JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.11.167.49

85.11.167.49 was found in our database!

This IP was reported 1,312 times. Confidence of Abuse is 100%: ?

100%

ISP	TechTies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS209630
Hostname(s)	web-defines.cubeamps.com
Domain Name	tech-ties.net
Country	🇳🇱 Netherlands
City	Lelystad, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.11.167.49

Whois 85.11.167.49

IP Abuse Reports for 85.11.167.49:

This IP address has been reported a total of 1,312 times from 400 distinct sources. 85.11.167.49 was first reported on April 8th 2026, and the most recent report was 19 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 myagent.site	2026-04-11 01:08:28 (1 month ago)	Blocking for trying to access an exploit file: /phpinfo.php	Hacking
🇦🇺 rubixstudios	2026-04-11 00:35:02 (1 month ago)	Excessive HTTP requests consistent with automated attack behaviour detected by Imunify360	DDoS Attack Brute-Force Web App Attack
🇩🇪 macrob	2026-04-10 22:43:01 (1 month ago)	2026/04/10 22:42:30 [error] 4161750#4161750: 142567819 access forbidden by rule, client: 85.11.167. ... show more 2026/04/10 22:42:30 [error] 4161750#4161750: 142567819 access forbidden by rule, client: 85.11.167.49, server: binixo.com.ua, request: "GET /admin/phpinfo.php HTTP/2.0", host: "binixo.com.ua", referrer: "http://binixo.com.ua/admin/phpinfo.php" 2026/04/10 22:42:51 [error] 4161750#4161750: 142567819 access forbidden by rule, client: 85.11.167.49, server: binixo.com.ua, request: "GET /.aws/credentials HTTP/2.0", host: "binixo.com.ua", referrer: "http://binixo.com.ua/.aws/credentials" 2026/04/10 22:42:59 [error] 4161750#4161750: 142567819 access forbidden by rule, client: 85.11.167.49, server: binixo.com.ua, request: "GET /.env HTTP/2.0", host: "binixo.com.ua", referrer: "http://binixo.com.ua/.env" ... show less	Web App Attack
🇩🇪 Vegascosmetics	2026-04-10 21:50:13 (1 month ago)	Kingcopy(AI-IDS):IP does Multiple AWS Environment Abuse	Hacking Web App Attack
🇲🇾 Rizzy	2026-04-10 20:51:34 (1 month ago)	Multiple WAF Violations	Brute-Force Web App Attack
Anonymous	2026-04-10 14:55:39 (1 month ago)	[Fri Apr 10 16:54:44.812059 2026] [proxy_fcgi:error] [pid 619162:tid 619204] [client 85.11.167.49:64 ... show more [Fri Apr 10 16:54:44.812059 2026] [proxy_fcgi:error] [pid 619162:tid 619204] [client 85.11.167.49:64535] AH01071: Got error 'Primary script unknown', referer: http://cloud.cimt-precision.de/phpinfo.php [Fri Apr 10 16:54:52.716459 2026] [proxy_fcgi:error] [pid 619162:tid 619196] [client 85.11.167.49:55091] AH01071: Got error 'Primary script unknown', referer: http://cloud.cimt-precision.de/test.php [Fri Apr 10 16:55:11.586837 2026] [proxy_fcgi:error] [pid 568903:tid 569025] [client 85.11.167.49:53524] AH01071: Got error 'Primary script unknown', referer: http://cloud.cimt-precision.de/info.php [Fri Apr 10 16:55:31.986534 2026] [proxy_fcgi:error] [pid 568905:tid 569021] [client 85.11.167.49:59598] AH01071: Got error 'Primary script unknown', referer: http://cloud.cimt-precision.de/php_info.php [Fri Apr 10 16:55:38.705309 2026] [proxy_fcgi:error] [pid 568903:tid 569049] [client 85.11.167.49:61738] AH01071: Got error 'Primary script unknown', referer: http://cloud.cimt-precision.de/i.php ... show less	Brute-Force Web App Attack
