JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.141

85.121.127.141 was found in our database!

This IP was reported 53 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.141

Whois 85.121.127.141

IP Abuse Reports for 85.121.127.141:

This IP address has been reported a total of 53 times from 25 distinct sources. 85.121.127.141 was first reported on June 5th 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 tg_de	2026-06-11 11:29:18 (11 hours ago)	11 attempts since 11.06.2026 13:28:35 CEST - last search for: /api/config	Web App Attack
🇺🇸 JustMeHere	2026-06-06 21:27:53 (5 days ago)	[Sat Jun 06 17:27:48.489061 2026] [security2:error] [pid 1994:tid 2125] [client 85.121.127.141:60214 ... show more [Sat Jun 06 17:27:48.489061 2026] [security2:error] [pid 1994:tid 2125] [client 85.121.127.141:60214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "gateway.yorknation.com"] [uri "/.git/config"] [unique_id "aiSQ1NrYaGqGfDJU-T-RyAAAABc"] ... show less	Web App Attack
🇮🇹 ivanbiagi7	2026-06-06 21:17:28 (5 days ago)	(localhost/crowdsec) crowdsecurity/http-sensitive-files by ip 85.121.127.141 (NL/9009) : 4h ban on I ... show more (localhost/crowdsec) crowdsecurity/http-sensitive-files by ip 85.121.127.141 (NL/9009) : 4h ban on Ip 85.121.127.141 show less	Web App Attack
🇳🇱 ReyhZhao	2026-06-06 21:11:03 (5 days ago)	Bunkerweb ModSecurity alert: Potential Remote Command Execution (RCE) detected. Unix shell code was ... show more Bunkerweb ModSecurity alert: Potential Remote Command Execution (RCE) detected. Unix shell code was identified within the request arguments, triggering a security rule designed to prevent application attacks. show less	Brute-Force
Anonymous	2026-06-06 20:27:28 (5 days ago)	by Attack Lagwatch(gw)	DDoS Attack Web Spam Hacking Bad Web Bot Web App Attack
🇩🇪 NewGastroline	2026-06-06 20:07:01 (5 days ago)	Malicious request blocked by CrowdSec on gastro-prod1.boreus.de	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 19:46:15 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 85.121.127.141 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 85.121.127.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 15:46:10.461108 2026] [security2:error] [pid 31691:tid 31691] [client 85.121.127.141:58658] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|garysgates.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "garysgates.com"] [uri "/storage/logs/laravel.log"] [unique_id "aiR5ArT6YXOx7nkciZJOewAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 19:24:35 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.141 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 15:24:29.213758 2026] [security2:error] [pid 26165:tid 26165] [client 85.121.127.141:37904] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "garretthillary.com"] [uri "/.git/config"] [unique_id "aiRz7QOmmaPvDirXgEGpKwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 19:04:29 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.141 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 15:04:24.837162 2026] [security2:error] [pid 11922:tid 11922] [client 85.121.127.141:47360] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gardner-cpanel3.dnchosting.com"] [uri "/.git/config"] [unique_id "aiRvOD94q9dewfLBxMNtIQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-06-06 18:50:22 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇪🇸 netfactotum	2026-06-06 18:22:35 (5 days ago)		Hacking Web App Attack
🇩🇪 Spiderpiggy	2026-06-06 18:19:59 (5 days ago)	Automatically reported via Blackhole honeypot on games4you.be. Attempted access to restricted endpoi ... show more Automatically reported via Blackhole honeypot on games4you.be. Attempted access to restricted endpoint: /.aws/credentials show less	Brute-Force Bad Web Bot SSH
🇩🇪 LRob.fr	2026-06-06 17:30:02 (5 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇩🇪 Nightreaver	2026-06-06 17:17:57 (5 days ago)	85.121.127.141 - - [06/Jun/2026:19:17:52 0200] "GET /debug/pprof/cmdline HTTP/1.1" 404 431 "-" "Moz ... show more 85.121.127.141 - - [06/Jun/2026:19:17:52 0200] "GET /debug/pprof/cmdline HTTP/1.1" 404 431 "-" "Mozilla/5.0 (compatible; Applebot/0.1; http://www.apple.com/go/applebot)" 85.121.127.141 - - [06/Jun/2026:19:17:56 0200] "GET /robots.txt HTTP/1.1" 404 431 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15" 85.121.127.141 - - [06/Jun/2026:19:17:56 0200] "GET /.git/config HTTP/1.1" 404 431 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; OAI-SearchBot/1.0; https://openai.com/searchbot" 85.121.127.141 - - [06/Jun/2026:19:17:56 0200] "GET /config/application.properties HTTP/1.1" 404 431 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; https://perplexity.ai/perplexitybot" 85.121.127.141 - - [06/Jun/2026:19:17:56 0200] "GET /application.properties HTTP/1.1" 404 431 "-" "CCBot/2.0 (https://commoncrawl.org/faq/)"[...] show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 16:58:31 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.141 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 12:58:26.062124 2026] [security2:error] [pid 7824:tid 7887] [client 85.121.127.141:37918] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gamecrazy.hdtv55.com"] [uri "/.git/config"] [unique_id "aiRRslJ4ALtFPzfZAdOEgwAAANM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 53 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.199

🇸🇬 178.128.115.225

🇪🇸 158.158.120.186

🇮🇩 157.10.109.87

🇺🇸 147.185.132.255

🇵🇰 115.186.183.74

🇨🇳 106.12.6.79

🇩🇪 69.5.169.222

🇺🇸 20.121.80.160

🇳🇱 192.42.116.57

🇨🇳 124.88.113.209

🇭🇰 118.26.39.178

🇨🇳 115.190.126.68

🇰🇷 61.76.38.54

🇳🇱 45.148.10.147

🇵🇱 217.30.138.55

🇺🇸 209.50.171.112

🇳🇱 195.178.110.108

🇨🇴 186.146.235.58

🇵🇱 95.214.54.37