pid 22481:tid 22481] [client 209.50.172.21:41551] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.fishleadership.org"] [uri "/.git/HEAD"] [unique_id "aSZG4Bj2my9E2-_kS3FAgQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:30:53 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:30:42.124576 2025] [security2:error] [pid 12006:tid 12081] [client 209.50.172.21:29501] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.evan-hotel.com"] [uri "/.git/HEAD"] [unique_id "aSQXskDKyspBjqfQ2lVR4AAAAFA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:12:12 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:11:42.507047 2025] [security2:error] [pid 7491:tid 7491] [client 209.50.172.21:10991] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.wilsonclassof81.org"] [uri "/.svn/wc.db"] [unique_id "aSQTPnS-ouZnhElgcl6esAAAAD8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:08:57 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:08:50.800664 2025] [security2:error] [pid 27457:tid 27457] [client 209.50.172.21:56327] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.psychiatryabuse.com"] [uri "/.git/HEAD"] [unique_id "aSPoYhWa_bA5QgsqSWzEuAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-10 08:51:28 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 10 03:51:24.848671 2025] [security2:error] [pid 26968:tid 26968] [client 209.50.172.21:20551] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.mcarrollcommunications.com"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aRGnjMtAUHQWLj1fzD5QiwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-02 20:25:02 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 07:35:36	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-10-29 02:44:39 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇺🇸 oncord	2025-10-15 11:20:00 (8 months ago)	Form spam	Web Spam

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 177.126.96.33

🇺🇸 66.132.224.26

🇮🇷 62.133.46.16

🇨🇳 61.173.113.84

🇧🇪 34.156.182.50

🇺🇸 20.40.217.42

🇯🇵 8.216.3.87

🇸🇬 2a09:bac1:6560:8::278:3b

🇮🇩 182.16.252.18

🇵🇰 180.178.130.132

🇩🇪 178.16.52.120

🇰🇷 175.198.175.22

🇺🇸 157.245.141.140

🇻🇳 152.32.249.95

🇵🇰 103.213.112.68

🇸🇬 103.189.234.244

🇺🇸 65.49.1.218

🇱🇹 62.60.130.219

🇻🇳 42.118.3.5

🇷🇴 2.57.121.112