JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.38.209.85

185.38.209.85 was found in our database!

This IP was reported 72 times. Confidence of Abuse is 73%: ?

73%

ISP	DOMONET by WNET
Usage Type	Fixed Line ISP
ASN	AS24685
Hostname(s)	unassigned.209.38.185.in-addr.arpa
Domain Name	w-net.eu
Country	🇺🇦 Ukraine
City	Kyiv, Kyiv City

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.38.209.85

Whois 185.38.209.85

IP Abuse Reports for 185.38.209.85:

This IP address has been reported a total of 72 times from 38 distinct sources. 185.38.209.85 was first reported on November 27th 2025, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 thetomtaylor.co.uk	2026-06-06 11:07:02 (5 days ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-06 10:05:03 (5 days ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [wa01]	Hacking Brute-Force Bad Web Bot Web App Attack
🇬🇧 cybersteve99	2026-06-05 13:30:07 (6 days ago)	Too many 4xx Requests -	Brute-Force Web App Attack
🇮🇩 Burayot	2026-06-05 13:09:17 (6 days ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 185.38.209.85 (UA/Ukraine/unassigne ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 185.38.209.85 (UA/Ukraine/unassigned.209.38.185.in-addr.arpa): 2 in the last 3600 secs show less	Web App Attack
🇸🇬 Starburst SysOp Team	2026-06-05 13:04:13 (6 days ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-sin2-2)	Hacking Web App Attack
🇭🇰 www.winos.me	2026-06-04 15:08:47 (1 week ago)	Shield: Layer4 Port 9 Trap	Port Scan Hacking
Anonymous	2026-06-03 17:12:43 (1 week ago)	Unauthorised traffic to honeypot	Port Scan
🇩🇰 SaltySoftworks	2026-05-31 07:49:01 (1 week ago)	Connecting to IP instead of domain name	Hacking Web App Attack
🇸🇪 Juha Jurvanen	2026-05-31 07:32:22 (1 week ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇩🇰 castipo	2026-05-31 07:04:02 (1 week ago)	nginx-env :: 185.38.209.85 - - [31/May/2026:14:04:01 +0700] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/ ... show more nginx-env :: 185.38.209.85 - - [31/May/2026:14:04:01 +0700] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" host="[ip]" cfip="-" cfray="-" show less	Web App Attack Hacking
🇸🇪 KIDOS	2026-05-31 06:49:12 (1 week ago)	KASM auto: exploit_/.env	Brute-Force SSH
🇸🇪 nekopavel	2026-05-30 19:22:32 (1 week ago)	185.38.209.85 - - [30/May/2026:21:13:16 +0200]"GET /.git/config HTTP/1.1" 404 150"-" thighs.moe "Moz ... show more 185.38.209.85 - - [30/May/2026:21:13:16 +0200]"GET /.git/config HTTP/1.1" 404 150"-" thighs.moe "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0""0.009" "0.001""Kyiv" "UA" 185.38.209.85 - - [30/May/2026:21:13:16 +0200]"GET /.env HTTP/1.1" 200 0"-" thighs.moe "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0""0.010" "0.001""Kyiv" "UA" 185.38.209.85 - - [30/May/2026:21:22:29 +0200]"GET /.env HTTP/1.1" 404 804"-" 78.69.8.25 "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0""0.000" "-""Kyiv" "UA" ... show less	Hacking Bad Web Bot Web App Attack
🇳🇱 r4fo.com	2026-05-30 18:44:03 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/appsec-vpatch	Web App Attack
🇸🇪 KIDOS	2026-05-30 17:07:26 (1 week ago)	CrowdSec detected malicious activity	DDoS Attack
🇸🇪 KIDOS	2026-05-30 16:52:26 (1 week ago)	IIS malicious activity: high_400_error_rate (80% of requests are 400 errors)	Web App Attack

Showing 1 to 15 of 72 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.82

🇹🇼 116.59.8.106

🇺🇸 70.37.89.177

🇩🇪 2401:b140:2::92:201

🇺🇸 208.87.242.185

🇮🇳 202.159.221.146

🇧🇪 198.235.24.206

🇬🇧 194.50.235.146

🇦🇷 190.113.165.161

🇺🇸 162.216.149.241

🇺🇸 142.248.80.209

🇮🇩 110.139.55.253

🇺🇸 85.208.96.197

🇩🇪 69.5.169.242

🇨🇳 47.106.218.161

🇧🇷 45.174.220.205

🇺🇸 45.33.55.247

🇬🇧 31.14.254.79

🇷🇴 2.57.121.25

🇮🇩 210.57.216.130