JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.172.232

209.50.172.232 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.172.232

Whois 209.50.172.232

IP Abuse Reports for 209.50.172.232:

This IP address has been reported a total of 25 times from 16 distinct sources. 209.50.172.232 was first reported on September 27th 2025, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-03-13 05:22:35 (2 months ago)	Banned by SPAMHAUS DROP list	DDoS Attack Hacking Bad Web Bot Web App Attack
🇺🇸 Ocean Ascents	2026-01-21 16:37:23 (4 months ago)	Probe for vulnerabilities. Path attempted: /.env	Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 14:02:28 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 09:02:23.214414 2026] [security2:error] [pid 27796:tid 27796] [client 209.50.172.232:48569] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bilimkurgumanyagi.com"] [uri "/.svn/wc.db"] [unique_id "aXDcbx4cJ5LYFX3BcCO1fgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 12:07:43 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 07:07:35.489412 2026] [security2:error] [pid 12805:tid 12805] [client 209.50.172.232:51963] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "radtraininginc.com"] [uri "/.env"] [unique_id "aXDBh8TP3zKJAlYl2MVJkwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2026-01-21 08:11:45 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.git/HEAD UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇫🇷 ingroscart.it	2026-01-20 19:37:34 (4 months ago)	(mod_security) mod_security triggered on hostname [redacted] 209.50.172.232 (US/United States/-)	SQL Injection
Anonymous	2026-01-14 19:30:14 (4 months ago)	Configuration snooping (/.env): 209.50.172.232 - - [14/Jan/2026:19:24:00 +0000] "GET /.env HTTP/1.1 ... show more Configuration snooping (/.env): 209.50.172.232 - - [14/Jan/2026:19:24:00 +0000] "GET /.env HTTP/1.1" 404 241 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15" show less	Hacking Web App Attack
🇧🇷 hostseries	2025-12-24 05:28:14 (5 months ago)	Trigger: LF_DISTATTACK	Brute-Force
🇺🇸 TPI-Abuse	2025-11-24 09:52:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:51:53.576351 2025] [security2:error] [pid 9772:tid 9772] [client 209.50.172.232:30685] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.narrowacresbees.com"] [uri "/.svn/wc.db"] [unique_id "aSQquRjthaTPq7zWmdwo7wAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:47:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:47:11.556826 2025] [security2:error] [pid 5375:tid 5375] [client 209.50.172.232:18549] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.jeremyurbanski.com"] [uri "/.svn/wc.db"] [unique_id "aSQNfwPHHcig7XLNXSNlRgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-10 07:09:31 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 10 02:09:26.412448 2025] [security2:error] [pid 32533:tid 32533] [client 209.50.172.232:26639] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ixd.net"] [uri "/.env"] [unique_id "aRGPprfEdLV4rug8UcSKRAAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Marc	2025-10-29 20:39:53 (7 months ago)		Brute-Force
🇩🇪 neckaralb-admin.de	2025-10-29 17:10:17 (7 months ago)	(wordpress) Failed login wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2025-10-28 23:26:37 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇱🇻 garmtech.com	2025-10-23 15:55:38 (7 months ago)	IM360 WAF: SQL Injection Attack: Common DB Names Detected	SQL Injection

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.46.125.221

🇵🇱 172.253.255.53

🇨🇳 171.111.196.251

🇮🇪 168.63.79.147

🇩🇪 165.227.170.113

🇺🇸 162.216.150.245

🇮🇳 152.52.245.142

🇺🇸 147.185.132.61

🇺🇸 147.185.132.23

🇺🇸 104.129.17.147

🇺🇸 64.72.74.162

🇨🇳 1.183.128.156

🇰🇷 222.112.12.140

🇮🇳 203.192.247.84

🇺🇸 147.185.132.112

🇮🇳 122.185.146.106

🇺🇸 70.94.198.26

🇺🇸 67.176.1.68

🇫🇷 62.171.181.3

🇺🇸 44.122.89.22