JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.157

85.121.127.157 was found in our database!

This IP was reported 90 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.157

Whois 85.121.127.157

IP Abuse Reports for 85.121.127.157:

This IP address has been reported a total of 90 times from 56 distinct sources. 85.121.127.157 was first reported on June 5th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Holger	2026-06-13 12:35:15 (1 day ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇳🇱 e.fierstra	2026-06-11 11:41:04 (3 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-11 10:58:59 (3 days ago)	[ThuJun1112:58:55.4830902026][security2:error][pid2885951:tid2886283][client85.121.127.157:0]ModSecu ... show more [ThuJun1112:58:55.4830902026][security2:error][pid2885951:tid2886283][client85.121.127.157:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"webdisk.aidconsultancy.ch\"][uri\"/api/.env\"][unique_id\"aiqU717uF84EPLxkm1EF6QAAARU\"]\,referer:http://webdisk.aidconsultancy.ch/api/.env show less	Hacking Web App Attack
🇲🇾 Rizzy	2026-06-11 10:05:40 (3 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 09:46:54 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 05:46:49.408300 2026] [security2:error] [pid 13304:tid 13304] [client 85.121.127.157:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.abdulhameeds.art"] [uri "/.env.example"] [unique_id "aiqECeDEj2uYBfSVNuhiXAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-11 09:31:57 (3 days ago)	(caddyscan) Scanner path probe from 85.121.127.157 (NL/The Netherlands/-): 5 in the last 3600 secs; ... show more (caddyscan) Scanner path probe from 85.121.127.157 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 85.121.127.157 - - [11/Jun/2026:09:31:41 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 85.121.127.157 - - [11/Jun/2026:09:31:41 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 85.121.127.157 - - [11/Jun/2026:09:31:41 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 85.121.127.157 - - [11/Jun/2026:09:31:53 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 85.121.127.157 - - [11/Jun/2026:09:31:53 +0000] "GET /admin/.env HTTP/1.1" show less	Port Scan
🇩🇪 Holger	2026-06-11 09:28:42 (3 days ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇬🇧 openstrike.co.uk	2026-06-11 05:14:32 (3 days ago)	10 attacks on env grabbing URLs, config grabbing URLs (type 2), VC URLs, password grabbing URLs: GET ... show more 10 attacks on env grabbing URLs, config grabbing URLs (type 2), VC URLs, password grabbing URLs: GET /.env HTTP/1.1 GET /env.json HTTP/1.1 GET /.git/config HTTP/1.1 GET /.aws/credentials HTTP/1.1 show less	Hacking
🇺🇸 Charlesiv	2026-06-10 14:07:47 (4 days ago)	Triggered Cloudflare WAF (firewallCustom) from NL. Action taken: BLOCK ASN: 9009 (M247 Europe SRL) P ... show more Triggered Cloudflare WAF (firewallCustom) from NL. Action taken: BLOCK ASN: 9009 (M247 Europe SRL) Protocol: HTTP/2 (GET method) Endpoint: /openapi.json Timestamp: 2026-06-10T13:10:39Z Ray ID: a0989e12485d8e3f UA: Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot) show less	Bad Web Bot
🇺🇦 URAN Publishing Service	2026-06-10 13:54:37 (4 days ago)	85.121.127.157 - - [10/Jun/2026:16:54:29 +0300] "GET /.env HTTP/1.1" 404 733 "-" "Mozilla/5.0 (compa ... show more 85.121.127.157 - - [10/Jun/2026:16:54:29 +0300] "GET /.env HTTP/1.1" 404 733 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" 85.121.127.157 - - [10/Jun/2026:16:54:37 +0300] "GET /admin/.env HTTP/1.1" 404 3220 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; +https://perplexity.ai/perplexitybot" ... show less	Web App Attack
🇺🇸 9LEVEL.com.br	2026-06-10 12:07:05 (4 days ago)	Blocked by Fail2ban for traefik-404 abuse	Web App Attack
🇬🇧 consul.to	2026-06-10 12:04:15 (4 days ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 LRob.fr	2026-06-10 12:00:14 (4 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 kosada.com	2026-06-10 11:47:02 (4 days ago)	Web vulnerability probing: /storage/logs/laravel.log	Web App Attack
🇬🇧 Marten Mark	2026-06-10 10:51:47 (4 days ago)	85.121.127.157 - - [10/Jun/2026:10:51:46 +0000] "GET /.aws/credentials HTTP/2.0" 404 22287 "-" "Mozi ... show more 85.121.127.157 - - [10/Jun/2026:10:51:46 +0000] "GET /.aws/credentials HTTP/2.0" 404 22287 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" ... show less	Web App Attack Bad Web Bot

Showing 1 to 15 of 90 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇿 95.46.211.142

🇸🇦 158.101.249.79

🇫🇷 151.80.141.196

🇺🇸 147.185.132.51

🇸🇪 83.226.56.106

🇫🇷 2001:41d0:33d:9200::40b

🇳🇱 206.189.9.144

🇸🇬 193.37.32.154

🇮🇳 183.82.56.12

🇩🇪 167.71.51.2

🇭🇰 104.208.108.166

🇨🇦 68.183.193.229

🇺🇸 66.175.212.77

🇬🇧 51.195.215.85

🇨🇳 14.103.118.150

🇧🇷 205.210.31.183

🇬🇧 193.163.125.96

🇺🇸 172.236.127.133

🇺🇸 172.236.119.165

🇺🇸 172.203.195.1