JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.158

85.121.127.158 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 64%: ?

64%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.158

Whois 85.121.127.158

IP Abuse Reports for 85.121.127.158:

This IP address has been reported a total of 17 times from 12 distinct sources. 85.121.127.158 was first reported on June 5th 2026, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-07 05:13:08 (9 hours ago)	6 attacks on VC URLs, config grabbing URLs (type 2), password grabbing URLs: GET /.git/config HTTP/1 ... show more 6 attacks on VC URLs, config grabbing URLs (type 2), password grabbing URLs: GET /.git/config HTTP/1.1 GET /config.json HTTP/1.1 GET /.aws/credentials HTTP/1.1 show less	Hacking
🇫🇷 bellovacorp	2026-06-06 16:48:45 (21 hours ago)	Automated abuse detection (CrowdSec) - scenario: http-probing	Port Scan Web App Attack
🇩🇪 Ba-Yu	2026-06-06 16:25:22 (22 hours ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇹🇼 ip4.tw	2026-06-06 16:25:02 (22 hours ago)	Malicious web scan	Hacking Web App Attack
Anonymous	2026-06-06 16:24:49 (22 hours ago)	Aggressive web scan	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 16:23:46 (22 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 12:23:42.937988 2026] [security2:error] [pid 7255:tid 7271] [client 85.121.127.158:44632] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ip.kd9uri.com"] [uri "/.git/config"] [unique_id "aiRJjg5E9dykk1JXnKPv4AAAAUw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dave	2026-06-06 16:19:44 (22 hours ago)	threat-feed-sync observed repeated abuse from this IP after local filtering. scenarios=crowdsecurity ... show more threat-feed-sync observed repeated abuse from this IP after local filtering. scenarios=crowdsecurity/appsec-vpatch,crowdsecurity/vpatch-env-access,crowdsecurity/vpatch-git-config targets=cloud hit_count=8 first_seen=2026-06-06T16:19:59Z last_seen=2026-06-06T16:19:44Z show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 12:34:48 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 08:34:44.256304 2026] [security2:error] [pid 26235:tid 26252] [client 85.121.127.158:41290] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a.my-drug-store.kylight.com"] [uri "/.git/config"] [unique_id "aiQT5NAHPMu-rBAHHa6PFAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 11:53:06 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 07:53:01.980751 2026] [security2:error] [pid 32120:tid 32120] [client 85.121.127.158:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "a.hvacs-aircon.com"] [uri "/.git/config"] [unique_id "aiQKHc-s-syO5F0h8opwZAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇴 iulianh	2026-06-06 11:46:19 (1 day ago)	*	Brute-Force SSH
🇵🇱 lns.bz	2026-06-06 11:14:57 (1 day ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 09:59:31 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 05:59:26.690598 2026] [security2:error] [pid 14294:tid 14294] [client 85.121.127.158:51908] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "banis-associates.com"] [uri "/.git/config"] [unique_id "aiPvfpdDR1V0JeM7w6RhAwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 18:54:00 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 14:53:55.945086 2026] [security2:error] [pid 27465:tid 27465] [client 85.121.127.158:53654] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.maggiemusic.ca"] [uri "/.git/config"] [unique_id "aiMbQ5TjWqP-1oFFJLtMTQAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 18:33:17 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 14:33:10.050510 2026] [security2:error] [pid 15169:tid 15169] [client 85.121.127.158:33900] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "belmontsprings.ca"] [uri "/.git/config"] [unique_id "aiMWZkrao-fijdUSK_CRXgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 LoneRider	2026-06-05 16:30:14 (1 day ago)	[05/Jun/2026:18:30:11.431181 +0200] aiL5k_BwtGiP7YGSTAjxqAAAAAk 85.121.127.158 55704 127.0.0.1 7081 ... show more [05/Jun/2026:18:30:11.431181 +0200] aiL5k_BwtGiP7YGSTAjxqAAAAAk 85.121.127.158 55704 127.0.0.1 7081 [05/Jun/2026:18:30:12.727331 +0200] aiL5lLWURZq80IeH_R9-iwAAAAQ 85.121.127.158 55742 127.0.0.1 7081 [05/Jun/2026:18:30:13.322751 +0200] aiL5lf5PMgmbxbNLOWNLrAAAAAE 85.121.127.158 55768 127.0.0.1 7081 ... show less	Hacking

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 71.6.146.186

🇧🇷 189.108.215.39

🇰🇷 175.214.255.118

🇭🇰 172.253.6.19

🇺🇸 96.127.172.218

🇧🇬 91.191.209.98

🇳🇱 91.92.42.19

🇨🇳 58.49.26.202

🇫🇷 51.210.113.223

🇸🇬 47.128.61.245

🇱🇹 45.227.254.170

🇺🇸 2a02:4780:2b:2099:0:2f01:372e:1

🇿🇼 197.221.232.44

🇺🇸 172.253.214.118

🇩🇪 165.232.78.250

🇻🇳 116.110.154.99

🇨🇦 85.217.149.28

🇳🇱 45.156.87.119

🇮🇩 103.98.176.164

🇺🇸 47.254.30.91