JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.173.137

209.50.173.137 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.173.137

Whois 209.50.173.137

IP Abuse Reports for 209.50.173.137:

This IP address has been reported a total of 38 times from 12 distinct sources. 209.50.173.137 was first reported on September 28th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-05-26 22:29:05 (1 month ago)	5.449 requests with url.path //xmlrpc.php 4.817 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-26 07:49:06 (6 months ago)	(mod_security) mod_security (id:225170) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 26 02:48:58.273934 2025] [security2:error] [pid 4067:tid 4067] [client 209.50.173.137:28703] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|primacomm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "primacomm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aU496ls6IIi8OoB9d-MDtAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 22:10:03 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:09:59.458335 2025] [security2:error] [pid 24465:tid 24465] [client 209.50.173.137:15909] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "giantfern.com"] [uri "/.git/HEAD"] [unique_id "aS9jt2msD1kRQr4FFF9p7QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Bedios GmbH	2025-12-02 19:55:06 (6 months ago)	Login credentials theft attempt	Hacking
🇺🇸 TPI-Abuse	2025-12-02 08:46:09 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 03:46:05.158400 2025] [security2:error] [pid 15121:tid 15121] [client 209.50.173.137:12275] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|g-h2o.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "g-h2o.com"] [uri "/.svn/wc.db"] [unique_id "aS6nTUL6w1UwlIlo7wfGQQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 06:02:33 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 01:02:28.306274 2025] [security2:error] [pid 5821:tid 5821] [client 209.50.173.137:52663] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "333w88.com"] [uri "/.env"] [unique_id "aS6A9OvPJqBDdkHxQkaUqQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 05:16:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 00:16:23.052751 2025] [security2:error] [pid 20686:tid 20686] [client 209.50.173.137:60087] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "campbellsclan.com"] [uri "/.env"] [unique_id "aS52J9CwQQCtMXIkDAQjegAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 03:08:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.173.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 22:08:03.509075 2025] [security2:error] [pid 22741:tid 22741] [client 209.50.173.137:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cloudex.click"] [uri "/.env"] [unique_id "aS5YExZ4tqAdEtkcAYyUxwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-11-30 13:09:58 (6 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2025-11-14 12:24:18 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-01 04:36:13 (7 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.11.01 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.11.01 is noted in report timestamp show less	Hacking Brute-Force
🇵🇱 sefinek.net	2025-10-31 22:33:21 (7 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/89.0.4447.51 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2025-10-29 01:18:28 (8 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.29 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.29 is noted in report timestamp show less	Hacking Brute-Force
🇩🇪 ps-center	2025-10-27 13:27:43 (8 months ago)	C1-W: TCP-Scanner. Port: 22	Port Scan
🇵🇱 sefinek.net	2025-10-26 04:54:03 (8 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 115.243.248.82

🇦🇪 95.182.93.67

🇩🇪 69.5.169.119

🇺🇸 66.132.172.116

🇨🇦 50.101.61.158

🇮🇩 36.69.82.239

🇧🇪 34.78.166.143

🇺🇸 34.66.224.20

🇩🇪 2.27.20.149

🇹🇼 198.235.24.54

🇲🇽 189.203.36.32

🇿🇦 185.132.186.104

🇺🇸 162.216.149.106

🇿🇦 102.210.146.231

🇬🇧 92.27.157.252

🇫🇷 91.196.152.211

🇺🇸 66.132.172.118

🇺🇸 66.132.172.115

🇺🇸 63.135.161.120

🇱🇹 62.60.130.219