JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.185.238

209.50.185.238 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 12%: ?

12%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.185.238

Whois 209.50.185.238

IP Abuse Reports for 209.50.185.238:

This IP address has been reported a total of 16 times from 5 distinct sources. 209.50.185.238 was first reported on November 24th 2025, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 raph	2026-06-25 21:44:38 (3 hours ago)	[Wordpress] crawler /wp-admin/, /wp-content/, etc.	Bad Web Bot Web App Attack
🇺🇸 lostswordfish.com	2026-06-10 11:56:05 (2 weeks ago)	Wordfence waf block on advocates4change	Web App Attack
🇮🇩 Burayot	2026-02-23 17:44:48 (4 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 209.50.185.238 (TH/Thailand/-): 1 i ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 209.50.185.238 (TH/Thailand/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 20:22:39 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 15:22:37.045678 2026] [security2:error] [pid 20106:tid 20106] [client 209.50.185.238:56125] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "galysh.us"] [uri "/api/.env"] [unique_id "aYpCDQz_8_EOoUx3Sbiv4wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 18:47:40 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 13:47:32.969460 2026] [security2:error] [pid 894091:tid 894091] [client 209.50.185.238:44393] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fxbgsanta.com"] [uri "/.env.staging"] [unique_id "aYorxOiDIwRW_gmVlPcE1gAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 17:59:15 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 12:58:59.326467 2026] [security2:error] [pid 20128:tid 20128] [client 209.50.185.238:20563] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "furballrecords.com"] [uri "/backup/.git/config"] [unique_id "aYogYzbEcmd211Pz-gEoFAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 16:45:49 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 11:45:43.000570 2026] [security2:error] [pid 22227:tid 22227] [client 209.50.185.238:11785] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fuentevictoria.com"] [uri "/test/.git/config"] [unique_id "aYoPNhAsEmKpPN6aLDo1sAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 16:28:36 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 11:28:31.984133 2026] [security2:error] [pid 1170445:tid 1170445] [client 209.50.185.238:22257] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftiptondds.com"] [uri "/test/.git/config"] [unique_id "aYoLL0isnOng9KSFPIMqZQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-02 22:01:06 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 02 17:01:00.855547 2026] [security2:error] [pid 20731:tid 20731] [client 209.50.185.238:52921] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ryan.robotrodeo.net"] [uri "/.env"] [unique_id "aVhAHPeTD8xLXrjKY7zAKAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 06:12:58 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:12:51.133127 2025] [security2:error] [pid 12597:tid 12597] [client 209.50.185.238:10743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "burlison.com"] [uri "/.env"] [unique_id "aVIb42gy4QvcsOFbSkwCUQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:00:57 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:00:53.864162 2025] [security2:error] [pid 29408:tid 29408] [client 209.50.185.238:48999] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "holland-kadaster-registration.com"] [uri "/.git/HEAD"] [unique_id "aVILBRKZRmgJwUgScjDMfwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 04:45:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 23:45:13.130855 2025] [security2:error] [pid 23474:tid 23474] [client 209.50.185.238:37313] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "phoenix-food.awani-partners.com"] [uri "/.git/HEAD"] [unique_id "aSaF2ZkqbfJXSS0Vd2z7YwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:59:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:59:42.915739 2025] [security2:error] [pid 28960:tid 28960] [client 209.50.185.238:42017] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.shinynew.com"] [uri "/.git/HEAD"] [unique_id "aSZtHnuxRdO7nQlP5-WbGwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:45:53 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.185.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:45:47.606127 2025] [security2:error] [pid 3113:tid 3113] [client 209.50.185.238:40689] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.mickbarton.com"] [uri "/.env"] [unique_id "aSZNu0IJhQYxM0VAYh7gZAAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-25 22:23:58 (7 months ago)	Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing ... show more Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing. show less	Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 189.15.10.179

🇪🇨 181.188.237.220

🇺🇸 172.191.239.155

🇺🇸 172.69.23.11

🇱🇹 141.98.10.140

🇨🇳 117.172.221.133

🇺🇸 104.22.20.85

🇺🇸 104.22.20.84

🇺🇸 64.62.197.195

🇰🇷 47.80.29.108

🇨🇳 36.22.242.255

🇺🇸 35.236.251.185

🇹🇼 221.120.38.97

🇺🇸 208.84.101.146

🇺🇸 162.158.166.212

🇦🇺 121.45.188.229

🇰🇷 106.96.6.73

🇺🇸 104.22.17.99

🇺🇸 104.22.17.98

🇮🇩 103.182.192.6