JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.120.120

85.121.120.120 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 94%: ?

94%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	London, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.120.120

Whois 85.121.120.120

IP Abuse Reports for 85.121.120.120:

This IP address has been reported a total of 29 times from 19 distinct sources. 85.121.120.120 was first reported on June 12th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 leo1305	2026-06-14 08:52:40 (5 days ago)	CrowdSec detection \| scenario: http-sensitive-files	Web App Attack Exploited Host
Anonymous	2026-06-13 15:24:08 (5 days ago)	Bot / scanning and/or hacking attempts: GET /secrets.yml HTTP/2.0, [9/9] read: stream 0, , [0/0] in ... show more Bot / scanning and/or hacking attempts: GET /secrets.yml HTTP/2.0, [9/9] read: stream 0, , [0/0] init, GET /.env.local HTTP/2.0, GET / HTTP/2.0, GET /backend/.env HTTP/2.0 show less	Hacking Web App Attack
🇩🇪 LRob.fr	2026-06-13 11:15:06 (6 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-13 09:37:42 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.120.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.120.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 05:37:38.349340 2026] [security2:error] [pid 12745:tid 12745] [client 85.121.120.120:42182] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "richmondrents.com"] [uri "/api/.env"] [unique_id "ai0k4nCBQBNcn8XjLzoiHQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-13 08:06:13 (6 days ago)	Abuse Detected (6)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 08:06:10 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.120.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.120.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 04:06:02.750588 2026] [security2:error] [pid 17246:tid 17246] [client 85.121.120.120:42656] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "richardlyne.com.easyweb-publishing.com"] [uri "/.env.example"] [unique_id "ai0Pas8UwZnvx9PJ8QIcxgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 06:59:44 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.120.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.120.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 02:59:40.766044 2026] [security2:error] [pid 17537:tid 17537] [client 85.121.120.120:60000] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ricarl.vccemail.net"] [uri "/.env.example"] [unique_id "aiz_3JxA7cGV5nGqLacicQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-13 06:29:59 (6 days ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-13 06:13:13 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.120.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.120.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 02:13:07.453161 2026] [security2:error] [pid 26230:tid 26230] [client 85.121.120.120:57628] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ricardoagurcia.com.asociacioncopan.org"] [uri "/.env"] [unique_id "aiz08yHJWqzkJe0nlzTdcgAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 SOC PR	2026-06-13 04:18:33 (6 days ago)	IPS: Sensitive Configuration File Disclosure.	Hacking
🇪🇸 pipeline.es	2026-06-13 04:18:15 (6 days ago)	Web scanning / probing for vulnerable paths \| URL: /service-account-key.json \| Evidence: landingow.a ... show more Web scanning / probing for vulnerable paths \| URL: /service-account-key.json \| Evidence: landingow.aavv.com 85.121.120.120 - - [13/Jun/2026:06:17:56 +0200] \"GET /service-account-key.json HTTP/1.1\" 404 222 \"-\" \"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email]\" GEOIP_COUNTRY_CODE=GB \| ASN: M247 Europe SRL \| Country: GB show less	Port Scan Web App Attack
🇬🇧 consul.to	2026-06-13 04:08:29 (6 days ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇭 backslash	2026-06-13 04:06:02 (6 days ago)	block ruleset WAF detection and high score on abuseIPDB 149EB1B42C242111FADBBC2EF8F90219570691E1	Bad Web Bot
Anonymous	2026-06-13 03:50:00 (6 days ago)	suspicious request in access.log	Web App Attack
🇬🇧 Aetherweb Ark	2026-06-13 03:34:23 (6 days ago)	(mod_security) mod_security (id:949110) triggered by 85.121.120.120 (GB/United Kingdom/-): N in the ... show more (mod_security) mod_security (id:949110) triggered by 85.121.120.120 (GB/United Kingdom/-): N in the last X secs show less	Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 107.151.201.162

🇧🇬 78.128.112.30

🇺🇸 216.25.89.146

🇷🇺 178.178.194.131

🇷🇴 80.94.92.156

🇺🇸 207.90.244.20

🇬🇧 204.217.245.134

🇳🇱 193.25.167.244

🇧🇷 177.104.171.149

🇺🇸 164.92.82.91

🇺🇸 142.111.93.247

🇩🇰 130.226.254.28

🇨🇳 117.50.218.37

🇺🇸 65.49.1.163

🇺🇸 65.49.1.65

🇺🇸 45.61.96.48

🇸🇬 43.160.200.19

🇺🇸 18.119.209.50

🇳🇱 204.76.203.49

🇺🇸 195.184.76.114