AbuseIPDB » 85.192.49.153

85.192.49.153 was found in our database!

This IP was reported 230 times. Confidence of Abuse is 100%: ?

100%

ISP	H2.NEXUS Helsinki Network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS215730
Hostname(s)	123721.h2.nexus
Domain Name	h2.nexus
Country	Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 85.192.49.153

Whois 85.192.49.153

IP Abuse Reports for 85.192.49.153:

This IP address has been reported a total of 230 times from 100 distinct sources. 85.192.49.153 was first reported on May 13th 2023, and the most recent report was 10 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Gabriel Camargo	2025-05-15 18:44:43 (10 minutes ago)	85.192.49.153 - - [15/May/2025:13:43:55 -0500] "GET /.env HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; L ... show more85.192.49.153 - - [15/May/2025:13:43:55 -0500] "GET /.env HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 85.192.49.153 - - [15/May/2025:13:43:55 -0500] "POST / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 85.192.49.153 - - [15/May/2025:13:44:42 -0500] "GET /.env HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" ... show less	Brute-Force SSH
4server	2025-05-15 17:36:42 (1 hour ago)	[ThuMay1519:36:40.4027902025][security2:error][pid2920502:tid2920506][client85.192.49.153:0]ModSecur ... show more[ThuMay1519:36:40.4027902025][security2:error][pid2920502:tid2920506][client85.192.49.153:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"villabelforte.ch\"][uri\"/.env\"][unique_id\"aCYmKLWEHzeEal1NhrO_WgAAAAE\"] show less	Hacking Web App Attack
thedreamer.nl	2025-05-15 17:32:55 (1 hour ago)	85.192.49.153 - - [15/May/2025:19:32:53 +0200] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; L ... show more85.192.49.153 - - [15/May/2025:19:32:53 +0200] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "FI" "Helsinki" "60.17190" "24.93470" 85.192.49.153 - - [15/May/2025:19:32:53 +0200] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "FI" "Helsinki" "60.17190" "24.93470" 85.192.49.153 - - [15/May/2025:19:32:54 +0200] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "FI" "Helsinki" "60.17190" "24.93470" 85.192.49.153 - - [15/May/2025:19:32:54 +0200] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "FI" "Helsinki" "60.17190" "24.93470" ... show less	Hacking Brute-Force Bad Web Bot Web App Attack
4server	2025-05-15 15:05:38 (3 hours ago)	[ThuMay1517:05:34.8471042025][security2:error][pid1896481:tid1896513][client85.192.49.153:0][client8 ... show more[ThuMay1517:05:34.8471042025][security2:error][pid1896481:tid1896513][client85.192.49.153:0][client85.192.49.153]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"volcano.ch\"][uri\"/.env\"][unique_id\"aCYCvutdT7OVEkVQ4bSujAAAAMo\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2025-05-15 05:29:02 (13 hours ago)	Malicious activity detected	Hacking Web App Attack
librebit	2025-05-15 01:59:26 (16 hours ago)	Brute force	Brute-Force
Rizzy	2025-05-14 22:34:04 (20 hours ago)	Multiple WAF Violations	Brute-Force Web App Attack
Starburst SysOp Team	2025-05-14 14:34:23 (1 day ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-stl2-13)	Hacking Web App Attack
Anonymous	2025-05-14 09:52:26 (1 day ago)	Probing to gain illegal access	Web App Attack
advena	2025-05-14 02:01:02 (1 day ago)	85.192.49.153 (AS215730 H2NEXUS-AS) was intercepted at 2025-05-14T01:48:57Z after violating WAF dire ... show more85.192.49.153 (AS215730 H2NEXUS-AS) was intercepted at 2025-05-14T01:48:57Z after violating WAF directive: 23548ee2b36547a1be09bb2c0550c529. Pre-cautionary/corrective action applied: block. show less	Web Spam Hacking Brute-Force Web App Attack
Starburst SysOp Team	2025-05-13 22:57:20 (1 day ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-nue6-2)	Hacking Web App Attack
Starburst SysOp Team	2025-05-13 21:50:50 (1 day ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-iad5-2)	Hacking Web App Attack
Pingger Shikkoken	2025-05-13 19:18:01 (1 day ago)	2025-05-13T19:18:01+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC ... show more2025-05-13T19:18:01+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:58:1a:08:00 SRC=85.192.49.153 DST=10.1.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=29850 DF PROTO=TCP SPT=51696 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 2025-05-13T19:18:04+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:58:1a:08:00 SRC=85.192.49.153 DST=10.1.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=29852 DF PROTO=TCP SPT=51696 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Hacking Bad Web Bot
URAN Publishing Service	2025-05-13 17:01:41 (2 days ago)	85.192.49.153 - - [13/May/2025:19:59:00 +0300] "GET /.env HTTP/1.1" 404 275 "-" "Mozilla/5.0 (X11; L ... show more85.192.49.153 - - [13/May/2025:19:59:00 +0300] "GET /.env HTTP/1.1" 404 275 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 85.192.49.153 - - [13/May/2025:20:01:39 +0300] "GET /.env HTTP/1.1" 404 277 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" ... show less	Web App Attack
DocNetzwerk	2025-05-13 13:57:05 (2 days ago)	(mod_security) mod_security triggered on hostname [redacted] 85.192.49.153 (FI/Finland/123721.h2.nex ... show more(mod_security) mod_security triggered on hostname [redacted] 85.192.49.153 (FI/Finland/123721.h2.nexus) show less	SQL Injection

Showing 1 to 15 of 230 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

77.90.185.6

205.210.31.59

113.193.21.147

185.216.116.99

59.93.70.22

212.192.31.115

213.209.143.206

167.94.146.43

217.182.230.0

91.196.152.217

154.118.162.194

91.196.152.122

23.234.102.51

45.79.177.245

206.168.34.203

80.244.14.2

47.128.110.157

39.99.212.219

79.124.62.122

211.46.234.76