JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.115.209.50

85.115.209.50 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 61%: ?

61%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212810
Domain Name	netutils.io
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.115.209.50

Whois 85.115.209.50

IP Abuse Reports for 85.115.209.50:

This IP address has been reported a total of 13 times from 10 distinct sources. 85.115.209.50 was first reported on June 5th 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 ger-stg-sifi1	2026-06-13 18:34:49 (4 hours ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇩🇪 barbarella	2026-06-12 11:22:42 (1 day ago)	Multiple (12) times attack on https port 443: Configuration snooping (GET /.git/HEAD) 11:22:42 C ... show more Multiple (12) times attack on https port 443: Configuration snooping (GET /.git/HEAD) 11:22:42 Configuration snooping with .env file (GET /.env) 11:22:42 Configuration snooping with modified .env.* file (GET /.env.local) 11:22:42 Configuration snooping in .env file (GET /env) 11:22:43 Configuration snooping with modified .env.* file (GET /.env.production) 11:22:43 Configuration snooping with modified .env.* file (GET /.env.development) 11:22:43 illegal scan for AWS credentials file (GET /.aws/credentials) 11:22:43 Configuration snooping with .env file (GET /backend/.env) 11:22:43 Configuration snooping with .env file (GET /api/.env) show less	Hacking Web App Attack
🇺🇦 URAN Publishing Service	2026-06-12 11:16:13 (1 day ago)	85.115.209.50 - - [12/Jun/2026:14:16:12 +0300] "GET /.env HTTP/1.1" 404 735 "-" "Mozilla/5.0 (Window ... show more 85.115.209.50 - - [12/Jun/2026:14:16:12 +0300] "GET /.env HTTP/1.1" 404 735 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/146.0.3856.109" 85.115.209.50 - - [12/Jun/2026:14:16:13 +0300] "GET /api/.env HTTP/1.1" 404 4737 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" ... show less	Web App Attack
🇧🇪 cmbplf	2026-06-12 11:07:28 (1 day ago)	146 requests with url.path .git/	Brute-Force Bad Web Bot
Anonymous	2026-06-12 10:59:38 (1 day ago)	(caddyscan) Scanner path probe from 85.115.209.50 (GB/United Kingdom/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 85.115.209.50 (GB/United Kingdom/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 85.115.209.50 - - [12/Jun/2026:10:59:33 +0000] "GET /.git/HEAD HTTP/1.1" [REDACTED] 200 2627 85.115.209.50 - - [12/Jun/2026:10:59:33 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 85.115.209.50 - - [12/Jun/2026:10:59:34 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 85.115.209.50 - - [12/Jun/2026:10:59:34 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 85.115.209.50 - - [12/Jun/2026:10:59:34 +0000] "GET /.git/config HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-12 10:48:23 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.115.209.50 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.115.209.50 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 06:48:19.596929 2026] [security2:error] [pid 4182:tid 4182] [client 85.115.209.50:56316] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "herrell.net"] [uri "/.git/HEAD"] [unique_id "aivj89QI3ovsuNCNYq3KTQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-12 10:05:09 (1 day ago)	Scanning/Probing (11)	Brute-Force Web App Attack
🇩🇪 Inamin	2026-06-12 09:21:54 (1 day ago)	85.115.209.50 - - [12/Jun/2026:17:21:40 +0800] "GET /index.php?title=%E9%A6%96%E9%A0%81&action=h ... show more 85.115.209.50 - - [12/Jun/2026:17:21:40 +0800] "GET /index.php?title=%E9%A6%96%E9%A0%81&action=history HTTP/2.0" 200 32536 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/146.0.3856.109" 85.115.209.50 - - [12/Jun/2026:17:21:53 +0800] "GET /index.php?title=%E7%89%B9%E6%AE%8A:%E8%BF%91%E6%9C%9F%E8%AE%8A%E5%8B%95&days=1&from= HTTP/2.0" 200 83097 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 85.115.209.50 - - [12/Jun/2026:17:21:53 +0800] "GET /index.php?title=%E7%89%B9%E6%AE%8A:%E8%BF%91%E6%9C%9F%E8%AE%8A%E5%8B%95&days=7&from= HTTP/2.0" 200 83097 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/146.0.3856.109" 85.115.209.50 - - [12/Jun/2026:17:21:53 +0800] "GET /index.php?title=%E7%89%B9%E6%AE%8A:%E8%BF%91%E6%9C%9F%E8%AE%8A%E5%8B%95&days=3&fro ... show less	Port Scan
🇳🇱 homeshowdomain.nl	2026-06-06 22:01:16 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-05. show less	Web App Attack SSH Hacking
🇳🇱 homeshowdomain.nl	2026-06-05 21:59:10 (1 week ago)	Auto-ban: >3000 req/min op 2026-06-05	Web App Attack SSH Hacking
🇳🇴 doofy	2026-06-05 19:22:02 (1 week ago)	[Fri Jun 05 21:22:01.490152 2026] [authz_core:error] [pid 2154674:tid 2154706] [client 85.115.209.50 ... show more [Fri Jun 05 21:22:01.490152 2026] [authz_core:error] [pid 2154674:tid 2154706] [client 85.115.209.50:36698] AH01630: client denied by server configuration: /www/hekser.net/.git [Fri Jun 05 21:22:01.490703 2026] [authz_core:error] [pid 2154674:tid 2154722] [client 85.115.209.50:45290] AH01630: client denied by server configuration: /www/hekser.net/.env [Fri Jun 05 21:22:01.935040 2026] [authz_core:error] [pid 2154674:tid 2154710] [client 85.115.209.50:36698] AH01630: client denied by server configuration: /www/hekser.net/.env.production [Fri Jun 05 21:22:01.935401 2026] [authz_core:error] [pid 2154674:tid 2154702] [client 85.115.209.50:45290] AH01630: client denied by server configuration: /www/hekser.net/.env.local [Fri Jun 05 21:22:02.046925 2026] [authz_core:error] [pid 2154684:tid 2154770] [client 85.115.209.50:45306] AH01630: client denied by server configuration: /www/hekser.net/.env.development ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 19:14:02 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 85.115.209.50 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.115.209.50 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 15:13:55.454011 2026] [security2:error] [pid 12771:tid 12771] [client 85.115.209.50:43606] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hersbach.net"] [uri "/.git/HEAD"] [unique_id "aiMf89DC9uRWPAONq80F6wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-05 19:05:41 (1 week ago)	Scanning/Probing (11)	Brute-Force Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 167.94.145.24

🇻🇳 113.161.207.115

🇷🇴 92.118.39.62

🇺🇸 74.125.77.84

🇮🇷 185.231.181.16

🇳🇱 185.226.197.45

🇨🇲 154.70.102.114

🇧🇩 131.186.50.157

🇸🇬 103.187.147.165

🇱🇹 77.90.185.238

🇷🇺 46.39.254.221

🇻🇳 27.79.4.112

🇺🇸 8.229.58.180

🇺🇸 216.25.89.109

🇲🇿 197.219.228.242

🇺🇸 192.65.5.176

🇺🇸 104.168.124.74

🇩🇪 69.5.169.17

🇺🇸 66.240.192.138

🇬🇧 51.89.166.236