JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.187.237

209.50.187.237 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.187.237

Whois 209.50.187.237

IP Abuse Reports for 209.50.187.237:

This IP address has been reported a total of 19 times from 10 distinct sources. 209.50.187.237 was first reported on October 14th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-09 21:48:56 (3 weeks ago)	Suspicious WordPress-related activity: 209.50.187.237 - - [09/May/2026:22:48:56 +0100] "GET /wp-jso ... show more Suspicious WordPress-related activity: 209.50.187.237 - - [09/May/2026:22:48:56 +0100] "GET /wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings HTTP/1.1" 200 234 "-" "curl/8.7.1" show less	Hacking Web App Attack
🇵🇱 sefinek.net	2026-02-21 19:02:35 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from CA. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (G ... show more Triggered Cloudflare WAF (firewallCustom) from CA. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (GET) \| Endpoint: / \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko/20100101 Firefox/114.0 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇦 SSH-Admin	2026-02-07 17:12:28 (3 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇨🇦 SSH-Admin	2025-12-27 13:45:08 (5 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇩🇪 stinpriza	2025-12-10 17:33:49 (5 months ago)	Web App Attack	Web App Attack
🇱🇻 garmtech.com	2025-12-08 05:07:16 (5 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇺🇸 TPI-Abuse	2025-11-25 03:56:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:56:44.503083 2025] [security2:error] [pid 6018:tid 6018] [client 209.50.187.237:44863] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.tablerockfriends.com"] [uri "/.git/HEAD"] [unique_id "aSUo_O2Y2aZ5a1DeXsItAQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-25 01:13:24 (6 months ago)	[25/Nov/2025:12:13:23 +1100] "GET /.git/HEAD HTTP/1.1" 301 254 "Mozilla/5.0 (X11; Linux x86_64) Appl ... show more [25/Nov/2025:12:13:23 +1100] "GET /.git/HEAD HTTP/1.1" 301 254 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36" show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:24:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:24:48.572251 2025] [security2:error] [pid 2378:tid 2378] [client 209.50.187.237:26667] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "versahealthcare.versacardio.com"] [uri "/.svn/wc.db"] [unique_id "aST3UES7vJytWFBldPhMfwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:09:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:09:04.633191 2025] [security2:error] [pid 31237:tid 31237] [client 209.50.187.237:26911] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.leanoperationsmanagement.com"] [uri "/.env"] [unique_id "aSQgsBNNaBgurf2CjfIENgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:12:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:11:54.125945 2025] [security2:error] [pid 32096:tid 32096] [client 209.50.187.237:44861] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "urrguide.com.coolingsprings.org"] [uri "/.svn/wc.db"] [unique_id "aSQTSpYgrEdh999cz-RhWgAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:40:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:39:58.977714 2025] [security2:error] [pid 134161:tid 134184] [client 209.50.187.237:50485] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.lamco.us"] [uri "/.env"] [unique_id "aSQLzhfbvyHppNR9RqJm2wAAAII"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:22:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 209.50.187.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:22:01.682450 2025] [security2:error] [pid 26327:tid 26327] [client 209.50.187.237:30195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "herrell.net.utilis.net"] [uri "/.git/HEAD"] [unique_id "aSP5iWhv8LrmPFY9k4ExmwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-20 19:40:04 (6 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 21-40.209.50.187.237.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 21-40.209.50.187.237.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
Anonymous	2025-11-13 18:35:34 (6 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/13 12:32:09	Port Scan Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇴 190.5.200.98

🇺🇸 65.49.1.107

🇳🇱 204.76.203.10

🇸🇬 172.217.32.157

🇺🇸 167.71.88.63

🇸🇬 129.226.202.57

🇨🇭 104.244.74.201

🇮🇳 103.194.243.199

🇸🇬 47.84.194.167

🇨🇳 27.155.120.135

🇻🇳 14.248.82.157

🇺🇸 205.210.31.24

🇧🇷 190.115.91.128

🇮🇹 188.241.126.4

🇳🇱 176.65.139.130

🇺🇸 174.82.166.71

🇵🇰 59.103.110.141

🇮🇪 52.18.62.214

🇸🇬 47.82.13.184

🇧🇪 45.128.133.234