JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.185.164

209.50.185.164 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 25%: ?

25%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.185.164

Whois 209.50.185.164

IP Abuse Reports for 209.50.185.164:

This IP address has been reported a total of 11 times from 7 distinct sources. 209.50.185.164 was first reported on October 18th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 F242	2026-06-14 19:07:32 (1 day ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇬🇷 setupgr	2026-06-12 01:00:02 (4 days ago)	(mod_security) mod_security (id:900001) triggered by 209.50.185.164: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 209.50.185.164: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 03:59:59.633546 2026] [security2:error] [pid 53054:tid 53090] [client 209.50.185.164:56117] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: tavernadimitris.com"] [severity "CRITICAL"] [tag "security"] [hostname "tavernadimitris.com"] [uri "/wp-login.php"] [unique_id "aitaD-n8ZOKItT2VFMooOwAAAUk"], referer: https://tavernadimitris.com/wp-login.php show less	Port Scan
🇺🇸 lostswordfish.com	2026-06-11 18:34:04 (4 days ago)	Wordfence waf block on pameganslaw	Web App Attack
🇲🇽 octageeks.com	2026-06-11 04:23:06 (5 days ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 TPI-Abuse	2026-01-12 21:40:46 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 209.50.185.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 209.50.185.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 12 16:40:42.347910 2026] [security2:error] [pid 6016:tid 6016] [client 209.50.185.164:36627] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|zezel.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "zezel.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aWVqWlEYWU_-dyWbYI2TPAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:39:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:39:08.656645 2025] [security2:error] [pid 31098:tid 31130] [client 209.50.185.164:57425] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.datuinc.com"] [uri "/.git/HEAD"] [unique_id "aSVPDNvxIO4YhEJVbH7yHQAAAUE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2025-11-25 04:54:21 (6 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.git/HEAD (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .git/ found within REQUEST_FILENAME: /.git/HEAD] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:47:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:47:01.980390 2025] [security2:error] [pid 134161:tid 134188] [client 209.50.185.164:40613] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.barneysprecision.com"] [uri "/.git/HEAD"] [unique_id "aSQNdRfbvyHppNR9RqJzHAAAAIY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:34:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:34:09.308764 2025] [security2:error] [pid 4937:tid 4937] [client 209.50.185.164:30397] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.listerman.org"] [uri "/.svn/wc.db"] [unique_id "aSPgQWLTWmZ59T0w02ybggAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇾 lns.bz	2025-10-26 11:16:38 (7 months ago)	SSH bruteforce [BY]	SSH
🇺🇸 octageeks.com	2025-10-18 04:08:58 (7 months ago)	Wordpress malicious attack:[sshd]	Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.98.44.218

🇹🇼 198.235.24.59

🇺🇸 148.153.121.224

🇳🇱 138.226.239.11

🇦🇺 106.68.227.190

🇺🇸 97.77.218.134

🇮🇳 20.244.20.183

🇺🇸 20.168.122.6

🇨🇳 218.201.226.254

🇲🇾 195.86.192.66

🇳🇱 144.31.54.15

🇨🇳 114.245.48.116

🇺🇸 109.105.210.63

🇺🇸 91.230.168.141

🇸🇪 81.227.175.61

🇹🇷 78.163.210.126

🇸🇾 78.155.64.48

🇺🇸 20.168.120.173

🇨🇳 223.74.192.75

🇳🇱 193.176.31.150