Anonymous	2026-04-10 10:42:12 (1 month ago)	ICONZDE WEBEXPLOIT 85.11.167.49 (web-defines.cubeamps.com)	Web App Attack
🇩🇪 igerman	2026-04-10 09:13:36 (1 month ago)	caddy probes: [web] GET /phpinfo -> 401 [web] GET /phpinfo.php -> DROP [web] GET /phpinfo -> DROP [w ... show more caddy probes: [web] GET /phpinfo -> 401 [web] GET /phpinfo.php -> DROP [web] GET /phpinfo -> DROP [web] GET /test.php -> DROP [web] GET /_profiler/phpinfo -> DROP [web] GET /info.php -> DROP [web] GET /php.php -> DROP [web] GET /php_info.php -> DROP [web] GET /i.php -> DROP [web] GET /pi.php -> DROP show less	Web App Attack
🇫🇷 dwmp	2026-04-10 06:48:57 (1 month ago)	Url probing: /.env.example	Web App Attack
🇬🇧 consul.to	2026-04-10 03:51:28 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇧🇪 madeit	2026-04-10 03:09:39 (1 month ago)		Web App Attack
Anonymous	2026-04-10 03:07:03 (1 month ago)	Bot / scanning and/or hacking attempts: GET /.env.backup HTTP/1.1, GET /php_version.php HTTP/1.1, [1 ... show more Bot / scanning and/or hacking attempts: GET /.env.backup HTTP/1.1, GET /php_version.php HTTP/1.1, [1/1] read: stream 0, , [0/0] read: stream 0, show less	Hacking Web App Attack
🇺🇸 chrisj	2026-04-10 00:54:26 (1 month ago)	[Fri Apr 10 00:54:01.761075 2026] [proxy_fcgi:error] [pid 49037:tid 49037] [client 85.11.167.49:5624 ... show more [Fri Apr 10 00:54:01.761075 2026] [proxy_fcgi:error] [pid 49037:tid 49037] [client 85.11.167.49:56244] AH01071: Got error 'Primary script unknown', referer: http://mail.greencityliving.earth/phpinfo.php [Fri Apr 10 00:54:10.743990 2026] [proxy_fcgi:error] [pid 49041:tid 49041] [client 85.11.167.49:52000] AH01071: Got error 'Primary script unknown', referer: http://mail.greencityliving.earth/test.php [Fri Apr 10 00:54:25.857729 2026] [proxy_fcgi:error] [pid 49036:tid 49036] [client 85.11.167.49:61954] AH01071: Got error 'Primary script unknown', referer: http://mail.greencityliving.earth/info.php ... show less	Brute-Force
🇺🇸 mnsf	2026-04-10 00:05:14 (1 month ago)	Too many Status 40X (12)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-04-09 20:41:50 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 85.11.167.49 (web-defines.cubeamps.com): 1 in t ... show more (mod_security) mod_security (id:210492) triggered by 85.11.167.49 (web-defines.cubeamps.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 16:41:43.984211 2026] [security2:error] [pid 855738:tid 855738] [client 85.11.167.49:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "365soft.top"] [uri "/.env"] [unique_id "adgPB2dv88CFXMxNAfzZiQAAABQ"], referer: http://365soft.top/.env show less	Brute-Force Bad Web Bot Web App Attack

Showing 1276 to 1290 of 1312 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇾 193.43.145.225

🇺🇸 173.236.242.79

🇶🇦 78.101.207.148

🇷🇺 77.222.113.41

🇺🇸 76.79.213.69

🇩🇪 69.5.169.72

🇺🇸 64.62.156.42

🇮🇪 54.170.231.235

🇸🇦 51.253.239.189

🇳🇱 45.142.193.53

🇩🇪 178.16.52.181

🇭🇰 146.70.79.47

🇺🇸 96.127.172.215

🇺🇸 23.254.150.7

🇰🇷 8.230.0.135

🇺🇸 184.32.99.230

🇹🇭 182.52.56.128

🇩🇪 159.195.147.215

🇸🇦 155.138.74.88

🇰🇷 115.178.75.243