JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.127.80

85.121.127.80 was found in our database!

This IP was reported 50 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.127.80

Whois 85.121.127.80

IP Abuse Reports for 85.121.127.80:

This IP address has been reported a total of 50 times from 33 distinct sources. 85.121.127.80 was first reported on May 29th 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Matthew Ping	2026-06-05 02:17:45 (11 hours ago)	ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇨🇭 TheCoon	2026-06-04 17:45:02 (19 hours ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇺🇸 Matthew Ping	2026-06-02 03:01:19 (3 days ago)	ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
Anonymous	2026-06-01 08:47:51 (4 days ago)	Blocked: Reason='Suspicious traffic score=70 (review-based detection)'; Requests=63	Hacking
🇭🇺 DumaNet	2026-06-01 07:59:00 (4 days ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 May 31. 16:36:19 Source IP: 85.121 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 May 31. 16:36:19 Source IP: 85.121.127.80 Portion of the log(s): 85.121.127.80 - [31/May/2026:16:36:19 +0200] "GET /.env.development HTTP/1.1" 404 153 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Perplexity-User/1.0; +https://perplexity.ai/perplexity-user" 85.121.127.80 - [31/May/2026:16:36:19 +0200] "GET /.env.production HTTP/1.1" 404 153 "-" "anthropic-ai" 85.121.127.80 - [31/May/2026:16:36:18 +0200] "GET /application.properties HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" 85.121.127.80 - [31/May/2026:16:36:18 +0200] "GET /storage/logs/laravel.log HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)" 85.121.127.80 - [31/May/2026:16:36:18 +0200] "GET /vault.env HTTP/1.1" 404 153 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" show less	Web App Attack Hacking
Anonymous	2026-05-31 23:42:08 (4 days ago)	"GET /.git/config HTTP/1.1"	Hacking Web App Attack
🇩🇪 4server	2026-05-31 19:49:03 (4 days ago)	[SunMay3121:48:58.7311992026][security2:error][pid1622619:tid1622729][client85.121.127.80:0]ModSecur ... show more [SunMay3121:48:58.7311992026][security2:error][pid1622619:tid1622729][client85.121.127.80:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"hdcadvisory.ch\"][uri\"/.aws/credentials\"][unique_id\"ahyQqnrVqbPkkwShWnSrbwAAAQE\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-05-31 18:37:03 (4 days ago)	Bot / scanning and/or hacking attempts: GET /config/secrets.yml HTTP/1.1, GET /.env.production HTTP/ ... show more Bot / scanning and/or hacking attempts: GET /config/secrets.yml HTTP/1.1, GET /.env.production HTTP/1.1, GET /secrets.yml HTTP/1.1, GET /.env.local HTTP/1.1, GET /config/application.properties HTTP/1.1, GET /.env.backup HTTP/1.1, GET /.env.old HTTP/1.1, GET /.env.example HTTP/1.1, GET /.env.staging HTTP/1.1, GET /.env.development HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 17:36:44 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.127.80 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.121.127.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 13:36:37.502982 2026] [security2:error] [pid 16000:tid 16000] [client 85.121.127.80:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "haywardcarpentry.com"] [uri "/.env.production"] [unique_id "ahxxpfBl9T5kOd9KvF8AGgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇰 ScamAware	2026-05-31 17:22:15 (4 days ago)	Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ... show more Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 11. Unique request paths counted internally: 11. Cloudflare action: block. Cloudflare source: firewallCustom. show less	Web App Attack
🇳🇴 Bots.go.to.hell	2026-05-31 16:50:23 (4 days ago)	This IP was detected by CrowdSec triggering custom/http-bad-crawler-ban	Web App Attack Bad Web Bot
🇩🇪 iNetWorker	2026-05-31 16:34:39 (4 days ago)	trolling for resource vulnerabilities	Web App Attack
🇫🇷 GoodOldTOS	2026-05-31 15:08:46 (4 days ago)	Highly suspect IP	Hacking Web App Attack
🇺🇸 mnsf	2026-05-31 15:05:35 (4 days ago)	Abuse Detected (5)	Brute-Force Web App Attack
🇩🇪 raph	2026-05-31 14:47:16 (4 days ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack

Showing 1 to 15 of 50 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 209.99.184.143

🇩🇪 193.124.20.250

🇮🇳 164.164.197.148

🇩🇪 164.90.236.107

🇺🇸 164.90.129.12

🇺🇸 64.227.11.46

🇨🇳 221.2.40.10

🇲🇽 201.114.107.76

🇨🇮 164.160.33.119

🇮🇩 163.7.8.79

🇮🇩 163.7.4.169

🇮🇩 163.7.1.156

🇺🇸 162.243.138.30

🇧🇬 79.124.58.138

🇰🇿 37.99.38.255

🇳🇱 5.175.189.32

🇬🇧 193.32.209.248

🇧🇩 161.248.189.72

🇻🇳 161.248.146.224

🇱🇦 103.1.28.81