JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.121.54.44

85.121.54.44 was found in our database!

This IP was reported 57 times. Confidence of Abuse is 100%: ?

100%

ISP	Urban Network Solutions SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	urbannetworksolutions.nl
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.121.54.44

Whois 85.121.54.44

IP Abuse Reports for 85.121.54.44:

This IP address has been reported a total of 57 times from 43 distinct sources. 85.121.54.44 was first reported on June 27th 2026, and the most recent report was 48 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 e.fierstra	2026-06-30 21:03:15 (48 minutes ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 paissangroup	2026-06-30 17:42:52 (4 hours ago)	Multiple WAF Violations	Web App Attack
🇺🇦 Olexiy Backend	2026-06-30 13:16:27 (8 hours ago)	85.121.54.44 ...	Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-30 12:44:25 (9 hours ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇩🇪 Starburst SysOp Team	2026-06-30 12:33:14 (9 hours ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-nue6-2)	Hacking Web App Attack
🇺🇸 wteiken	2026-06-30 11:04:50 (10 hours ago)	2026-06-30T07:04:48.320205-04:00 nostromo.teiken.net kernel: [59540.960584] syn_limit:IN=en-wan OUT= ... show more 2026-06-30T07:04:48.320205-04:00 nostromo.teiken.net kernel: [59540.960584] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=85.121.54.44 DST=173.52.106.128 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=12636 DF PROTO=TCP SPT=57716 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-30T07:04:48.328433-04:00 nostromo.teiken.net kernel: [59540.961427] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=85.121.54.44 DST=173.52.106.128 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=33301 DF PROTO=TCP SPT=57748 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-30T07:04:48.328580-04:00 nostromo.teiken.net kernel: [59540.963407] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=85.121.54.44 DST=173.52.106.128 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=38389 DF PROTO=TCP SPT=57746 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-30T07:04:49.330376-04:00 nostromo.teiken.net kernel: [59541.970755] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5 ... show less	Port Scan
🇫🇷 masterguru	2026-06-30 11:04:45 (10 hours ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
🇮🇹 abuseiphack	2026-06-30 10:54:10 (10 hours ago)	Automatic report for brute force attack	Bad Web Bot
🇩🇪 BlueWire Hosting	2026-06-30 10:30:21 (11 hours ago)	Probing websites for vulnerabilities	Web App Attack SQL Injection
Anonymous	2026-06-30 07:06:05 (14 hours ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: NL, Attack patterns: Clou ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: NL, Attack patterns: Cloud secrets probing show less	Bad Web Bot Web App Attack
🇩🇪 Hary74656	2026-06-30 03:25:56 (18 hours ago)	[Tue Jun 30 05:25:53.585378 2026] [security2:error] [pid 211235:tid 211281] [client 85.121.54.44:465 ... show more [Tue Jun 30 05:25:53.585378 2026] [security2:error] [pid 211235:tid 211281] [client 85.121.54.44:46578] [client 85.121.54.44] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ip.aschi.at"] [uri "/.git/HEAD"] [unique_id "akM3Qe3DA19yOXFdcOdyOAAAAWY"] [Tue Jun 30 05:25:53.589128 2026] [security2:error] [pid 211735:tid 211816] [client 85.121.54.44:46584] [client 85.121.54.44] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/mo ... show less	Web App Attack
🇺🇸 Lee Daniel	2026-06-29 17:57:59 (1 day ago)	85.121.54.44 - - [29/Jun/2026:13:57:58 -0400] "GET /.env HTTP/1.1" 403 4877 "https://mygrandparentso ... show more 85.121.54.44 - - [29/Jun/2026:13:57:58 -0400] "GET /.env HTTP/1.1" 403 4877 "https://mygrandparentsoldpostcards.co.uk/.env" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0" ... show less	DDoS Attack Web Spam Email Spam Port Scan Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-06-29 15:28:25 (1 day ago)	http-sensitive-files - IP: 85.121.54.44 - time="2026-06-29T17:28:25+02:00" level=info msg="(555f66b ... show more http-sensitive-files - IP: 85.121.54.44 - time="2026-06-29T17:28:25+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 85.121.54.44 (NL/9009) : 4h ban on Ip 85.121.54.44" module=db show less	Web App Attack
🇫🇷 masterguru	2026-06-29 14:57:16 (1 day ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-197)	Hacking Web App Attack
Anonymous	2026-06-29 14:44:08 (1 day ago)	(caddyscan) Scanner path probe from 85.121.54.44 (NL/The Netherlands/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 85.121.54.44 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 85.121.54.44 - - [29/Jun/2026:14:44:05 +0000] "GET /.git/HEAD HTTP/1.1" [REDACTED] 200 2627 85.121.54.44 - - [29/Jun/2026:14:44:05 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 85.121.54.44 - - [29/Jun/2026:14:44:06 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 85.121.54.44 - - [29/Jun/2026:14:44:07 +0000] "GET /.env.development HTTP/1.1" [REDACTED] 200 2627 85.121.54.44 - - [29/Jun/2026:14:44:07 +0000] "GET /api/.env HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 57 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.223.235.56

🇨🇳 180.76.233.159

🇳🇱 31.14.32.7

🇺🇸 205.210.31.94

🇫🇷 185.177.72.66

🇨🇳 111.48.134.53

🇺🇸 50.6.228.32

🇱🇹 45.227.254.170

🇹🇼 34.81.148.229

🇺🇸 23.95.62.90

🇹🇼 198.235.24.83

🇫🇮 193.164.155.103

🇮🇳 182.95.116.190

🇮🇳 182.19.35.57

🇻🇳 171.244.142.205

🇺🇸 147.185.132.51

🇱🇦 103.114.147.217

🇫🇷 91.231.89.226

🇳🇱 45.198.224.244

🇳🇱 45.148.10.157