JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.148

85.121.127.148 was found in our database!

This IP was reported 87 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.148

Whois 85.121.127.148

IP Abuse Reports for 85.121.127.148:

This IP address has been reported a total of 87 times from 59 distinct sources. 85.121.127.148 was first reported on June 5th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-11 22:34:08 (3 days ago)		Brute-Force Web App Attack
🇬🇧 Axel	2026-06-11 11:24:02 (3 days ago)	Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /api/.env Ser ... show more Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /api/.env Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇬🇧 consul.to	2026-06-11 11:12:44 (3 days ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇰 ScamAware	2026-06-11 10:40:48 (3 days ago)	Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ... show more Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 3. Unique request paths counted internally: 3. Cloudflare action: block. Cloudflare source: firewallCustom. show less	Web App Attack
🇯🇵 VXG-NET	2026-06-11 10:37:29 (3 days ago)	port=80, indicator_type=info-leak	Hacking
🇦🇺 screwlooseit.com.au	2026-06-11 09:26:26 (3 days ago)	Blocked by CSF 13 firewall - Rule: config-dotfile RO/Romania/-	Web App Attack
🇩🇪 Progetto1	2026-06-11 09:10:01 (3 days ago)	Detected via HAProxyScanner at 2026-06-11 09:10:01 UTC on destination port WEB (80/443). Repeated sc ... show more Detected via HAProxyScanner at 2026-06-11 09:10:01 UTC on destination port WEB (80/443). Repeated scan / connection. show less	Port Scan Hacking Brute-Force
🇫🇷 EDSL	2026-06-11 08:52:51 (3 days ago)	[mail.edsl.fr] Blocked by SysWarden Firewall (Web Attack)	Web App Attack Hacking Port Scan
🇫🇷 SpaceHost-Server	2026-06-10 22:33:10 (4 days ago)		Brute-Force Web App Attack
🇬🇧 Apache	2026-06-10 15:14:19 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.148 (-): 5 in the last 300 secs (CF_ ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.148 (-): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
Anonymous	2026-06-10 15:02:18 (4 days ago)	(caddyscan) Scanner path probe from 85.121.127.148 (NL/The Netherlands/-): 5 in the last 3600 secs; ... show more (caddyscan) Scanner path probe from 85.121.127.148 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:15:02:10 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:15:02:10 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:15:02:13 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:15:02:16 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:15:02:16 +0000] "GET /.env.backup HTTP/1.1" show less	Port Scan
🇩🇪 LRob.fr	2026-06-10 14:00:22 (4 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
Anonymous	2026-06-10 13:49:55 (4 days ago)	(caddyscan) Scanner path probe from 85.121.127.148 (NL/The Netherlands/-): 5 in the last 3600 secs; ... show more (caddyscan) Scanner path probe from 85.121.127.148 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:13:49:52 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:13:49:53 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:13:49:53 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:13:49:53 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 85.121.127.148 - - [10/Jun/2026:13:49:53 +0000] "GET /.env.example HTTP/1.1" show less	Port Scan
🇹🇷 cagatayakinci.com	2026-06-10 13:06:08 (4 days ago)	85.121.127.148 - - [10/Jun/2026:16:05:29 +0300] "GET /account.json HTTP/1.1" 404 11902 "-" "anthropi ... show more 85.121.127.148 - - [10/Jun/2026:16:05:29 +0300] "GET /account.json HTTP/1.1" 404 11902 "-" "anthropic-ai" 85.121.127.148 - - [10/Jun/2026:16:05:29 +0300] "GET /application.properties HTTP/1.1" 404 11902 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" 85.121.127.148 - - [10/Jun/2026:16:05:29 +0300] "GET /storage/logs/laravel.log HTTP/1.1" 404 11902 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; GPTBot/1.2; +https://openai.com/gptbot" 85.121.127.148 - - [10/Jun/2026:16:05:29 +0300] "GET /secrets.yml HTTP/1.1" 404 11902 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Perplexity-User/1.0; +https://perplexity.ai/perplexity-user" 85.121.127.148 - - [10/Jun/2026:16:05:30 +0300] "GET /application.yml HTTP/1.1" 404 11902 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; GPTBot/1.2; +https://openai.com/gptbot" 85.121.127.148 - - [10/Jun/2026:16:05:30 +0300] "GET /config/secrets.yml HTTP/1.1" 404 11902 " ... show less	Web App Attack Port Scan
🇩🇪 macrob	2026-06-10 11:49:16 (4 days ago)	2026/06/10 11:49:15 [error] 1889617#1889617: 295149882 access forbidden by rule, client: 85.121.127 ... show more 2026/06/10 11:49:15 [error] 1889617#1889617: 295149882 access forbidden by rule, client: 85.121.127.148, server: ca5h.win, request: "GET /.aws/credentials HTTP/1.1", host: "ca5h.win" 2026/06/10 11:49:15 [error] 1889617#1889617: 295149548 access forbidden by rule, client: 85.121.127.148, server: ca5h.win, request: "GET /.git/config HTTP/1.1", host: "ca5h.win" 2026/06/10 11:49:15 [error] 1889617#1889617: 295149881 access forbidden by rule, client: 85.121.127.148, server: ca5h.win, request: "GET /storage/logs/laravel.log HTTP/1.1", host: "ca5h.win" ... show less	Web App Attack

Showing 1 to 15 of 87 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇷 181.165.125.151

🇨🇳 219.145.40.179

🇰🇷 211.178.247.182

🇺🇸 205.210.31.103

🇿🇼 197.221.232.44

🇲🇽 189.240.58.174

🇷🇴 188.213.242.18

🇸🇬 152.42.240.74

🇨🇳 119.29.37.49

🇰🇷 114.203.87.250

🇧🇩 103.120.202.26

🇨🇳 81.71.27.182

🇩🇪 69.5.169.157

🇺🇸 64.62.156.215

🇺🇸 34.181.252.114

🇰🇷 34.64.249.24

🇺🇸 2604:a880:400:d1:0:4:9622:5001

🇺🇸 216.25.89.104

🇩🇪 213.209.159.113

🇧🇷 205.210.31.195