JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.49.5

85.121.49.5 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	London, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.49.5

Whois 85.121.49.5

IP Abuse Reports for 85.121.49.5:

This IP address has been reported a total of 31 times from 26 distinct sources. 85.121.49.5 was first reported on June 12th 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇭🇺 DumaNet	2026-06-14 12:52:00 (6 hours ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 14. 08:44:15 Source IP: 85.121 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 14. 08:44:15 Source IP: 85.121.49.5 Portion of the log(s): 85.121.49.5 - [14/Jun/2026:08:44:12 +0200] "GET /admin/.env HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" 85.121.49.5 - [14/Jun/2026:08:44:12 +0200] "GET /application.properties HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" 85.121.49.5 - [14/Jun/2026:08:44:11 +0200] "GET /.env.production HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" 85.121.49.5 - [14/Jun/2026:08:44:11 +0200] "GET /backend/.env HTTP/1.1" 404 153 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ChatGPT-User/1.0; +https://openai.com/bot" 85.121.49.5 - [14/Jun/2026:08:44:11 +0200] "GET /app/.env HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; cohere-ai/1.0; +https://cohere.com)" 85.121.49.5 - [14/Jun/2026:08:44:11 +0200 show less	Web App Attack Hacking
🇫🇷 GoodOldTOS	2026-06-13 17:58:57 (1 day ago)	Highly suspect IP	Hacking Web App Attack
🇬🇧 WebNiraj	2026-06-13 12:41:31 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 85.121.49.5 (GB/United Kingdom/-): 5 in the las ... show more (mod_security) mod_security (id:949110) triggered by 85.121.49.5 (GB/United Kingdom/-): 5 in the last 3600 secs [SIGMA] show less	Brute-Force
🇩🇪 4server	2026-06-13 09:19:04 (1 day ago)	[SatJun1311:19:00.3672662026][security2:error][pid891855:tid891956][client85.121.49.5:0]ModSecurity: ... show more [SatJun1311:19:00.3672662026][security2:error][pid891855:tid891956][client85.121.49.5:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"prstartup.ch\"][uri\"/.env.bak\"][unique_id\"ai0ghJgt_loy6xdUddbXTQAAAM8\"] show less	Port Scan Brute-Force Web App Attack
🇨🇭 Justin Case	2026-06-13 07:50:01 (1 day ago)	Automatically blocked by server	Fraud Orders
🇩🇪 strxmpp	2026-06-13 07:07:52 (1 day ago)	85.121.49.5 - - [13/Jun/2026:09:07:52 +0200] "GET /config/secrets.yml HTTP/2.0" 404 173 "-" "Mozilla ... show more 85.121.49.5 - - [13/Jun/2026:09:07:52 +0200] "GET /config/secrets.yml HTTP/2.0" 404 173 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected])" ... show less	Bad Web Bot
🇫🇮 6kilowatti	2026-06-13 06:53:19 (1 day ago)	85.121.49.5 - - [13/Jun/2026:09:53:18 +0300] "GET /api/.env HTTP/1.1" 404 12994 "-" "Mozilla/5.0 App ... show more 85.121.49.5 - - [13/Jun/2026:09:53:18 +0300] "GET /api/.env HTTP/1.1" 404 12994 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; +https://perplexity.ai/perplexitybot" ... show less	Web App Attack
🇳🇱 ReyhZhao	2026-06-13 06:47:00 (1 day ago)	Multiple ModSecurity blocks detected from a single source IP, including a restricted file access att ... show more Multiple ModSecurity blocks detected from a single source IP, including a restricted file access attempt and disallowed request content types. show less	Brute-Force
🇫🇮 as211431.net	2026-06-13 05:21:13 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from GB. Action taken: BLOCK Protocol: HTTP/2 (GET method) ... show more Triggered Cloudflare WAF (firewallCustom) from GB. Action taken: BLOCK Protocol: HTTP/2 (GET method) Endpoint: /settings.json UA: CCBot/2.0 (https://commoncrawl.org/faq/) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 s@ch@	2026-06-13 04:45:01 (1 day ago)	Jail: plesk-modsecurity \| Web application attack (Plesk ModSecurity)	Web App Attack
🇬🇧 SafBH	2026-06-13 04:31:35 (1 day ago)	CrowdSec Decision: Attempted to access a forbidden path / Vulnerability probing: "[/.env]"	Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-13 03:55:58 (1 day ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇫🇷 polarolouis	2026-06-13 03:18:15 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇩🇪 gadix	2026-06-13 02:53:44 (1 day ago)	[13/Jun/2026:04:53:41.062419 +0200] aizGNZ_838im7ixk1B6F7AAAAAQ 85.121.49.5 50128 127.0.0.1 7081 [13 ... show more [13/Jun/2026:04:53:41.062419 +0200] aizGNZ_838im7ixk1B6F7AAAAAQ 85.121.49.5 50128 127.0.0.1 7081 [13/Jun/2026:04:53:41.103248 +0200] aizGNQv087WqZLNvdfq_MAAAAAc 85.121.49.5 50150 127.0.0.1 7081 [13/Jun/2026:04:53:42.107829 +0200] aizGNsvaJ2hqQAHYn_3zxwAAABE 85.121.49.5 50218 127.0.0.1 7081 ... show less	Web App Attack
🇲🇽 impra	2026-06-13 01:38:36 (1 day ago)	Detected 111 connection attempts across 19 ports.	Port Scan Hacking Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.151.248.33

🇺🇸 216.73.161.244

🇬🇧 185.192.69.237

🇫🇷 185.137.122.108

🇩🇪 178.20.209.73

🇮🇳 137.59.67.144

🇨🇳 117.50.211.146

🇺🇸 109.105.210.84

🇨🇳 81.71.96.41

🇪🇸 46.26.235.102

🇺🇸 35.226.84.84

🇵🇱 34.118.55.222

🇨🇳 14.103.116.173

🇺🇸 155.94.155.111

🇺🇸 147.185.132.138

🇩🇪 69.5.169.215

🇺🇸 35.196.34.2

🇨🇳 211.103.219.51

🇨🇳 182.90.58.179

🇺🇸 159.89.188.207