JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.239.239.57

85.239.239.57 was found in our database!

This IP was reported 202 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS40021
Hostname(s)	vmi3340136.contaboserver.net
Domain Name	contabo.com
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.239.239.57

Whois 85.239.239.57

IP Abuse Reports for 85.239.239.57:

This IP address has been reported a total of 202 times from 121 distinct sources. 85.239.239.57 was first reported on June 1st 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 6kilowatti	2026-06-03 14:08:14 (9 hours ago)	2026-06-03T17:08:12.940586+03:00 6kw kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:b6:e7:09:78:9a:18 ... show more 2026-06-03T17:08:12.940586+03:00 6kw kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:b6:e7:09:78:9a:18:bd:57:7e:08:00 SRC=85.239.239.57 DST=5.61.88.83 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=40401 PROTO=TCP SPT=50287 DPT=23 WINDOW=65535 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇬🇧 Apache	2026-06-03 14:03:13 (9 hours ago)	(mod_security) mod_security (id:920170) triggered by 85.239.239.57 (US/United States/vmi3340136.cont ... show more (mod_security) mod_security (id:920170) triggered by 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇺🇸 mc4bbs	2026-06-03 14:02:47 (9 hours ago)	Automated Apache detection on Windows host. 5 suspicious HTTP requests within 300 seconds. Examples: ... show more Automated Apache detection on Windows host. 5 suspicious HTTP requests within 300 seconds. Examples: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh -> 403 UA=""; POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh -> 403 UA=""; GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php -> 404 UA=""; GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php -> 404 UA=""; GET /vendor/phpunit/src/Util/PHP/eval-stdin.php -> 404 UA="" show less	Web App Attack Hacking
🇺🇸 bigscoots.com	2026-06-03 14:01:14 (9 hours ago)	(sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the ... show more (sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 3 08:59:49 14828 sshd[29878]: Invalid user admin from 85.239.239.57 port 41888 Jun 3 08:59:51 14828 sshd[29878]: Failed password for invalid user admin from 85.239.239.57 port 41888 ssh2 Jun 3 09:00:21 14828 sshd[30287]: Invalid user orangepi from 85.239.239.57 port 49996 Jun 3 09:00:23 14828 sshd[30287]: Failed password for invalid user orangepi from 85.239.239.57 port 49996 ssh2 Jun 3 09:00:53 14828 sshd[30471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 user=root show less	Brute-Force SSH
🇩🇪 paissangroup	2026-06-03 13:59:10 (9 hours ago)	Multiple WAF Violations	Web App Attack
🇮🇪 AutosOnShow	2026-06-03 13:26:05 (10 hours ago)	blocked for webapp attack \| path requested: / \| seen at 2026-06-03 13:25:11.995 \|	Web App Attack
🇩🇪 fds.io	2026-06-03 12:49:20 (10 hours ago)	detected and blocked multiple http 400 bad-request attempts	Bad Web Bot Web App Attack
🇮🇪 AutosOnShow	2026-06-03 12:45:07 (10 hours ago)	blocked for webapp attack \| path requested: /index.php \| seen at 2026-06-03 12:44:13.785 \|	Web App Attack
🇧🇷 Peregrine	2026-06-03 12:44:32 (10 hours ago)	Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: - 85.239.239.57 - - [03/Jun/2026:09:44:22 -0300] "G ... show more Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: - 85.239.239.57 - - [03/Jun/2026:09:44:22 -0300] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 18193 show less	Bad Web Bot
🇳🇱 tpjg	2026-06-03 12:28:43 (11 hours ago)	Automated: 15 requests with error status in 120s window from 85.239.239.57. Evidence: /lib/phpunit/p ... show more Automated: 15 requests with error status in 120s window from 85.239.239.57. Evidence: /lib/phpunit/phpunit/Util/PHP/eval-stdin.php:404,/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php:404,/phpunit/Util/PHP/eval-stdin.php:404,/phpunit/src/Util/PHP/eval-stdin.php:404,/phpunit/phpunit/Util/PHP/eval-stdin.php:404,/phpunit/phpunit/src/Util/PHP/eval-stdin.php:404,/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php:404,/vendor/phpunit/phpunit/LICENSE/eval-stdin.php:404,/vendor/phpunit/Util/PHP/eval-stdin.php:404,/vendor/phpunit/src/Util/PHP/eval-stdin.php:404,/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php:404,/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php:404,/hello.world:404,/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh:404,/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh:404 show less	Web App Attack
🇩🇪 KPS	2026-06-03 12:28:34 (11 hours ago)	PortscanM	Port Scan
🇺🇸 bigscoots.com	2026-06-03 12:23:10 (11 hours ago)	(sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the ... show more (sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 3 07:21:48 13752 sshd[23810]: Invalid user admin from 85.239.239.57 port 58314 Jun 3 07:21:49 13752 sshd[23810]: Failed password for invalid user admin from 85.239.239.57 port 58314 ssh2 Jun 3 07:22:19 13752 sshd[24145]: Invalid user orangepi from 85.239.239.57 port 38264 Jun 3 07:22:21 13752 sshd[24145]: Failed password for invalid user orangepi from 85.239.239.57 port 38264 ssh2 Jun 3 07:22:52 13752 sshd[24291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 user=root show less	Brute-Force SSH
🇩🇪 itsolon	2026-06-03 12:16:32 (11 hours ago)	[03/Jun/2026:14:16:30 +0200] 178048899063.611984 85.239.239.57 55142 217.154.7.177 80 [03/Jun/2026:1 ... show more [03/Jun/2026:14:16:30 +0200] 178048899063.611984 85.239.239.57 55142 217.154.7.177 80 [03/Jun/2026:14:16:30 +0200] 178048899059.725814 85.239.239.57 55142 217.154.7.177 80 [03/Jun/2026:14:16:31 +0200] 178048899191.531746 85.239.239.57 55142 217.154.7.177 80 [03/Jun/2026:14:16:31 +0200] 178048899151.227492 85.239.239.57 55142 217.154.7.177 80 [03/Jun/2026:14:16:31 +0200] 17804889914.319333 85.239.239.57 55142 217.154.7.177 80 ... show less	Port Scan Hacking Brute-Force Web App Attack
🇦🇺 greenhost.com.au	2026-06-03 12:00:05 (11 hours ago)	Automated report: 216 attacks in 24h targeting cwp2 via SSH. SSH/brute_force: 162 on cwp2; SSH/inval ... show more Automated report: 216 attacks in 24h targeting cwp2 via SSH. SSH/brute_force: 162 on cwp2; SSH/invalid_user: 54 on cwp2 show less	Brute-Force SSH
🇮🇪 AutosOnShow	2026-06-03 11:49:05 (11 hours ago)	blocked for webapp attack \| path requested: /index.php \| seen at 2026-06-03 11:48:54.037 \|	Web App Attack

Showing 31 to 45 of 202 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 207.46.13.153

🇮🇳 116.74.225.83

🇮🇹 91.80.173.150

🇧🇷 45.165.14.197

🇺🇸 204.44.70.181

🇵🇦 190.97.165.93

🇨🇳 183.150.182.171

🇫🇷 176.191.43.176

🇫🇷 176.138.1.33

🇨🇳 113.206.181.60

🇺🇸 107.143.175.251

🇦🇪 92.98.134.91

🇯🇵 43.130.229.228

🇧🇪 34.78.29.97

🇺🇸 162.216.150.86

🇷🇺 85.142.100.138

🇱🇹 81.30.98.158

🇺🇸 69.112.28.181

🇧🇷 43.157.163.155

🇨🇳 219.134.115.44