JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.50.191.52

209.50.191.52 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 50%: ?

50%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.50.191.52

Whois 209.50.191.52

IP Abuse Reports for 209.50.191.52:

This IP address has been reported a total of 21 times from 15 distinct sources. 209.50.191.52 was first reported on October 15th 2025, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-14 12:25:01 (9 hours ago)	(mod_security) mod_security (id:900001) triggered by 209.50.191.52: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 209.50.191.52: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jun 14 15:24:59.841508 2026] [security2:error] [pid 921871:tid 922035] [client 209.50.191.52:63069] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.babis.photo"] [severity "CRITICAL"] [tag "security"] [hostname "mail.babis.photo"] [uri "/wp-login.php"] [unique_id "ai6dm-2clReoPvlJKlgPHQAAAM0"], referer: https://mail.babis.photo/wp-login.php show less	Port Scan
🇫🇷 tecnicorioja	2026-06-13 22:01:03 (23 hours ago)	wp-login attack [13/Jun/2026:03:25:42	Brute-Force Web App Attack
🇺🇸 nyt	2026-06-13 15:14:03 (1 day ago)	Repeated WordPress login POSTs blocked by WAF (3 in 6h)	Brute-Force Web App Attack
🇺🇸 lostswordfish.com	2026-06-13 08:14:06 (1 day ago)	Wordfence waf block on parsol	Web App Attack
🇬🇷 setupgr	2026-06-12 07:00:46 (2 days ago)	(mod_security) mod_security (id:900001) triggered by 209.50.191.52: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 209.50.191.52: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 10:00:44.683571 2026] [security2:error] [pid 106844:tid 106897] [client 209.50.191.52:43169] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: gyrosplace.gr"] [severity "CRITICAL"] [tag "security"] [hostname "gyrosplace.gr"] [uri "/wp-login.php"] [unique_id "aiuunBQ56N2K21xh2KiNVAAAAUw"], referer: https://gyrosplace.gr/wp-login.php show less	Port Scan
🇲🇽 octageeks.com	2026-06-10 04:58:03 (4 days ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇫🇷 ELYAZ	2026-06-10 04:43:15 (4 days ago)	(y4) Failed scan -byebye- from 209.50.191.52 (FR/France/-): (CF_ENABLE)	Hacking
🇦🇺 HJ5Ss4Ju	2026-06-10 03:10:10 (4 days ago)	Blocked by Wordfence (SID 6)	Web App Attack
🇩🇪 FeG Deutschland	2026-06-10 01:34:27 (4 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇫🇷 suble.org	2026-05-13 11:05:27 (1 month ago)	209.50.191.52 - - [13/May/2026:13:05:26 +0200] "GET http://schirmer.rocks/.aws/credentials HTTP/1.1" ... show more 209.50.191.52 - - [13/May/2026:13:05:26 +0200] "GET http://schirmer.rocks/.aws/credentials HTTP/1.1" 301 643 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-15 09:18:21 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.191.52 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.191.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 15 04:18:15.456062 2026] [security2:error] [pid 6007:tid 6007] [client 209.50.191.52:39279] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ticmatopografiaeingenieria.com"] [uri "/.env"] [unique_id "aWiw1xu10yWOuZg9YseUVAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-01-15 08:41:17 (4 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 S.O.B.A. Dev.	2026-01-14 23:55:14 (4 months ago)	Threat Blocked by BeeHive from (ASN:200373) (Network:DREI-K-TECH-GMBH) (Host:soba.dev) (Method:GET) ... show more Threat Blocked by BeeHive from (ASN:200373) (Network:DREI-K-TECH-GMBH) (Host:soba.dev) (Method:GET) (Protocol:HTTP/1.1) (Timestamp:2026-01-14T23:55:14Z) show less	Web Spam Brute-Force Web App Attack
Anonymous	2026-01-14 21:22:25 (5 months ago)	209.50.191.52 - - [14/Jan/2026:21:22:23 +0000] "GET /.env HTTP/1.1" 302 483 "-" "Mozilla/5.0 (Window ... show more 209.50.191.52 - - [14/Jan/2026:21:22:23 +0000] "GET /.env HTTP/1.1" 302 483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:15:56 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 209.50.191.52 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 209.50.191.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:15:50.942897 2025] [security2:error] [pid 6551:tid 6551] [client 209.50.191.52:55177] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "healingtrek.com"] [uri "/.git/HEAD"] [unique_id "aVIAdlhoVx4lOhiJGLNWBgAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2601:586:d031:d2cd:35b1:5e70:c6a4:7f7c

🇮🇩 202.10.43.162

🇧🇷 191.32.159.108

🇫🇷 185.177.72.9

🇧🇷 179.49.187.144

🇩🇪 167.94.146.45

🇵🇱 155.212.36.71

🇺🇸 130.12.147.53

🇰🇷 114.30.180.58

🇨🇳 106.37.72.234

🇹🇼 104.199.190.243

🇩🇪 69.5.169.228

🇸🇬 45.78.235.96

🇧🇪 34.156.203.180

🇫🇮 34.88.128.112

🇻🇳 27.79.1.14

🇵🇭 2001:4454:729:ba00:c586:65b9:cfd7:2da1

🇪🇹 196.188.227.231

🇲🇽 187.220.179.197

🇨🇳 182.240.48.27