JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.176.252

85.121.176.252 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 100%: ?

100%

ISP	AlexHost SRL
Usage Type	Unknown
ASN	AS200019
Hostname(s)	jarod
Domain Name	alexhost.com
Country	🇷🇴 Romania
City	Bucharest, Bucharest

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.176.252

Whois 85.121.176.252

IP Abuse Reports for 85.121.176.252:

This IP address has been reported a total of 34 times from 22 distinct sources. 85.121.176.252 was first reported on June 12th 2026, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 thetomtaylor.co.uk	2026-06-16 23:07:01 (23 hours ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [mx02]	Bad Web Bot Web App Attack
🇵🇱 ketovoila.pl	2026-06-16 16:53:32 (1 day ago)	ketovoila.pl web app secret/repository scan: hits=12; unique_paths=12; sample_paths=/.env,/admin/.en ... show more ketovoila.pl web app secret/repository scan: hits=12; unique_paths=12; sample_paths=/.env,/admin/.env,/app/.env; UA="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"; window=2026-06-16T16:53:32Z..2026-06-16T16:53:33Z show less	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-16 16:09:01 (1 day ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,ice02,mx01,mx03,w ... show more Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,ice02,mx01,mx03,wa02] show less	Bad Web Bot Web App Attack
Anonymous	2026-06-16 15:23:40 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
🇬🇧 Apache	2026-06-16 11:59:27 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.121.176.252 (RO/Romania/jarod): 5 in the las ... show more (mod_security) mod_security (id:210492) triggered by 85.121.176.252 (RO/Romania/jarod): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇺🇸 dtorrer	2026-06-16 07:02:54 (1 day ago)	General vulnerability scan.	Port Scan
🇪🇸 el-brujo	2026-06-16 05:15:07 (1 day ago)	Cloudflare WAF: Request Path: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Request Query: Ho ... show more Cloudflare WAF: Request Path: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Request Query: Host: web.elhacker.net userAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Action: block Source: firewallManaged ASN Description: ALEXHOST SRL Country: RO Method: GET Timestamp: 2026-06-16T05:15:07Z ruleId: db1f213645904ab9b16b227b4a6a7b3a. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 Major Hostility	2026-06-16 02:28:38 (1 day ago)	"GET /.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 ... show more "GET /.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 "GET /sendgrid.env HTTP/1.1" 404 "GET /core/.env HTTP/1.1" 404 "GET /vendor/.env HTTP/1.1" 404 "GET /assets/.env HTTP/1.1" 404 "GET /storage/.env HTTP/1.1" 404 "GET /public/.env HTTP/1.1" 404 show less	Web App Attack
🇩🇪 AetherFox	2026-06-16 01:36:26 (1 day ago)	AetherFox VoidGuard detected: [Tue Jun 16 01:36:23.309567 2026] [authz_core:error] [pid 798887:tid 7 ... show more AetherFox VoidGuard detected: [Tue Jun 16 01:36:23.309567 2026] [authz_core:error] [pid 798887:tid 798918] [client 85.121.176.252:56830] AH01630: client denied by server configuration: proxy:http://[MASKED]/.env [Tue Jun 16 01:36:23.309810 2026] [authz_core:error] [pid 798887:tid 798918] [client 85.121.176.252:56830] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html [Tue Jun 16 01:36:23.465886 2026] [authz_core:error] [pid 798886:tid 798929] [client 85.121.176.252:59850] AH01630: client denied by server configuration: proxy:http://[MASKED]/sendgrid.env [Tue Jun 16 01:36:23.466075 2026] [authz_core:error] [pid 798886:tid 798929] [client 85.121.176.252:59850] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html [Tue Jun 16 01:36:25.043703 2026] [authz_core:error] [pid 798887:tid 798933] [client 85.121.176.252:59860] AH01630: client denied by server configuration: proxy:http://[MASKED]/.env ... show less	Bad Web Bot Web App Attack
🇺🇸 Matthew Ping	2026-06-16 01:15:01 (1 day ago)	ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇩🇪 maxpower	2026-06-16 01:06:27 (1 day ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 85.121.176.252 (RO/Romania/jarod): 2 in ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 85.121.176.252 (RO/Romania/jarod): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 85.121.176.252 - - [16/Jun/2026:03:06:11 +0200] "GET /sendgrid.env HTTP/1.1" 301 289 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" "-" host=tecnousatopescara.it 85.121.176.252 - - [16/Jun/2026:03:06:13 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 327 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" "-" host=tecnousatopescara.it show less	Port Scan
🇮🇱 spd.co.il	2026-06-16 00:02:14 (1 day ago)	Web application attack detected	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-06-15 21:20:37 (2 days ago)	Try to access /.env	Web App Attack
🇫🇮 YF	2026-06-15 20:02:06 (2 days ago)	Environment file probe	Web App Attack
🇪🇸 el-brujo	2026-06-15 19:43:18 (2 days ago)	Cloudflare WAF: Request Path: /.env Request Query: Host: hwagm.elhacker.net userAgent: Mozilla/5.0 ... show more Cloudflare WAF: Request Path: /.env Request Query: Host: hwagm.elhacker.net userAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50 Action: block Source: firewallManaged ASN Description: ALEXHOST SRL Country: RO Method: GET Timestamp: 2026-06-15T19:43:18Z ruleId: 23548ee2b36547a1be09bb2c0550c529. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.45

🇺🇸 2603:3026:285:6100:4c17:44b3:7b3f:7a94

🇺🇸 208.84.101.160

🇺🇸 147.185.132.85

🇨🇳 106.75.26.244

🇲🇾 49.236.193.1

🇺🇸 18.222.201.132

🇺🇸 192.129.183.139

🇳🇱 91.92.40.41

🇰🇷 61.97.17.208

🇮🇳 4.224.40.94

🇩🇪 3.78.227.138

🇳🇱 193.176.31.248

🇺🇸 184.154.13.38

🇨🇳 144.123.37.78

🇵🇰 139.135.59.219

🇧🇯 137.255.6.229

🇭🇰 101.36.124.127

🇪🇸 46.253.45.10

🇮🇩 36.94.105.46