This IP address has been reported a total of
36
times from
22 distinct
sources.
181.209.104.52 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
181.209.104.52 (AR/Argentina/52.104.209.181.in-addr.arpa), 12 distributed imapd attacks on account [ ...
show more181.209.104.52 (AR/Argentina/52.104.209.181.in-addr.arpa), 12 distributed imapd attacks on account [redacted]
show less
181.209.104.52 (AR/Argentina/52.104.209.181.in-addr.arpa), 12 distributed imapd attacks on account [ ...
show more181.209.104.52 (AR/Argentina/52.104.209.181.in-addr.arpa), 12 distributed imapd attacks on account [redacted]
show less
(mod_security) mod_security (id:240950) triggered by 181.209.104.52 (52.104.209.181.in-addr.arpa): 1 ...
show more(mod_security) mod_security (id:240950) triggered by 181.209.104.52 (52.104.209.181.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 04 02:52:23.750566 2026] [security2:error] [pid 29786:tid 29786] [client 181.209.104.52:43272] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||www.noelramos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.noelramos.com"] [uri "/wiki/index.php"] [unique_id "aYL6t36Inq3XuWKLrw2XpQAAAA4"], referer: http://www.noelramos.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ...
show moreDistributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in thread-post.asp
show less
Malformed or malicious web request
181.209.104.52 - - [17/Dec/2025:22:31:19 +0100] "HTTP/1.1 303 See ...
show moreMalformed or malicious web request
181.209.104.52 - - [17/Dec/2025:22:31:19 +0100] "HTTP/1.1 303 See Other" 400 157 "-" "-"
show less
Hacking
Web App Attack
Anonymous
scanning http requests from known botnet
Web App Attack
Showing 1 to
15
of 36 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