JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.159

85.121.127.159 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 69%: ?

69%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.159

Whois 85.121.127.159

IP Abuse Reports for 85.121.127.159:

This IP address has been reported a total of 21 times from 12 distinct sources. 85.121.127.159 was first reported on June 5th 2026, and the most recent report was 24 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-08 11:14:22 (24 minutes ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-08 10:45:36 (53 minutes ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 06:45:27.010328 2026] [security2:error] [pid 5867:tid 5867] [client 85.121.127.159:54466] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.appleconsultant.micahgartman.com"] [uri "/.git/config"] [unique_id "aiadRxKQiGgAbYKOBLmx7wAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-06-08 10:40:23 (58 minutes ago)	Try to access /.git/config	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 09:09:44 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:09:40.965726 2026] [security2:error] [pid 13889:tid 13889] [client 85.121.127.159:42028] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "app.fourminutedecision.com"] [uri "/.git/config"] [unique_id "aiaG1PGB34ag0orbpRbcCwAAAEY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 07:57:18 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 03:57:10.307703 2026] [security2:error] [pid 7220:tid 7249] [client 85.121.127.159:33716] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kylight.com"] [uri "/.git/config"] [unique_id "aiZ11rZJ5OOKwAwJ7ZjZzwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Selckie	2026-06-08 06:33:16 (5 hours ago)	fail2ban: NGINX unusual impact	Web App Attack
Anonymous	2026-06-06 16:35:13 (1 day ago)	Automated report from Fail2Ban firewall ban	Brute-Force SSH IoT Targeted
🇫🇷 masterguru	2026-06-06 16:18:49 (1 day ago)	BAD BOT - Detected and Blocked.. Matched phrase "OAI-SearchBot" at REQUEST_HEADERS:User-Agent. (1100 ... show more BAD BOT - Detected and Blocked.. Matched phrase "OAI-SearchBot" at REQUEST_HEADERS:User-Agent. (1100000-131) show less	Bad Web Bot
🇫🇷 Donovan	2026-06-06 16:15:07 (1 day ago)	Web scan/exploit blocked by fail2ban on commitshift.fr - jail: npm-scan - 1 attempt(s)	Web App Attack
🇺🇸 masterguru	2026-06-06 15:48:01 (1 day ago)	Restricted File Access Attempt. Matched phrase ".aws/credentials" at REQUEST_FILENAME. (930130-163)	Hacking Web App Attack
🇩🇪 ITSNF	2026-06-06 15:40:02 (1 day ago)	Blocked by os-abuseipdb; 6 hits, proto=tcp, ports=443,80	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-06 00:57:58 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 20:57:50.914035 2026] [security2:error] [pid 20671:tid 20671] [client 85.121.127.159:54892] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "play.blueonyx.ca"] [uri "/.git/config"] [unique_id "aiNwjukiX2w3aH3wMxfd4gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 oh.mg	2026-06-06 00:56:00 (2 days ago)	85.121.127.159 - - [06/Jun/2026:02:55:40 +0200] "GET /.aws/credentials HTTP/1.1" 403 2250 "-" "CCBot ... show more 85.121.127.159 - - [06/Jun/2026:02:55:40 +0200] "GET /.aws/credentials HTTP/1.1" 403 2250 "-" "CCBot/2.0 (https://commoncrawl.org/faq/)" 85.121.127.159 - - [06/Jun/2026:02:55:44 +0200] "GET /application.properties HTTP/1.1" 403 2250 "-" "Mozilla/5.0 (compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)" 85.121.127.159 - - [06/Jun/2026:02:55:45 +0200] "GET /storage/logs/laravel.log HTTP/1.1" 403 2250 "-" "CCBot/2.0 (https://commoncrawl.org/faq/)" 85.121.127.159 - - [06/Jun/2026:02:55:48 +0200] "GET /config/application.properties HTTP/1.1" 403 2250 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 85.121.127.159 - - [06/Jun/2026:02:55:59 +0200] "GET /config.json HTTP/1.1" 403 2250 "-" "Mozilla/5.0 (compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)" ... show less	Bad Web Bot Web App Attack
Anonymous	2026-06-05 21:45:51 (2 days ago)	(caddyscan) Scanner path probe from 85.121.127.159 (NL/The Netherlands/-): 5 in the last 3600 secs; ... show more (caddyscan) Scanner path probe from 85.121.127.159 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:21:45:39 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:21:45:40 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:21:45:46 +0000] "GET /.env.backup HTTP/1.1" [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:21:45:46 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:21:45:46 +0000] "GET /.env.development HTTP/1.1" show less	Port Scan
Anonymous	2026-06-05 15:24:03 (2 days ago)	(caddyscan) Scanner path probe from 85.121.127.159 (NL/The Netherlands/-): 5 in the last 3600 secs; ... show more (caddyscan) Scanner path probe from 85.121.127.159 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:15:23:57 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:15:23:58 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:15:24:02 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:15:24:02 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 85.121.127.159 - - [05/Jun/2026:15:24:02 +0000] "GET /.env.development HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 178.16.52.163

🇮🇳 168.144.148.219

🇵🇪 161.132.50.236

🇭🇰 146.70.79.47

🇮🇳 125.19.253.154

🇺🇸 69.74.29.21

🇺🇸 64.62.197.197

🇹🇼 35.201.245.21

🇦🇺 34.151.155.12

🇶🇦 20.173.116.24

🇳🇱 5.83.143.115

🇮🇷 80.210.47.222

🇧🇬 78.128.114.82

🇹🇳 41.225.238.233

🇬🇭 154.161.253.113

🇩🇪 150.241.68.127

🇨🇳 125.124.183.254

🇱🇹 81.30.98.158

🇺🇸 65.49.1.212

🇩🇪 46.225.237.210