JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.126.89

85.121.126.89 was found in our database!

This IP was reported 79 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.126.89

Whois 85.121.126.89

IP Abuse Reports for 85.121.126.89:

This IP address has been reported a total of 79 times from 60 distinct sources. 85.121.126.89 was first reported on May 28th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇮 administrator	2026-06-02 22:20:30 (2 days ago)	2026-05-31 00:08:07,943 fail2ban.actions [264721]: NOTICE [apache-auth] Ban 85.121.126.89 20 ... show more 2026-05-31 00:08:07,943 fail2ban.actions [264721]: NOTICE [apache-auth] Ban 85.121.126.89 2026-05-31 00:08:07,943 fail2ban.actions [264721]: NOTICE [apache-auth] Ban 85.121.126.89 2026-06-03 00:03:44,126 fail2ban.actions [1162]: NOTICE [apache-auth] Ban 85.121.126.89 ... show less	Bad Web Bot Web Spam Email Spam Blog Spam Port Scan Brute-Force Web App Attack
🇺🇸 Matthew Ping	2026-06-02 03:15:28 (3 days ago)	ModSecurity rule 949110 triggered on wp2. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇬🇧 consul.to	2026-05-31 19:59:12 (4 days ago)	Web attack/malicious scanning detected	Web App Attack
🇵🇱 lns.bz	2026-05-31 18:52:00 (4 days ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack
🇩🇪 ger-stg-sifi1	2026-05-31 16:18:59 (4 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 cwytech	2026-05-31 15:34:37 (4 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wordpress-geofence-sus.	Bad Web Bot Web App Attack
🇺🇸 Matthew Ping	2026-05-31 12:30:07 (5 days ago)	ModSecurity rule 949110 triggered on wp2. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇳🇱 Site.eu	2026-05-31 05:21:41 (5 days ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 maxpower	2026-05-31 04:39:41 (5 days ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 85.121.126.89 (-): 2 in the last 3600 se ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 85.121.126.89 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 85.121.126.89 - - [31/May/2026:06:39:35 +0200] "GET /vault.env HTTP/1.1" 404 355 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" "-" host=vincenzodaquino.it 85.121.126.89 - - [31/May/2026:06:39:37 +0200] "GET /secrets.json HTTP/1.1" 404 355 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-" host=vincenzodaquino.it show less	Port Scan
🇳🇱 e.fierstra	2026-05-31 04:17:53 (5 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 raph	2026-05-31 04:09:14 (5 days ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇭🇺 DumaNet	2026-05-31 03:30:00 (5 days ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 May 31. 05:21:48 Source IP: 85.121 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 May 31. 05:21:48 Source IP: 85.121.126.89 Portion of the log(s): 85.121.126.89 - [31/May/2026:05:21:48 +0200] "GET /.env.backup HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; cohere-ai/1.0; +https://cohere.com)" 85.121.126.89 - [31/May/2026:05:21:48 +0200] "GET /.env.production HTTP/1.1" 404 153 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ChatGPT-User/1.0; +https://openai.com/bot" 85.121.126.89 - [31/May/2026:05:21:48 +0200] "GET /.env HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; cohere-ai/1.0; +https://cohere.com)" 85.121.126.89 - [31/May/2026:05:21:48 +0200] "GET /config/application.properties HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" 85.121.126.89 - [31/May/2026:05:21:46 +0200] "GET /secrets.yml HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected])" 85.121.126.89 - [31/May/2026:05:21:46 +0200] "GET /applica show less	Web App Attack Hacking
🇩🇪 sdos.es	2026-05-30 22:10:17 (5 days ago)	"Restricted File Access Attempt - Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aw ... show more "Restricted File Access Attempt - Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials" show less	Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-30 21:59:41 (5 days ago)	Auto-ban: >3000 req/min op 2026-05-30	Web App Attack SSH Hacking
🇦🇹 SchiWaGoA	2026-05-30 21:28:27 (5 days ago)	This IP was detected by CrowdSec trigger from crowdsecurity/http-sensitive-files	Web App Attack Hacking

Showing 1 to 15 of 79 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 2001:67c:e60:c0c:192:42:116:52

🇺🇸 198.98.56.205

🇩🇪 165.154.164.57

🇺🇸 162.216.149.52

🇺🇸 162.216.149.35

🇺🇸 104.17.151.222

🇩🇪 87.158.117.123

🇬🇧 81.19.219.250

🇸🇬 68.183.178.130

🇬🇧 35.203.210.63

🇺🇸 20.169.81.111

🇺🇸 178.128.74.144

🇫🇮 147.185.133.30

🇨🇳 103.219.32.239

🇮🇳 103.199.211.245

🇨🇳 101.204.251.226

🇬🇧 35.203.211.100

🇺🇸 23.227.147.163

🇨🇳 14.103.25.86

🇭🇰 45.78.26.79