JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.161

85.121.127.161 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.161

Whois 85.121.127.161

IP Abuse Reports for 85.121.127.161:

This IP address has been reported a total of 26 times from 18 distinct sources. 85.121.127.161 was first reported on June 5th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Holger	2026-06-06 14:14:22 (1 hour ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇱🇹 Evag Touf	2026-06-06 14:08:16 (1 hour ago)	(mod_security) mod_security triggered on hostname [redacted] 85.121.127.161 (-)	SQL Injection
🇺🇸 TPI-Abuse	2026-06-06 13:10:37 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 09:10:34.528764 2026] [security2:error] [pid 8114:tid 8114] [client 85.121.127.161:35500] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aclaxton.caribbeancoders.com"] [uri "/.git/config"] [unique_id "aiQcSmY8sCu1P2z6oYxehgAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 payincog	2026-06-06 13:02:51 (2 hours ago)	Date: Jun 06 15:06:39 2026 EAT \| Reported IP: 85.121.127.161 mod_security \| id: 930130 949110 \| NL/p ... show more Date: Jun 06 15:06:39 2026 EAT \| Reported IP: 85.121.127.161 mod_security \| id: 930130 949110 \| NL/pay.my_domain/- \| Connections: 1 \| Blocked: Permanent Block: [LF_MODSEC] \| Logs: ; Restricted File Access Attempt; Inbound Anomaly Score Exceeded (Total Score: 5) show less	SQL Injection Brute-Force Bad Web Bot
🇩🇪 big-cloud.nl	2026-06-06 12:58:36 (2 hours ago)	Try to access /.git/config	Web App Attack
🇬🇧 Aetherweb Ark	2026-06-06 12:56:40 (2 hours ago)	(mod_security) mod_security (id:949110) triggered by 85.121.127.161 (-): N in the last X secs	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 12:54:27 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 08:54:20.523928 2026] [security2:error] [pid 19350:tid 19359] [client 85.121.127.161:57664] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "achillconsulting.com"] [uri "/.git/config"] [unique_id "aiQYfO0z9BoLkzuo4_mOiQAAAQc"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 loadsoporte	2026-06-06 12:46:12 (2 hours ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇫🇷 mrcrassi	2026-06-06 12:38:00 (2 hours ago)	Triggered Cloudflare WAF (firewallManaged) from NL. Action taken: BLOCK Protocol: HTTP/2 (GET method ... show more Triggered Cloudflare WAF (firewallManaged) from NL. Action taken: BLOCK Protocol: HTTP/2 (GET method) Endpoint: /firebase-config.json UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; GPTBot/1.2; +https://openai.com/gptbot This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-06 12:35:23 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 08:35:16.476316 2026] [security2:error] [pid 8580:tid 8580] [client 85.121.127.161:50502] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aceshd.mroxygen.org"] [uri "/.git/config"] [unique_id "aiQUBMFo2VoU4dFe4_Uq6gAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 12:03:25 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 08:03:17.937479 2026] [security2:error] [pid 18672:tid 18672] [client 85.121.127.161:36170] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "accpp.link"] [uri "/.git/config"] [unique_id "aiQMhRvOHGngOUul6SX2lwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 10:58:14 (4 hours ago)	(mod_security) mod_security (id:210730) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 85.121.127.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 06:58:09.732882 2026] [security2:error] [pid 17418:tid 17418] [client 85.121.127.161:41986] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|accomplishedmagazine.com.gemexpressions.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "accomplishedmagazine.com.gemexpressions.com"] [uri "/storage/logs/laravel.log"] [unique_id "aiP9QSg9YqrTo2I4kVJglgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-06 10:49:57 (4 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇳🇱 e.fierstra	2026-06-06 10:48:14 (4 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-06-06 01:19:23 (13 hours ago)	Attempted access to sensitive endpoint (/.git/config) detected. Automated scan or unauthorized probi ... show more Attempted access to sensitive endpoint (/.git/config) detected. Automated scan or unauthorized probing. show less	Web App Attack

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4001:c0b::124

🇰🇷 222.110.147.56

🇰🇷 218.150.184.241

🇰🇷 211.223.107.86

🇺🇸 172.191.157.64

🇸🇪 104.23.217.94

🇨🇭 85.5.148.125

🇩🇪 4.182.219.135

🇩🇪 167.94.145.21

🇺🇸 165.154.162.208

🇺🇸 157.230.237.171

🇨🇳 124.174.44.7

🇫🇷 45.67.217.113

🇸🇬 43.173.181.80

🇺🇸 172.184.210.35

🇮🇩 163.7.8.79

🇵🇰 160.30.142.219

🇵🇱 151.115.48.199

🇺🇸 65.49.1.211

🇱🇻 37.233.85.71