JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.182.49

209.50.182.49 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 14%: ?

14%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.182.49

Whois 209.50.182.49

IP Abuse Reports for 209.50.182.49:

This IP address has been reported a total of 17 times from 12 distinct sources. 209.50.182.49 was first reported on October 29th 2025, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 raph	2026-06-19 19:10:30 (23 hours ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇩🇪 raph	2026-06-07 21:10:31 (1 week ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
Anonymous	2026-05-08 09:59:08 (1 month ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 4server	2026-04-21 16:47:05 (1 month ago)	[TueApr2118:46:59.2324802026][security2:error][pid3025242:tid3025335][client209.50.182.49:0]ModSecur ... show more [TueApr2118:46:59.2324802026][security2:error][pid3025242:tid3025335][client209.50.182.49:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"grigorov.ch\"][uri\"/database.sql\"][unique_id\"aeeqA0odPrcZ1V_bs78x9AAAANE\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-04-18 22:22:19 (2 months ago)	"GET http://<domain>.com/dump.sql HTTP/1.1"	Hacking Web App Attack
Anonymous	2026-01-05 20:24:13 (5 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
🇧🇪 madeit	2025-11-27 12:13:24 (6 months ago)		Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:24:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:24:16.578235 2025] [security2:error] [pid 32533:tid 32533] [client 209.50.182.49:35145] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.tankercontrol.com"] [uri "/.svn/wc.db"] [unique_id "aSaPAP4pU6Hy5VwWnUVsSQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:07:43 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:07:40.216518 2025] [security2:error] [pid 3278:tid 3278] [client 209.50.182.49:14539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.grantjennings.com"] [uri "/.git/HEAD"] [unique_id "aSZu_GZ4dShP8lQeOZYgZgAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:48:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:48:02.840335 2025] [security2:error] [pid 20881:tid 20881] [client 209.50.182.49:17035] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.monmouthbottleshop.com"] [uri "/.svn/wc.db"] [unique_id "aSQbwkVt80gjdNB_6Vwq-QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:45:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:45:45.770947 2025] [security2:error] [pid 12831:tid 12831] [client 209.50.182.49:50233] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.peradotto.net"] [uri "/.git/HEAD"] [unique_id "aSPxCUEg8vmv9wlJugC9dAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 02:13:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.182.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 21:12:59.558558 2025] [security2:error] [pid 2893:tid 2905] [client 209.50.182.49:31589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.idwic.com"] [uri "/.svn/wc.db"] [unique_id "aSO_KyZWVzJkk5khHgNOvgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-22 11:50:53 (6 months ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
Anonymous	2025-11-21 18:24:20 (6 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/21 12:19:52	Port Scan Brute-Force Exploited Host Web App Attack
🇺🇸 Rip	2025-11-02 10:15:05 (7 months ago)	Authentication attack attempt. CMS Brute Force - Access Forbidden	Brute-Force Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇷 190.244.39.224

🇺🇸 190.111.160.196

🇺🇸 190.111.160.156

🇺🇸 190.111.160.51

🇺🇸 186.65.120.73

🇭🇰 152.32.189.59

🇭🇰 118.26.36.248

🇺🇸 44.69.213.25

🇺🇸 186.179.59.79

🇺🇸 186.179.59.44

🇺🇸 186.65.120.178

🇺🇸 186.65.120.130

🇲🇾 180.73.200.163

🇨🇳 175.165.87.17

🇨🇿 78.80.19.117

🇺🇸 66.132.195.66

🇺🇸 64.62.156.158

🇳🇱 45.148.10.151

🇺🇸 44.46.137.240

🇺🇸 38.148.249.2