JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 181.209.111.85

181.209.111.85 was found in our database!

This IP was reported 33 times. Confidence of Abuse is 21%: ?

21%

ISP	Puerto80 S.R.L
Usage Type	Fixed Line ISP
ASN	AS52361
Hostname(s)	85.111.209.181.in-addr.arpa
Domain Name	arsat.com.ar
Country	🇦🇷 Argentina
City	Santa Catalina - Dique Lujan, Buenos Aires

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 181.209.111.85

Whois 181.209.111.85

IP Abuse Reports for 181.209.111.85:

This IP address has been reported a total of 33 times from 22 distinct sources. 181.209.111.85 was first reported on August 11th 2024, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇴 Fn4ticHz	2026-05-29 02:48:17 (6 days ago)	DDoS blocked via ZeroGuard.ID	DDoS Attack Exploited Host
🇫🇷 MatStef132	2026-05-22 14:04:50 (1 week ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇳🇱 ByeByte API	2026-05-16 20:01:39 (2 weeks ago)	byebyte.space auth: Rate-limit escalation at 2026-05-16T20:01:39Z: 5 rejections in 300s. Firewall au ... show more byebyte.space auth: Rate-limit escalation at 2026-05-16T20:01:39Z: 5 rejections in 300s. Firewall auto-banned IP for 900s. UA: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0'. Accept-Language: 'en-US,en;q=0.9'. Accept-Encoding: 'gzip, br'. Country (CF): AR. TLS info: {"scheme":"https"}. show less	Web App Attack DDoS Attack
🇷🇴 Fn4ticHz	2026-05-09 14:02:49 (3 weeks ago)	Repeated DDoS targeted -- ZeroGuard X ManagedSRV	DDoS Attack Exploited Host
🇪🇸 el-brujo	2026-05-04 02:39:21 (1 month ago)	Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (X11; Linu ... show more Cloudflare WAF: Request Path: / Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Action: block Source: l7ddos ASN Description: ARSAT - Empresa Argentina de Soluciones Satelitales S.A. Country: AR Method: GET Timestamp: 2026-05-04T02:39:21Z ruleId: 9bc0d8e988e545dea9bd4843c4bef55c. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-03-11 13:50:45 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 181.209.111.85 (85.111.209.181.in-addr.arpa): 1 ... show more (mod_security) mod_security (id:210730) triggered by 181.209.111.85 (85.111.209.181.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 11 09:50:41.949003 2026] [security2:error] [pid 26935:tid 26935] [client 181.209.111.85:50352] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|adoniahenterprises.com\|F\|2"] [data ".user.ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "adoniahenterprises.com"] [uri "/goober_.user.ini"] [unique_id "abFzMURdGsoFuFBUkOaKzwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-02 07:25:13 (3 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇳🇱 ConsulHosting	2026-02-15 16:02:27 (3 months ago)	Part of an HTTP Flood DDoS attack and had sent at least 1 requests.	DDoS Attack Exploited Host
🇩🇪 filstal.org	2026-02-11 13:29:27 (3 months ago)	CrowdSec-Report: crowdsecurity/dovecot-spam	Email Spam Brute-Force
Anonymous	2025-12-18 04:11:58 (5 months ago)	Web app attack and vulnerability scan detected from IIS logs	Brute-Force Bad Web Bot Web App Attack
🇨🇦 1gz	2025-12-14 21:13:24 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from AR. Action taken: CHALLENGE Protocol: HTTP/1.1 (GET m ... show more Triggered Cloudflare WAF (firewallCustom) from AR. Action taken: CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /auth/register UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2025-12-11 15:17:39 (5 months ago)	botnet	DDoS Attack
Anonymous	2025-12-04 07:20:11 (6 months ago)	botnet	DDoS Attack
Anonymous	2025-11-11 18:48:43 (6 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.11.11 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.11.11 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 tcparmor	2025-10-20 00:04:57 (7 months ago)	TCPArmor Auto Report: Detected a ddos attack and suspicious activity from this IP, indicating a pote ... show more TCPArmor Auto Report: Detected a ddos attack and suspicious activity from this IP, indicating a potential attack show less	DDoS Attack Hacking IoT Targeted

Showing 1 to 15 of 33 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 47.79.11.117

🇷🇺 213.234.5.66

🇧🇷 205.210.31.183

🇺🇦 194.44.26.39

🇺🇸 162.216.149.200

🇨🇳 116.179.32.72

🇮🇩 103.144.213.114

🇺🇸 66.132.186.241

🇸🇬 47.84.192.145

🇺🇸 18.119.125.155

🇳🇱 5.255.101.91

🇺🇸 216.24.212.38

🇩🇪 213.209.159.158

🇸🇪 185.217.1.246

🇩🇪 167.94.146.55

🇻🇳 117.6.44.221

🇺🇸 103.203.57.2

🇳🇱 91.92.42.63

🇨🇦 85.217.149.2

🇭🇰 47.86.179.73