JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.115.209.53

85.115.209.53 was found in our database!

This IP was reported 114 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212810
Domain Name	netutils.io
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.115.209.53

Whois 85.115.209.53

IP Abuse Reports for 85.115.209.53:

This IP address has been reported a total of 114 times from 86 distinct sources. 85.115.209.53 was first reported on June 5th 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 e.fierstra	2026-06-13 07:37:25 (4 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇳🇴 Bots.go.to.hell	2026-06-12 20:35:01 (15 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇩🇪 on-com	2026-06-12 18:53:04 (16 hours ago)	URL scan	Brute-Force Web App Attack
🇵🇱 ketovoila.pl	2026-06-12 17:24:58 (18 hours ago)	ketovoila.pl web app secret/repository scan: hits=2; unique_paths=2; sample_paths=/.git/HEAD,/.git/c ... show more ketovoila.pl web app secret/repository scan: hits=2; unique_paths=2; sample_paths=/.git/HEAD,/.git/config; UA="Mozilla/5.0 (Macintosh; Intel Mac OS X 15.7; rv:149.0) Gecko/20100101 Firefox/149.0"; window=2026-06-12T17:24:58Z..2026-06-12T17:24:59Z show less	Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-06-12 17:10:25 (18 hours ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 Rocky Mountain Bioengineering Symposium	2026-06-12 13:09:27 (22 hours ago)	85.115.209.53 - - [12/Jun/2026:07:09:27 -0600] "GET /.git/config HTTP/1.1" 300 11260 "-" "Mozilla/5. ... show more 85.115.209.53 - - [12/Jun/2026:07:09:27 -0600] "GET /.git/config HTTP/1.1" 300 11260 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" ... show less	Web App Attack
🇳🇱 ParaBug	2026-06-12 12:58:14 (22 hours ago)	85.115.209.53 - - [12/Jun/2026:14:58:14 +0200] "GET /.git/config HTTP/1.1" 301 4184 "-" "Mozilla/5.0 ... show more 85.115.209.53 - - [12/Jun/2026:14:58:14 +0200] "GET /.git/config HTTP/1.1" 301 4184 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0" ... show less	Phishing Brute-Force Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-12 10:09:21 (1 day ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 gamabe	2026-06-12 07:24:39 (1 day ago)	Detected crowdsecurity/http-sensitive-files attack pattern. Reported by CrowdSec IDS.	Hacking
🇨🇭 4server	2026-06-12 05:44:40 (1 day ago)	[FriJun1207:44:37.7372272026][security2:error][pid2906795:tid2907041][client85.115.209.53:0]ModSecur ... show more [FriJun1207:44:37.7372272026][security2:error][pid2906795:tid2907041][client85.115.209.53:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"stmconsulenze.ch.81-17-25-250.cpanel.site\"][uri\"/.env.production\"][unique_id\"aiucxeIU4Li9Z-NVqWRMJQAAAQc\"] show less	Hacking Web App Attack
🇬🇧 andypiper	2026-06-12 01:02:48 (1 day ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 00:20:37 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.115.209.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.115.209.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 20:20:33.401181 2026] [security2:error] [pid 12333:tid 12333] [client 85.115.209.53:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.empoweruamerica.org"] [uri "/.git/HEAD"] [unique_id "aitQ0VcFlgmcp9aTEdcWlwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 21:05:44 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.115.209.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.115.209.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 17:05:38.762659 2026] [security2:error] [pid 31104:tid 31104] [client 85.115.209.53:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.nyemdr.org"] [uri "/.env.local"] [unique_id "aisjIiHweXobshUuMykCmQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 MBombeck	2026-06-11 20:00:23 (1 day ago)	Fail2Ban/traefik-botsearch on apps-01: banned after 5 failures	Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 17:13:51 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.115.209.53 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.115.209.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 13:13:47.539536 2026] [security2:error] [pid 19056:tid 19056] [client 85.115.209.53:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.frogmouthatx.com"] [uri "/.env.production"] [unique_id "airsy-Yoqiu_v8WPBJR8xgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 114 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.138

🇻🇪 190.142.97.50

🇻🇪 189.127.167.41

🇫🇮 147.185.133.172

🇮🇳 114.143.49.58

🇮🇳 103.91.72.240

🇺🇸 43.162.103.6

🇨🇳 221.228.203.3

🇮🇳 182.79.51.142

🇷🇺 176.120.22.240

🇺🇸 172.214.209.153

🇮🇹 172.71.114.109

🇩🇪 167.94.145.19

🇨🇳 114.138.96.55

🇬🇧 88.215.1.201

🇷🇴 86.106.79.133

🇫🇷 77.237.239.101

🇺🇸 54.204.62.163

🇲🇾 47.250.88.100

🇮🇳 34.93.241.217