JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.68

85.121.127.68 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.68

Whois 85.121.127.68

IP Abuse Reports for 85.121.127.68:

This IP address has been reported a total of 47 times from 30 distinct sources. 85.121.127.68 was first reported on May 29th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-01 08:47:41 (1 week ago)	Blocked: Reason='Suspicious traffic score=70 (review-based detection)'; Requests=68	Hacking
🇺🇸 antlac1	2026-05-31 16:34:49 (1 week ago)	crowdsecurity/http-probing	Brute-Force Web App Attack
🇩🇪 ecs.ge	2026-05-31 15:56:51 (1 week ago)	Automatic Fail2Ban report from jail web-probes: multiple matching events detected.	Port Scan Web App Attack
🇩🇪 dbmwebdesign	2026-05-31 13:50:18 (1 week ago)	Bot detected and blocked by Fail2Ban in bytespider jail	Bad Web Bot
Anonymous	2026-05-31 11:35:18 (1 week ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇩🇪 LRob.fr	2026-05-31 11:30:06 (1 week ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-31 06:40:19 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 02:40:14.174050 2026] [security2:error] [pid 23789:tid 23789] [client 85.121.127.68:47996] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "demircan.org"] [uri "/.git/config"] [unique_id "ahvXzl45YljS1WjWRkVZtwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-31 06:00:22 (1 week ago)	git/env leak probe	Web App Attack
🇫🇷 Delta-shop	2026-05-31 05:47:23 (1 week ago)	PrestaShop Security Module: AbuseIPDB high confidence score AND local web-app-attack detected (Abuse ... show more PrestaShop Security Module: AbuseIPDB high confidence score AND local web-app-attack detected (AbuseIPDB score: 100% (cached)) show less	Web App Attack
🇬🇧 consul.to	2026-05-31 05:41:42 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 05:34:59 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 01:34:51.503608 2026] [security2:error] [pid 10194:tid 10194] [client 85.121.127.68:36632] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "delomel.net"] [uri "/.git/config"] [unique_id "ahvIe7cUJM9PkuHb9V8GdgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-05-31 05:25:13 (1 week ago)	[SunMay3107:25:11.4758112026][security2:error][pid674793:tid674866][client85.121.127.68:0]ModSecurit ... show more [SunMay3107:25:11.4758112026][security2:error][pid674793:tid674866][client85.121.127.68:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"dellafoglia.ch\"][uri\"/.git/config\"][unique_id\"ahvGNz74LTH5YiFeBi2fbwAAAIQ\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 04:26:51 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.68 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 00:26:48.069855 2026] [security2:error] [pid 17575:tid 17575] [client 85.121.127.68:35042] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "delicioushotspots.vittariadesign.com"] [uri "/.git/config"] [unique_id "ahu4iPzzTxRFE6kkYqXw8wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 octageeks.com	2026-05-31 04:07:26 (1 week ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇭🇺 DumaNet	2026-05-31 02:59:00 (1 week ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 May 30. 23:40:20 Source IP: 85.121 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 May 30. 23:40:20 Source IP: 85.121.127.68 Portion of the log(s): 85.121.127.68 - [30/May/2026:23:40:20 +0200] "GET /.well-known/openid-configuration HTTP/1.1" 404 153 "http://deathlegion.org/.well-known/openid-configuration" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" 85.121.127.68 - [30/May/2026:23:40:20 +0200] "GET /openapi.json HTTP/1.1" 404 153 "http://deathlegion.org/openapi.json" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" 85.121.127.68 - [30/May/2026:23:40:15 +0200] "GET /api/v1/settings HTTP/1.1" 404 153 "http://deathlegion.org/api/v1/settings" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" 85.121.127.68 - [30/May/2026:23:40:15 +0200] "GET /api/config HTTP/1.1" 404 153 "http://deathlegion.org/api/config" "Mozilla/5.0 (compatible; Amazonbot/0.1; +https://developer show less	Web App Attack

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 140.130.98.240

🇭🇰 123.58.212.28

🇲🇩 91.208.197.64

🇺🇸 65.49.1.104

🇮🇳 27.123.110.182

🇩🇪 213.133.106.39

🇨🇭 209.99.189.174

🇮🇳 182.70.118.145

🇺🇸 100.28.153.226

🇫🇮 80.66.83.43

🇺🇸 74.82.47.21

🇺🇸 66.132.172.106

🇯🇵 52.123.170.46

🇺🇸 20.14.78.26

🇧🇷 191.5.31.61

🇮🇳 168.144.157.100

🇻🇳 125.212.235.194

🇷🇴 92.118.39.236

🇮🇷 91.234.52.12

🇺🇸 89.116.246.245