JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.240.157

85.121.240.157 was found in our database!

This IP was reported 55 times. Confidence of Abuse is 95%: ?

95%

ISP	1GSERVERS, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	1gservers.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.240.157

Whois 85.121.240.157

IP Abuse Reports for 85.121.240.157:

This IP address has been reported a total of 55 times from 40 distinct sources. 85.121.240.157 was first reported on April 21st 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇴 andreighitan	2026-06-01 00:00:00 (2 weeks ago)	Coordinated attack against 84.46.253.134. Urban Network Solutions SRL Romania. Persistent Wave 8 att ... show more Coordinated attack against 84.46.253.134. Urban Network Solutions SRL Romania. Persistent Wave 8 attacker. ZAC Bayern ref BY0257-500359-26/8. show less	Brute-Force
🇬🇧 thetomtaylor.co.uk	2026-05-28 04:08:01 (3 weeks ago)	Fail2Ban - [WAF]ModSecurity OWASP CRS rule violation on nginx-modsecurity ... [ice02,wa01,wa02]	Hacking SQL Injection Web App Attack
🇬🇧 consul.to	2026-05-28 02:38:16 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 ELYAZ	2026-05-28 01:40:52 (3 weeks ago)	(y3) Failed access -byebye- from 85.121.240.157 (US/United States/-): (CF_ENABLE)	Hacking
Anonymous	2026-05-28 00:06:31 (3 weeks ago)	WAF repeated trigger detected by Fail2Ban	Web App Attack
Anonymous	2026-05-27 23:38:29 (3 weeks ago)	85.121.240.157 detected on srv01	Brute-Force
🇬🇧 djboddington	2026-05-27 19:41:44 (3 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇩🇪 grassau.com	2026-05-27 18:48:37 (3 weeks ago)	Port Scan detected from 85.121.240.157 (US/United States/Arizona/Phoenix/-).	Port Scan
🇩🇪 todix	2026-05-27 13:13:26 (3 weeks ago)	Web App Attack Exploid from 85.121.240.157	Web App Attack
Anonymous	2026-05-27 13:12:27 (3 weeks ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
🇸🇪 nekopavel	2026-05-27 10:30:04 (3 weeks ago)	85.121.240.157 - - [27/May/2026:12:29:59 +0200]"GET /.env.example HTTP/1.1" 404 704"-" futomomo.art ... show more 85.121.240.157 - - [27/May/2026:12:29:59 +0200]"GET /.env.example HTTP/1.1" 404 704"-" futomomo.art "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36""0.071" "0.000""Phoenix" "US" 85.121.240.157 - - [27/May/2026:12:29:59 +0200]"GET /.env.production HTTP/1.1" 404 704"-" futomomo.art "Mozilla/5.0 (Linux; Android 14; SM-S921B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/27.0 Chrome/125.0.0.0 Mobile Safari/537.36""0.111" "0.000""Phoenix" "US" 85.121.240.157 - - [27/May/2026:12:29:59 +0200]"GET /.env.staging HTTP/1.1" 404 704"-" futomomo.art "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36""0.114" "0.000""Phoenix" "US" ... show less	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 09:20:21 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 85.121.240.157 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.240.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 05:20:15.228941 2026] [security2:error] [pid 24565:tid 24565] [client 85.121.240.157:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.abdulhameeds.art"] [uri "/.env.test"] [unique_id "aha3Ty1pUXUTih8uUX7NaAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 payincog	2026-05-27 07:03:56 (3 weeks ago)	Date: 27/May/2026:09:38:56.155063 +0300 \| Reported IP: 85.121.240.157 mod_security \| id: 920350 9204 ... show more Date: 27/May/2026:09:38:56.155063 +0300 \| Reported IP: 85.121.240.157 mod_security \| id: 920350 920440 930130 949110 \| US/pay.my_domain/- \| Connections: 1 \| Blocked: Permanent Block: [LF_MODSEC] \| Logs: ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; show less	SQL Injection Brute-Force Bad Web Bot
🇫🇮 mnazibo	2026-05-27 06:00:08 (3 weeks ago)	Date: 27/May/2026 08:59:00 \| Reported IP: 85.121.240.157 mod_security \| id: 930130 \| US/group.my_dom ... show more Date: 27/May/2026 08:59:00 \| Reported IP: 85.121.240.157 mod_security \| id: 930130 \| US/group.my_domain/- \| Connections: 33 \| Blocked: Permanent Block: [LF_MODSEC] \| URIs: /admin/.env; /api/.env; /app-config.json; /app/.env; /.aws/credentials; /backend/.env; /config.env; /config.json; /config/secrets.yml; /credentials.json; /.docker/config.json; /.env.backup; /.env.bak; /.env.development; /.env.example; /.env.local; /.env.old; /.env.production; /.env.staging; /.env.test; /firebase-config.json; /gcp-credentials.json; /.git/config; /google-credentials.json; /.npmrc; /public/.env; /secrets.json; /secrets.yml; /.ssh/id_dsa; /.ssh/id_ed25519; /.ssh/id_rsa; /.vault.env; /vault.env \| Logs: Restricted File Access Attempt show less	SQL Injection Brute-Force Bad Web Bot
🇸🇪 Juha Jurvanen	2026-05-27 03:02:50 (3 weeks ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force

Showing 1 to 15 of 55 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.30

🇸🇪 172.160.249.214

🇮🇳 117.199.157.245

🇮🇩 110.35.80.116

🇭🇰 103.158.29.100

🇫🇷 51.68.34.131

🇬🇧 2620:171:fa:f0::237

🇭🇰 223.197.178.95

🇩🇪 194.88.98.106

🇺🇸 172.96.182.111

🇺🇸 154.83.197.140

🇫🇷 91.231.89.109

🇫🇷 91.196.152.125

🇱🇹 81.30.98.144

🇰🇷 61.72.146.78

🇺🇸 52.224.109.126

🇧🇪 34.140.76.89

🇬🇧 195.96.139.101

🇬🇧 195.96.139.79

🇲🇽 187.191.48.23