JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 181.119.66.165

181.119.66.165 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 42%: ?

42%

ISP	UFINET COLOMBIA, S. A.
Usage Type	Fixed Line ISP
ASN	AS52468
Hostname(s)	165.66.119.181.ufinet.com.co
Domain Name	ufinet.com
Country	🇨🇴 Colombia
City	Bogota, Bogota D.C.

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 181.119.66.165

Whois 181.119.66.165

IP Abuse Reports for 181.119.66.165:

This IP address has been reported a total of 20 times from 15 distinct sources. 181.119.66.165 was first reported on June 18th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-02 07:40:02 (3 days ago)	\| [Dangerous/Colombia] Aggressive IP 181.119.66.165 (~30 hits). Type: DoS Defender- Web server 400 e ... show more \| [Dangerous/Colombia] Aggressive IP 181.119.66.165 (~30 hits). Type: DoS Defender- Web server 400 error code show less	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-05-31 10:08:22 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 181.119.66.165 (165.66.119.181.ufinet.com.co): ... show more (mod_security) mod_security (id:210730) triggered by 181.119.66.165 (165.66.119.181.ufinet.com.co): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 06:08:18.059770 2026] [security2:error] [pid 27162:tid 27162] [client 181.119.66.165:55294] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.baliaccommodationpadangpadang.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.baliaccommodationpadangpadang.com"] [uri "/location/[email protected]"] [unique_id "ahwIkt6av-4fXBiFo8MMJwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 EGP Abuse Dept	2026-05-30 01:47:49 (6 days ago)	Scraping webshop URLs (www.sanal.nl), likely botnet drone	Bad Web Bot Exploited Host
🇮🇹 VHosting	2026-05-27 11:33:32 (1 week ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇩🇪 SMARTNET	2026-05-27 06:03:53 (1 week ago)	Aisuru(Mirai variant) DDoS \| Incident ID: f9eee327-63b9-4c70-8845-0c5f5dde9bdb	DDoS Attack
🇩🇪 EGP Abuse Dept	2026-05-27 00:31:17 (1 week ago)	Scraping webshop URLs (www.sanal.nl), likely botnet drone	Bad Web Bot Exploited Host
🇫🇷 MatStef132	2026-05-22 14:04:06 (2 weeks ago)	MatShield L7: blocked on mathost.eu (path-flood-burst)	DDoS Attack
🇺🇸 TPI-Abuse	2026-04-16 03:52:38 (1 month ago)	(mod_security) mod_security (id:217210) triggered by 181.119.66.165 (165.66.119.181.ufinet.com.co): ... show more (mod_security) mod_security (id:217210) triggered by 181.119.66.165 (165.66.119.181.ufinet.com.co): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 23:52:33.895401 2026] [security2:error] [pid 3540357:tid 3540357] [client 181.119.66.165:58615] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|moon7tables.xyz\|F\|4"] [data "GET http://moon7tables.xyz HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "moon7tables.xyz"] [uri "/"] [unique_id "aeBdAUnZcj18ROkjzOCTtQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇬 mypatricks	2026-04-14 18:08:37 (1 month ago)	181.119.66.165 \| Port: 12948 \| DNS: 165.66.119.181.ufinet.com.co 2026-04-15T02:08:36+08:00 America/B ... show more 181.119.66.165 \| Port: 12948 \| DNS: 165.66.119.181.ufinet.com.co 2026-04-15T02:08:36+08:00 America/Bogota \| IPs reserved list \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 HTTP/1.1 443 GET \| URL: /mickey-mouse-clubhouse-cake/?d90a8d0a21f695b0=EUR&code=EUR \| Ref: - \| Country: CO/Colombia/−05:00 IP City: Bogotá Windows 9ec4a8182ee1dac5-MIA/Miami, FL, United States 1 hits/0 secs Browser 3 show less	Brute-Force Web App Attack Blog Spam Web Spam Exploited Host
🇷🇴 INTEQ	2026-02-12 05:37:55 (3 months ago)	Web attack from 181.119.66.165	Web App Attack
🇺🇸 TPI-Abuse	2026-01-23 09:15:43 (4 months ago)	(mod_security) mod_security (id:225080) triggered by 181.119.66.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225080) triggered by 181.119.66.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 23 04:15:29.686189 2026] [security2:error] [pid 16032:tid 16032] [client 181.119.66.165:57626] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^[\\\\d\\\\.ab]+$" against "ARGS_GET:C" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "143"] [id "225080"] [rev "1"] [msg "COMODO WAF: XSS vulnerability in Plupload before 2.1.9 or MediaElement.js before 2.21.0, as used in WordPress before 4.5.2 (CVE-2016-4566 & CVE-2016-4567)\|\|becclesrestaurants.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "becclesrestaurants.com"] [uri "/wp-includes/js/dist/"] [unique_id "aXM8MXGdMD5vlroN-Hr7wgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 urnilxfgbez	2026-01-19 23:45:00 (4 months ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 MPL	2026-01-16 23:51:21 (4 months ago)	tcp/23 (2 or more attempts)	Port Scan
🇨🇭 MLCloud	2026-01-16 23:48:11 (4 months ago)	Honeypot hit: Unauthorized connection attempt detected on 23/TELNET	Port Scan Hacking
🇺🇸 MPL	2026-01-10 19:33:57 (4 months ago)	tcp/23 (4 or more attempts)	Port Scan

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 2a06:4882:1000::13

🇺🇸 192.178.113.20

🇲🇰 185.193.240.246

🇸🇬 165.22.240.201

🇺🇸 72.167.53.56

🇸🇬 51.79.180.235

🇫🇷 51.68.126.146

🇳🇱 45.148.10.157

🇮🇩 36.65.14.52

🇧🇪 35.205.48.88

🇺🇸 2602:fb54:1400::1d6

🇳🇱 204.76.203.15

🇨🇳 121.43.168.99

🇺🇸 2600:3c00::2000:cdff:fe0b:55ef

🇺🇸 199.96.164.93

🇿🇦 102.64.36.129

🇩🇪 92.208.179.175

🇺🇸 72.10.32.138

🇻🇳 14.225.173.146

🇧🇪 207.175.45.58