JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.245.181

85.121.245.181 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 34%: ?

34%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇷🇴 Romania
City	Bucharest, Bucharest

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.245.181

Whois 85.121.245.181

IP Abuse Reports for 85.121.245.181:

This IP address has been reported a total of 13 times from 5 distinct sources. 85.121.245.181 was first reported on June 12th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 wteiken	2026-06-12 16:21:34 (3 days ago)	www.teiken.net:443 85.121.245.181:51046 - - [12/Jun/2026:12:21:30 -0400] "GET /.env.example HTTP/1.1 ... show more www.teiken.net:443 85.121.245.181:51046 - - [12/Jun/2026:12:21:30 -0400] "GET /.env.example HTTP/1.1" 404 4555 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" www.teiken.net:443 85.121.245.181:51040 - - [12/Jun/2026:12:21:31 -0400] "GET /.env HTTP/1.1" 404 4555 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; GPTBot/1.2; +https://openai.com/gptbot" www.teiken.net:443 85.121.245.181:51044 - - [12/Jun/2026:12:21:32 -0400] "GET /api/.env HTTP/1.1" 404 529 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" www.teiken.net:443 85.121.245.181:51064 - - [12/Jun/2026:12:21:32 -0400] "GET /.env.local HTTP/1.1" 404 4555 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)" www.teiken.net:443 85.121.245.181:51046 - - [12/Jun/2026:12:21:32 -0400] "GET /.env.production HTTP/1.1" 404 529 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ChatGPT-User/1.0; +https: ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 12:52:58 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 08:52:50.949578 2026] [security2:error] [pid 28327:tid 28327] [client 85.121.245.181:37702] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.pkmachine.com"] [uri "/.env"] [unique_id "aiwBIksc5iPVNjmv_FW00QAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 12:33:59 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 08:33:55.431185 2026] [security2:error] [pid 21669:tid 21669] [client 85.121.245.181:60204] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.pinebrookdesign.com"] [uri "/.env"] [unique_id "aiv8sxIS-Bulz8js62K6igAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 12:04:14 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 08:04:10.380005 2026] [security2:error] [pid 7012:tid 7012] [client 85.121.245.181:48378] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pfmarch.com"] [uri "/api/.env"] [unique_id "aiv1utZnwlPTVVZRdmsvLQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 11:44:57 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:44:52.223932 2026] [security2:error] [pid 17390:tid 17390] [client 85.121.245.181:51954] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.perkowski.net"] [uri "/api/.env"] [unique_id "aivxNJujYd3peBuqeXkKdgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 11:22:16 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:22:08.743585 2026] [security2:error] [pid 2525:tid 2525] [client 85.121.245.181:41156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.peaceriverfishing.com"] [uri "/.env"] [unique_id "aivr4CHbhvqLqXD9CMt9RgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇾 Rizzy	2026-06-12 11:20:05 (3 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇫🇷 andreighitan	2026-06-12 11:15:15 (3 days ago)	Coordinated attack against 84.46.253.134. Webshell scanning, PHPUnit RCE (CVE-2017-9841), credential ... show more Coordinated attack against 84.46.253.134. Webshell scanning, PHPUnit RCE (CVE-2017-9841), credential harvesting (secrets.yml, google-services.json, .git). Active June 12 2026. ZAC Bayern ref BY0257-500359-26/8. show less	Web App Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-12 11:06:28 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:06:23.329804 2026] [security2:error] [pid 5524:tid 5524] [client 85.121.245.181:60058] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.paulshorrock.com"] [uri "/api/.env"] [unique_id "aivoL3W9YGPBYX0ZEBu97QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 10:49:05 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 06:49:02.156773 2026] [security2:error] [pid 21458:tid 21458] [client 85.121.245.181:55122] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.partybuswhistler.com"] [uri "/api/.env"] [unique_id "aivkHtHlo70Kl-Azq7QbjgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-12 10:39:37 (3 days ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 10:26:30 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 06:26:23.414606 2026] [security2:error] [pid 6026:tid 6026] [client 85.121.245.181:55812] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pankoff.com"] [uri "/.env"] [unique_id "aivezwsIP4y_8wgM9udsdQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 10:10:52 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 06:10:45.802498 2026] [security2:error] [pid 3361:tid 3361] [client 85.121.245.181:56938] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.pakistanvision.com"] [uri "/.env.example"] [unique_id "aivbJen7Hm49ExBnW8iH6AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.224.128.16

🇺🇸 172.234.192.12

🇺🇸 164.92.78.93

🇺🇸 97.107.134.231

🇫🇷 85.217.140.20

🇺🇸 71.187.183.12

🇺🇸 63.46.42.51

🇸🇬 47.236.181.86

🇳🇱 45.148.10.151

🇬🇧 35.203.210.134

🇧🇷 20.206.64.115

🇺🇸 192.34.63.247

🇫🇮 147.185.133.97

🇻🇳 125.212.244.35

🇮🇳 103.59.132.74

🇺🇸 91.230.168.116

🇨🇭 85.3.247.189

🇳🇱 45.148.10.147

🇧🇪 34.62.158.241

🇺🇸 20.98.140.180