JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.172.42

209.50.172.42 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 10%: ?

10%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.172.42

Whois 209.50.172.42

IP Abuse Reports for 209.50.172.42:

This IP address has been reported a total of 18 times from 10 distinct sources. 209.50.172.42 was first reported on September 30th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-05-27 08:33:44 (2 weeks ago)	4.969 requests with url.path */xmlrpc.php 4.969 requests with url.path //xmlrpc.php	Brute-Force Bad Web Bot
🇨🇭 4server	2026-05-09 00:23:31 (1 month ago)	[SatMay0902:23:24.0743792026][security2:error][pid4104374:tid4104941][client209.50.172.42:0]ModSecur ... show more [SatMay0902:23:24.0743792026][security2:error][pid4104374:tid4104941][client209.50.172.42:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"prodotti.comarcosa.com\"][uri\"/xmlrpc.php\"][unique_id\"af5-fJO-b_Fb0PjEtNFieAAAARU\"] show less	Hacking Web App Attack
🇨🇭 backslash	2026-01-03 10:50:02 (5 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:40 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 06:46:35 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:46:29.836858 2025] [security2:error] [pid 28733:tid 28733] [client 209.50.172.42:13045] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deanandolsek.com"] [uri "/.env"] [unique_id "aVIjxScYtEHzWCBwVW-hcwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 06:51:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:51:07.778436 2025] [security2:error] [pid 5392:tid 5396] [client 209.50.172.42:20639] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kiwimagic.net"] [uri "/.git/HEAD"] [unique_id "aSajWzE9pbPJjmUZUrRuSQAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:10:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:10:47.203782 2025] [security2:error] [pid 25370:tid 25370] [client 209.50.172.42:47569] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.banjogram.com"] [uri "/.env"] [unique_id "aSZTl11E9cm9eb4qlhCVNgAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:32:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:32:11.135745 2025] [security2:error] [pid 3292518:tid 3292523] [client 209.50.172.42:49757] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.campingcosmetics.com"] [uri "/.env"] [unique_id "aSZKixwrQueSMlYnD3LlIwAAAUM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 as211431.net	2025-11-16 10:13:07 (6 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /join UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko/20100101 Firefox/114.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2025-11-13 20:39:00 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-11-11 16:52:47 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.172.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 11 11:52:42.299872 2025] [security2:error] [pid 6190:tid 6190] [client 209.50.172.42:32361] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.jalenbattle.com"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aRNp2pdMucJ1k34QPZddFQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-02 13:31:38 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 06:42:49	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-10-14 10:39:53 (7 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.14 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.14 is noted in report timestamp show less	Hacking Brute-Force
🇨🇦 wil.com	2025-10-13 18:22:25 (8 months ago)	GlobalProtect login attempts with user ericf.	VPN IP Brute-Force
Anonymous	2025-10-04 20:32:17 (8 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.218.206.66

🇩🇪 213.209.159.238

🇸🇬 172.253.211.88

🇸🇬 165.154.200.214

🇷🇺 81.9.102.85

🇷🇴 80.94.92.171

🇩🇪 69.5.169.108

🇮🇳 49.200.182.239

🇯🇵 45.252.188.23

🇱🇹 45.227.254.170

🇨🇳 14.103.127.198

🇺🇸 216.180.246.24

🇸🇬 194.5.82.43

🇲🇽 187.191.48.22

🇨🇳 125.126.30.122

🇨🇳 120.240.95.27

🇺🇸 109.105.210.70

🇳🇱 91.92.40.13

🇳🇱 91.92.40.12

🇫🇷 51.83.40.102