JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.137.228.167

85.137.228.167 was found in our database!

This IP was reported 559 times. Confidence of Abuse is 100%: ?

100%

ISP	ServeTheWorld AS
Usage Type	Data Center/Web Hosting/Transit
ASN	AS34989
Domain Name	servetheworld.net
Country	🇳🇴 Norway
City	Oslo, Oslo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.137.228.167

Whois 85.137.228.167

IP Abuse Reports for 85.137.228.167:

This IP address has been reported a total of 559 times from 404 distinct sources. 85.137.228.167 was first reported on May 31st 2026, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-31 21:21:19 (3 days ago)	(mod_security) mod_security (id:218420) triggered by 85.137.228.167 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:218420) triggered by 85.137.228.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 17:21:12.907152 2026] [security2:error] [pid 22625:tid 22625] [client 85.137.228.167:44930] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.106:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.106"] [uri "/hello.world"] [unique_id "ahymSOgGukGMoIWOhEziWgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-31 21:09:08 (3 days ago)	Repeated unauthorized connection attempts to restricted service observed.	Port Scan Hacking Bad Web Bot Web App Attack
Anonymous	2026-05-31 20:51:31 (3 days ago)	85.137.228.167 - - [31/May/2026:22:51:30 +0200] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.% ... show more 85.137.228.167 - - [31/May/2026:22:51:30 +0200] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 150 "-" "-" 85.137.228.167 - - [31/May/2026:22:51:30 +0200] "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" 400 150 "-" "-" ... show less	Bad Web Bot Web App Attack
🇨🇦 Mediashaker	2026-05-31 20:46:09 (3 days ago)	(mod_security) mod_security triggered on hostname [redacted] 85.137.228.167 (NO/Norway/-)	SQL Injection
🇺🇸 kosada.com	2026-05-31 20:44:34 (3 days ago)	Web vulnerability probing: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php (bogus vhost/SNI)	Web App Attack
🇨🇦 lakered	2026-05-31 20:43:32 (3 days ago)	Detectors: [CROWDSEC, NGINX, SURICATA] \| Reasons: CrowdSec: Security alert \| Suricata: Web Server at ... show more Detectors: [CROWDSEC, NGINX, SURICATA] \| Reasons: CrowdSec: Security alert \| Suricata: Web Server attack \| Suricata: Exploit attempt \| Invalid HTTP protocol or SSTP scan attempt detected on sinkhole show less	Hacking Web App Attack Port Scan
🇩🇪 iNetWorker	2026-05-31 20:40:46 (3 days ago)	firewall-block, port(s): 80/tcp	Port Scan
🇦🇺 2000cn.com.au	2026-05-31 20:35:10 (3 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-cve-2021-41773	Web App Attack Hacking
🇧🇷 chronos	2026-05-31 19:48:29 (3 days ago)	2026-05-31 16:19:59 UTC-3\|\|Unauthorized connection attempt detected for port scanning	Port Scan
🇺🇸 TPI-Abuse	2026-05-31 19:39:58 (3 days ago)	(mod_security) mod_security (id:218420) triggered by 85.137.228.167 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:218420) triggered by 85.137.228.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 15:39:54.563400 2026] [security2:error] [pid 23453:tid 23453] [client 85.137.228.167:47748] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.73:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.73"] [uri "/hello.world"] [unique_id "ahyOipie7-ddD8ebb7D71QAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 essinghigh	2026-05-31 19:33:49 (3 days ago)	IPS Detection: 85.137.228.167 -> DPT: 2375	Port Scan
🇺🇸 RAP	2026-05-31 19:14:57 (3 days ago)	2026-05-31 19:14:57 UTC Unauthorized activity to TCP port 22. SSH	SSH
🇳🇱 Alboweb B.V.	2026-05-31 19:11:47 (3 days ago)	SSH abuse or brute-force attack detected by Fail2Ban in ssh jail	Brute-Force SSH
🇺🇸 MPL	2026-05-31 18:40:37 (3 days ago)	tcp/80 (4 or more attempts)	Port Scan
🇯🇵 VXG-NET	2026-05-31 18:37:30 (3 days ago)	port=80, indicator_type=code-execution	Hacking

Showing 496 to 510 of 559 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 150.107.38.137

🇻🇳 113.161.222.150

🇫🇷 104.253.74.93

🇷🇺 88.84.209.146

🇺🇸 70.95.51.230

🇳🇱 45.148.10.157

🇭🇰 165.154.23.36

🇩🇰 158.173.74.237

🇵🇰 103.35.213.17

🇿🇦 102.251.69.5

🇰🇷 59.25.31.152

🇯🇵 52.102.194.12

🇨🇳 36.7.128.56

🇬🇧 35.203.211.195

🇸🇬 23.97.62.114

🇨🇳 14.218.58.61

🇧🇷 216.234.208.17

🇺🇸 216.25.89.139

🇨🇦 207.219.221.101

🇫🇮 185.148.3.54