JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.245.184

85.121.245.184 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 66%: ?

66%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇷🇴 Romania
City	Bucharest, Bucharest

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.245.184

Whois 85.121.245.184

IP Abuse Reports for 85.121.245.184:

This IP address has been reported a total of 20 times from 11 distinct sources. 85.121.245.184 was first reported on June 12th 2026, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-12 21:59:52 (9 hours ago)	Auto-ban: >3000 req/min op 2026-06-12	Web App Attack SSH Hacking
🇫🇮 as211431.net	2026-06-12 16:39:18 (14 hours ago)	Triggered Cloudflare WAF (firewallCustom) from RO. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from RO. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.env UA: Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇳🇱 Webhoster	2026-06-12 16:36:15 (14 hours ago)	{"ClientAddr":"162.158.179.163:13740","ClientHost":"85.121.245.184","ClientPort":"13740","ClientUser ... show more {"ClientAddr":"162.158.179.163:13740","ClientHost":"85.121.245.184","ClientPort":"13740","ClientUsername":"-","DownstreamContentSize":0,"DownstreamStatus":403,"Duration":27378773,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":27378773,"RequestAddr":"plex.timvdberg.dev","RequestContentSize":0,"RequestCount":45291,"RequestHost":"plex.timvdberg.dev","RequestMethod":"GET","RequestPath":"/web","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"plex@file","StartLocal":"2026-06-12T16:36:13.777825927Z","StartUTC":"2026-06-12T16:36:13.777825927Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"https","level":"info","msg":"","request_Cf-Connecting-Ip":"85.121.245.184","request_X-Forwarded-For":"85.121.245.184","request_X-Real-Ip":"162.158.179.163","time":"2026-06-12T16:36:13Z"} {"ClientAddr":"162.158.179.163:13740","ClientHost":"85.121.245.184","ClientPort":"13740","ClientUsername":"-","Downstream ... show less	Port Scan Hacking Bad Web Bot Web App Attack
🇳🇱 CryptoYakari	2026-06-12 16:13:56 (15 hours ago)	85.121.245.184 - - [12/Jun/2026:19:13:53 +0300] "GET /google-services.json HTTP/1.0" 404 6995 "-" "M ... show more 85.121.245.184 - - [12/Jun/2026:19:13:53 +0300] "GET /google-services.json HTTP/1.0" 404 6995 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ChatGPT-User/1.0; +https://openai.com/bot" 85.121.245.184 - - [12/Jun/2026:19:13:53 +0300] "GET /secrets.json HTTP/1.0" 404 3515 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected])" 85.121.245.184 - - [12/Jun/2026:19:13:53 +0300] "GET /application.yml HTTP/1.0" 404 6995 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" 85.121.245.184 - - [12/Jun/2026:19:13:53 +0300] "GET /secrets.yml HTTP/1.0" 404 6995 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" 85.121.245.184 - - [12/Jun/2026:19:13:55 +0300] "GET /application.properties HTTP/1.0" 404 6995 "-" "CCBot/2.0 (https://commoncrawl.org/faq/)" ... show less	Web Spam Blog Spam Web App Attack Bad Web Bot
🇦🇺 CalmBrain	2026-06-12 16:12:20 (15 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇮🇹 eliosbrocchi	2026-06-12 16:11:51 (15 hours ago)	85.121.245.184 - - [12/Jun/2026:18:11:50 +0200] "GET /.aws/credentials HTTP/2.0" 404 118 "-" "Mozill ... show more 85.121.245.184 - - [12/Jun/2026:18:11:50 +0200] "GET /.aws/credentials HTTP/2.0" 404 118 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; GPTBot/1.2; +https://openai.com/gptbot" ... show less	VPN IP
🇺🇸 TPI-Abuse	2026-06-12 13:29:12 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 09:29:06.682634 2026] [security2:error] [pid 11618:tid 11618] [client 85.121.245.184:47330] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glslightingandcontrols.com"] [uri "/api/.env"] [unique_id "aiwJoliohy6-NNQZhytuzAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-12 13:27:18 (18 hours ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 13:10:59 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 09:10:55.551477 2026] [security2:error] [pid 23441:tid 23441] [client 85.121.245.184:50618] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gkerby.com"] [uri "/.env.production"] [unique_id "aiwFXwVekERmVMt_aqHX9AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 12:18:05 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 08:18:01.608880 2026] [security2:error] [pid 23299:tid 23299] [client 85.121.245.184:58832] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "geauxcowboys.com"] [uri "/.env.example"] [unique_id "aiv4-a8HBggfTL_WfaESswAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 12:01:13 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 08:01:05.209816 2026] [security2:error] [pid 10879:tid 10879] [client 85.121.245.184:54676] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "garthp.com"] [uri "/.env.example"] [unique_id "aiv1AV63gm0B4MYB78cjhAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 11:42:15 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:42:08.783515 2026] [security2:error] [pid 3855:tid 3976] [client 85.121.245.184:60886] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.galenaproperties.com"] [uri "/.env.example"] [unique_id "aivwkK5CzqplRYlVmV3G2QAAAsY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 11:24:40 (20 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:24:34.111599 2026] [security2:error] [pid 31227:tid 31227] [client 85.121.245.184:35256] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "furballproductions.org"] [uri "/.env"] [unique_id "aivscrvBXKhHUohV1SLcrQAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 11:08:40 (20 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 85.121.245.184 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:08:34.939601 2026] [security2:error] [pid 13238:tid 13238] [client 85.121.245.184:53836] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fruitsinthedesert.com"] [uri "/.env.example"] [unique_id "aivospph-os4XjnTC6ijiwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Dorian GRANDHAY	2026-06-12 10:49:50 (20 hours ago)	(PERMBLOCK) 85.121.245.184 (RO/Romania/-) has had more than 4 temp blocks in the last 604800 secs; P ... show more (PERMBLOCK) 85.121.245.184 (RO/Romania/-) has had more than 4 temp blocks in the last 604800 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇹 178.95.115.221

🇧🇼 168.167.228.74

🇰🇷 150.109.239.194

🇮🇳 103.91.72.234

🇨🇦 70.54.182.130

🇺🇸 47.251.91.249

🇳🇱 45.148.10.121

🇺🇦 37.221.136.174

🇺🇸 34.220.148.141

🇹🇷 188.56.38.163

🇨🇴 185.104.167.206

🇮🇳 182.95.181.214

🇺🇸 138.197.95.34

🇮🇳 122.15.139.162

🇨🇳 118.212.121.210

🇨🇦 85.217.149.38

🇺🇸 66.187.4.146

🇫🇷 51.68.34.131

🇬🇭 41.204.63.118

🇮🇩 34.128.80.12