JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.239.239.57

85.239.239.57 was found in our database!

This IP was reported 247 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS40021
Hostname(s)	vmi3340136.contaboserver.net
Domain Name	contabo.com
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.239.239.57

Whois 85.239.239.57

IP Abuse Reports for 85.239.239.57:

This IP address has been reported a total of 247 times from 145 distinct sources. 85.239.239.57 was first reported on June 1st 2026, and the most recent report was 29 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Ano_Nym	2026-06-01 19:44:42 (2 days ago)	CrowdSec IDS alert on VPS 217.154.115.19 (DE). Scenario: crowdsecurity/http-cve-2021-41773	Web App Attack
🇩🇪 dpsbs	2026-06-01 19:43:02 (2 days ago)	multiple ips intrustions detected	Hacking
🇯🇵 VXG-NET	2026-06-01 19:38:42 (2 days ago)	port=80, indicator_type=code-execution	Hacking
🇺🇸 TPI-Abuse	2026-06-01 19:36:40 (2 days ago)	(mod_security) mod_security (id:218420) triggered by 85.239.239.57 (vmi3340136.contaboserver.net): 1 ... show more (mod_security) mod_security (id:218420) triggered by 85.239.239.57 (vmi3340136.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 15:36:33.502722 2026] [security2:error] [pid 31512:tid 31512] [client 85.239.239.57:36840] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "38"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.151.21:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.151.21"] [uri "/hello.world"] [unique_id "ah3fQRmBQ-xcxOph-aAmGQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Admins@FBN	2026-06-01 19:34:47 (2 days ago)	FW-PortScan: Traffic Blocked srcport=55726 dstport=80	Port Scan
🇸🇬 LilaS	2026-06-01 19:31:52 (2 days ago)	2026-06-02T03:31:15.626213oswald-lab sshd[88592]: Invalid user orangepi from 85.239.239.57 port 5636 ... show more 2026-06-02T03:31:15.626213oswald-lab sshd[88592]: Invalid user orangepi from 85.239.239.57 port 56364 2026-06-02T03:31:15.638876oswald-lab sshd[88592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 2026-06-02T03:31:17.703628oswald-lab sshd[88592]: Failed password for invalid user orangepi from 85.239.239.57 port 56364 ssh2 2026-06-02T03:31:49.499196oswald-lab sshd[88860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 user=root 2026-06-02T03:31:51.554899oswald-lab sshd[88860]: Failed password for root from 85.239.239.57 port 53142 ssh2 ... show less	Brute-Force SSH
🇫🇷 HerrWolf	2026-06-01 19:30:09 (2 days ago)	CrowdSec Detection: crowdsecurity/http-cve-2021-42013	Hacking
🇳🇱 Savvii	2026-06-01 19:28:15 (2 days ago)	20 attempts against mh-ssh on ec102943	Brute-Force SSH
🇺🇸 bigscoots.com	2026-06-01 19:24:41 (2 days ago)	(sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the ... show more (sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 1 14:23:15 15015 sshd[18201]: Invalid user admin from 85.239.239.57 port 52278 Jun 1 14:23:18 15015 sshd[18201]: Failed password for invalid user admin from 85.239.239.57 port 52278 ssh2 Jun 1 14:23:48 15015 sshd[18373]: Invalid user orangepi from 85.239.239.57 port 40862 Jun 1 14:23:50 15015 sshd[18373]: Failed password for invalid user orangepi from 85.239.239.57 port 40862 ssh2 Jun 1 14:24:20 15015 sshd[18733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 user=root show less	Brute-Force SSH
🇫🇷 900cm	2026-06-01 19:23:05 (2 days ago)	Jun 1 21:23:04 raspberrypi sshd[2226]: Failed password for admin from 85.239.239.57 port 58748 ssh2 ... show more Jun 1 21:23:04 raspberrypi sshd[2226]: Failed password for admin from 85.239.239.57 port 58748 ssh2 ... show less	Port Scan Brute-Force SSH
🇺🇸 MPL	2026-06-01 19:20:42 (2 days ago)	tcp/2222 (6 or more attempts)	Port Scan
🇵🇱 alianet	2026-06-01 19:08:53 (2 days ago)	Jun 1 19:08:21 vps-eb8e942e sshd-session[4108253]: Connection closed by invalid user admin 85.239.2 ... show more Jun 1 19:08:21 vps-eb8e942e sshd-session[4108253]: Connection closed by invalid user admin 85.239.239.57 port 32826 [preauth] Jun 1 19:08:51 vps-eb8e942e sshd-session[4108266]: Connection from 85.239.239.57 port 45382 on 57.128.195.69 port 2222 rdomain "" Jun 1 19:08:53 vps-eb8e942e sshd-session[4108266]: Invalid user orangepi from 85.239.239.57 port 45382 ... show less	Brute-Force SSH
🇩🇪 Progetto1	2026-06-01 19:04:02 (2 days ago)	Detected via HAProxyScanner at 2026-06-01 19:04:02 UTC on destination port WEB (80/443). Repeated sc ... show more Detected via HAProxyScanner at 2026-06-01 19:04:02 UTC on destination port WEB (80/443). Repeated scan / connection. show less	Port Scan Hacking Brute-Force
🇺🇸 bigscoots.com	2026-06-01 19:00:03 (2 days ago)	(sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the ... show more (sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 1 13:58:45 14083 sshd[25794]: Invalid user admin from 85.239.239.57 port 41130 Jun 1 13:58:47 14083 sshd[25794]: Failed password for invalid user admin from 85.239.239.57 port 41130 ssh2 Jun 1 13:59:17 14083 sshd[26147]: Invalid user orangepi from 85.239.239.57 port 44176 Jun 1 13:59:20 14083 sshd[26147]: Failed password for invalid user orangepi from 85.239.239.57 port 44176 ssh2 Jun 1 13:59:50 14083 sshd[26312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 user=root show less	Brute-Force SSH
🇩🇪 mxpgmbh	2026-06-01 18:59:30 (2 days ago)	2026-06-01T19:58:54.720817+01:00 ** sshd-session[19070]: pam_unix(sshd:auth): authentication failu ... show more 2026-06-01T19:58:54.720817+01:00 sshd-session[19070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 user=root 2026-06-01T19:58:56.423113+01:00 sshd-session[19070]: Failed password for root from 85.239.239.57 port 48000 ssh2 2026-06-01T19:59:28.690831+01:00 sshd-session[19758]: Invalid user from 85.239.239.57 port 46560 2026-06-01T19:59:28.692108+01:00 sshd-session[19758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 2026-06-01T19:59:30.206471+01:00 sshd-session[19758]: Failed password for invalid user ** from 85.239.239.57 port 46560 ssh2 show less	Brute-Force SSH

Showing 211 to 225 of 247 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 193.124.20.234

🇭🇰 101.36.127.86

🇺🇸 74.82.47.43

🇳🇱 45.148.10.152

🇮🇩 27.50.25.190

🇮🇳 103.69.145.254

🇱🇹 85.206.68.80

🇫🇷 62.210.246.122

🇺🇸 216.25.89.73

🇩🇪 213.209.159.56

🇺🇸 207.90.244.3

🇮🇩 202.59.200.253

🇳🇱 176.65.139.130

🇮🇳 106.76.163.89

🇫🇷 91.231.89.68

🇺🇸 64.95.9.230

🇺🇸 64.62.197.149

🇺🇸 64.62.156.196

🇻🇳 14.248.98.132

🇨🇳 218.0.56.30