JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.185.173

209.50.185.173 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 14%: ?

14%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.185.173

Whois 209.50.185.173

IP Abuse Reports for 209.50.185.173:

This IP address has been reported a total of 17 times from 9 distinct sources. 209.50.185.173 was first reported on September 30th 2025, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 03:56:15 (16 hours ago)	Web App Attack	Web App Attack
🇺🇸 mnsf	2026-06-05 05:07:42 (2 weeks ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇮🇩 securejdprop	2026-03-21 16:50:34 (2 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus D ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus DROP Listed Traffic Inbound group 60). Ip 209.50.185.173 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-03-21 16:50:33.283061504 +0000 UTC show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 05:19:39 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 00:19:32.401141 2026] [security2:error] [pid 20720:tid 20720] [client 209.50.185.173:44301] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kreweofblackbeardsrevenge.com"] [uri "/.git/config"] [unique_id "aZadZIqafea8nHqXQmx0kgAAACs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 04:27:59 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 23:27:49.478005 2026] [security2:error] [pid 26059:tid 26059] [client 209.50.185.173:13823] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kmashburn.com"] [uri "/v2/.git/config"] [unique_id "aZaRRa2Tbmm0xiks5UhKjwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 04:05:34 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 23:05:29.770842 2026] [security2:error] [pid 27797:tid 27797] [client 209.50.185.173:50513] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kitebeach.com"] [uri "/backend/.env"] [unique_id "aZaMCayGQeo4P0vyxe_JngAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 02:10:53 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 21:10:45.804313 2026] [security2:error] [pid 31345:tid 31345] [client 209.50.185.173:50143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kathiehazlett.com"] [uri "/.env.staging"] [unique_id "aZZxJaPPIJdH3_lQY9ZqKwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-19 02:05:18 (4 months ago)	Too many Status 40X (11) Scanning/Probing (11)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 23:47:34 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 18:47:31.340043 2026] [security2:error] [pid 7265:tid 7265] [client 209.50.185.173:55273] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "villamarehiltonhead.com"] [uri "/wp/.git/config"] [unique_id "aZZPk_OwdUakluVuT-XvpQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 11:53:35 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 06:53:28.528073 2026] [security2:error] [pid 1181725:tid 1181725] [client 209.50.185.173:54555] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wardellbrown.com"] [uri "/test/.git/config"] [unique_id "aZWoOFj1OlyC-kC7uKjs6gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-02-09 20:27:48 (4 months ago)	http-sensitive-files - IP: 209.50.185.173 - time="2026-02-09T21:27:48+01:00" level=info msg="(555f6 ... show more http-sensitive-files - IP: 209.50.185.173 - time="2026-02-09T21:27:48+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 209.50.185.173 (TH/200373) : 4h ban on Ip 209.50.185.173" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 10:20:49 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 05:20:42.007896 2026] [security2:error] [pid 25095:tid 25095] [client 209.50.185.173:56771] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gacstoday.com"] [uri "/dev/.git/config"] [unique_id "aYm0-sNMuFNjVF5I1_erygAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 SSH-Admin	2026-02-07 17:12:28 (4 months ago)	Probing for Exploits	Exploited Host Web App Attack
Anonymous	2026-01-16 14:29:13 (5 months ago)	wordpress-trap	Web App Attack
🇨🇦 SSH-Admin	2025-12-27 13:45:08 (5 months ago)	Probing for Exploits	Exploited Host Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 203.76.241.18

🇩🇪 185.220.101.98

🇫🇷 85.217.140.13

🇱🇹 81.30.98.62

🇺🇸 37.19.210.13

🇺🇸 37.19.200.162

🇺🇸 4.151.241.247

🇺🇸 4.151.241.245

🇷🇴 2.57.122.177

🇰🇷 211.219.118.118

🇨🇳 120.231.63.36

🇨🇳 120.48.84.64

🇷🇴 92.118.39.62

🇵🇱 83.168.95.29

🇰🇼 62.150.237.107

🇳🇱 45.148.10.147

🇿🇦 41.123.66.27

🇩🇿 41.110.4.106

🇺🇸 37.19.200.159

🇯🇵 8.216.17.135