JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.151

85.121.127.151 was found in our database!

This IP was reported 48 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.151

Whois 85.121.127.151

IP Abuse Reports for 85.121.127.151:

This IP address has been reported a total of 48 times from 30 distinct sources. 85.121.127.151 was first reported on June 5th 2026, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-06 21:59:31 (12 hours ago)	Auto-ban: >3000 req/min op 2026-06-06	Web App Attack SSH Hacking
🇩🇪 updown.io	2026-06-06 10:12:20 (1 day ago)	{"level":"info","ts":1780740729.6093132,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1780740729.6093132,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"85.121.127.151","remote_port":"48148","client_ip":"85.121.127.151","proto":"HTTP/2.0","method":"GET","host":"meta.updown.io","uri":"/vault.env","headers":{"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"meta.updown.io","ech":false}},"bytes_read":0,"user_id":"","duration":0.000118355,"size":0,"status":429,"resp_headers":{"Retry-After":["1"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}} {"level":"info","ts":1780740729.630132,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"85.121.127.151","remote_port":"48152","client_ip":"85.121.127.151","proto":"HTTP/2.0","method":"GET","host":"demo.updown.io","uri":"/.aws/credentials","headers":{"User-Agent":["anthropic-ai"],"Accept ... show less	DDoS Attack Web App Attack
🇺🇸 WellSpring	2026-06-06 09:19:53 (1 day ago)	good bot honeypot on 858.today/config.env — WellSpr.ing/NetSentinel civic-AI security layer	Bad Web Bot
🇳🇱 Site.eu	2026-06-06 09:13:20 (1 day ago)	Excessive multi-domain requests	Brute-Force
🇵🇱 tomkolp	2026-06-06 08:59:51 (1 day ago)	CrowdSec - Scenario: crowdsecurity/http-probing. Duration: 4h.	Port Scan Web App Attack
🇨🇦 lakered	2026-06-06 04:39:38 (1 day ago)	Detectors: [NGINX] \| Reasons: Nginx: Default server trap hit \| Automated scan targeting an unauthori ... show more Detectors: [NGINX] \| Reasons: Nginx: Default server trap hit \| Automated scan targeting an unauthorized host or default server sinkhole \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0 show less	Port Scan Bad Web Bot Exploited Host
🇳🇱 e.fierstra	2026-06-06 03:02:29 (1 day ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 02:31:20 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.151 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.151 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 22:31:16.705325 2026] [security2:error] [pid 22195:tid 22195] [client 85.121.127.151:51968] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "xirin.net.owenmail.com"] [uri "/.git/config"] [unique_id "aiOGdDoyQrQg8JMknZpAnwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-06-05 23:49:02 (1 day ago)	http-sensitive-files - IP: 85.121.127.151 - time="2026-06-06T01:49:02+02:00" level=info msg="(555f6 ... show more http-sensitive-files - IP: 85.121.127.151 - time="2026-06-06T01:49:02+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 85.121.127.151 (NL/9009) : 4h ban on Ip 85.121.127.151" module=db show less	Web App Attack
🇩🇪 Live Home Cams	2026-06-05 23:35:11 (1 day ago)	WebApp brute force attack detected. Multiple file scanning attempts from 85.121.127.151. Detected by ... show more WebApp brute force attack detected. Multiple file scanning attempts from 85.121.127.151. Detected by fail2ban. show less	Web App Attack Brute-Force
🇺🇸 RogueAutomata	2026-06-05 22:30:42 (1 day ago)	Detected malicious request: GET /.git/config Detections triggered: Environment/config probe	Web App Attack
🇺🇸 LotPhantom	2026-06-05 21:53:34 (1 day ago)	2026/06/05 21:53:34 [error] 46371#46371: 53129 access forbidden by rule, client: 85.121.127.151, se ... show more 2026/06/05 21:53:34 [error] 46371#46371: 53129 access forbidden by rule, client: 85.121.127.151, server: wynnesmiles.com, request: "GET /.git/config HTTP/2.0", host: "wynnesmiles.com" ... show less	Web App Attack
🇬🇧 Aetherweb Ark	2026-06-05 20:25:46 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 85.121.127.151 (-): N in the last X secs	Web App Attack
🇺🇸 xxkodedxx	2026-06-05 20:02:29 (1 day ago)	[Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost) Trigger: 13× edge-block, 3× ... show more [Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost) Trigger: 13× edge-block, 3× honeypot in 10m window. Origin: NL / AS9009 M247 Europe SRL Active: 20:01:29→20:02:19 UTC Volume: 37 HTTP req, 3 honeypot probe(s) Bait taken: /api/env, /config.json, /secrets.json Status mix: 301×24 444×13 UA: "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 19:32:17 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.151 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.151 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 15:32:14.574751 2026] [security2:error] [pid 6841:tid 6841] [client 85.121.127.151:42084] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.zorina.com"] [uri "/.git/config"] [unique_id "aiMkPoqxpMZemXYVTFNUXgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 48 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 222.76.248.54

🇵🇪 201.218.159.254

🇿🇦 197.234.147.2

🇬🇳 197.149.244.169

🇬🇧 193.163.125.59

🇧🇷 177.65.208.171

🇺🇸 157.245.1.7

🇩🇪 155.117.127.214

🇺🇸 150.107.38.168

🇨🇳 123.190.160.246

🇻🇳 103.81.87.161

🇺🇸 91.230.168.169

🇱🇹 81.30.98.62

🇷🇺 45.143.203.150

🇺🇸 20.169.83.157

🇷🇴 2.57.122.177

🇹🇳 196.176.117.172

🇺🇸 192.200.148.79

🇻🇪 190.72.230.207

🇷🇺 176.99.185.241