JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.153

85.121.127.153 was found in our database!

This IP was reported 91 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.153

Whois 85.121.127.153

IP Abuse Reports for 85.121.127.153:

This IP address has been reported a total of 91 times from 62 distinct sources. 85.121.127.153 was first reported on June 5th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-11 21:12:16 (1 week ago)	"GET /.env.example HTTP/2.0"	Hacking Web App Attack
🇨🇭 TheCoon	2026-06-11 11:30:02 (1 week ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇩🇪 raph	2026-06-11 09:22:59 (1 week ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇹🇭 Sawasdee	2026-06-11 08:57:12 (1 week ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇳🇱 e.fierstra	2026-06-10 14:51:44 (1 week ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-10 14:03:18 (1 week ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 85.121.127.153 (NL/The Netherlands/-): 1 in th ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 85.121.127.153 (NL/The Netherlands/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇫🇷 masterguru	2026-06-10 10:56:09 (1 week ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-193) show less	Hacking
🇺🇸 canine.tools	2026-06-10 10:31:02 (1 week ago)	[fail2ban Auto Report] {"time":"2026-06-10T06:31:01.992521602-04:00","level":"INFO","source":{"funct ... show more [fail2ban Auto Report] {"time":"2026-06-10T06:31:01.992521602-04:00","level":"INFO","source":{"function":"github.com/TecharoHQ/anubis/lib.(*Server).checkRules","file":"/Users/cadey/Code/TecharoHQ/botstopper/upstream/anubis/lib/anubis.go","line":309},"msg":"explicit deny","subsystem":"anubis","host":"canine.tools","method":"GET","path":"/secrets.yml","user_agent":"Mozilla/5.0 (compatible; Claude-Web/1.0; +https://www.anthropic.com)","accept_language":"","priority":"","x-forwarded-for":"85.121.127.153","x-real-ip":"85.121.127.153","host":"canine.tools","check_result":{"name":"bot/ai-catchall","rule":"DENY","weight":0}} ... show less	Bad Web Bot
🇫🇷 masterguru	2026-06-10 10:11:39 (1 week ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-201) show less	Hacking
Anonymous	2026-06-10 09:11:55 (1 week ago)	(caddyscan) Scanner path probe from 85.121.127.153 (NL/The Netherlands/-): 5 in the last 3600 secs; ... show more (caddyscan) Scanner path probe from 85.121.127.153 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 85.121.127.153 - - [10/Jun/2026:09:11:43 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 85.121.127.153 - - [10/Jun/2026:09:11:44 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 85.121.127.153 - - [10/Jun/2026:09:11:51 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 85.121.127.153 - - [10/Jun/2026:09:11:51 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 85.121.127.153 - - [10/Jun/2026:09:11:51 +0000] "GET /.env.local HTTP/1.1" show less	Port Scan
🇩🇪 Dominik Lysiak	2026-06-10 09:09:41 (1 week ago)	85.121.127.153 - - [10/Jun/2026:11:09:36 +0200] "GET /.aws/credentials HTTP/2.0" 301 162 "-" "Mozill ... show more 85.121.127.153 - - [10/Jun/2026:11:09:36 +0200] "GET /.aws/credentials HTTP/2.0" 301 162 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; +https://perplexity.ai/perplexitybot" 85.121.127.153 - - [10/Jun/2026:11:09:36 +0200] "GET /.git/config HTTP/2.0" 301 162 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)" 85.121.127.153 - - [10/Jun/2026:11:09:40 +0200] "GET /.env.local HTTP/2.0" 301 162 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" ... show less	Web App Attack
🇬🇧 consul.to	2026-06-10 06:19:59 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇭 Sophie Nina	2026-06-10 01:40:01 (1 week ago)	Automatically blocked by server	Fraud Orders
🇺🇸 rdpguard.com	2026-06-09 22:07:51 (1 week ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇧🇪 cmbplf	2026-06-09 20:18:04 (2 weeks ago)	2.343 requests from abuseipdb.com blacklisted IP (10mos2w1d)	Brute-Force Bad Web Bot

Showing 1 to 15 of 91 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 213.33.182.183

🇷🇴 193.46.255.86

🇻🇳 103.172.236.15

🇺🇿 81.95.233.78

🇺🇸 44.205.187.160

🇺🇦 37.221.139.196

🇧🇪 34.156.15.233

🇭🇷 31.217.35.151

🇭🇰 8.210.253.107

🇺🇸 209.141.46.48

🇺🇸 194.180.233.43

🇧🇴 190.181.27.27

🇮🇹 171.22.182.19

🇯🇵 163.44.101.215

🇨🇴 138.84.40.108

🇧🇷 129.121.42.131

🇺🇸 113.20.0.58

🇷🇺 87.225.108.138

🇺🇸 44.98.25.104

🇺🇸 137.184.238.93