JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.239.239.57

85.239.239.57 was found in our database!

This IP was reported 252 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS40021
Hostname(s)	vmi3340136.contaboserver.net
Domain Name	contabo.com
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.239.239.57

Whois 85.239.239.57

IP Abuse Reports for 85.239.239.57:

This IP address has been reported a total of 252 times from 147 distinct sources. 85.239.239.57 was first reported on June 1st 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 valornode	2026-06-03 15:49:46 (1 day ago)	Detected by CrowdSec on www.iambrayden.net-47d88224: CrowdSec: crowdsecurity/thinkphp-cve-2018-20062 ... show more Detected by CrowdSec on www.iambrayden.net-47d88224: CrowdSec: crowdsecurity/thinkphp-cve-2018-20062 \| ASN: 40021 (CONTABO-40021) \| Country: US \| Range: 85.239.232.0/21 show less	Brute-Force SSH
🇺🇸 antlac1	2026-06-03 15:38:09 (1 day ago)	crowdsecurity/http-cve-2021-41773	Brute-Force Web App Attack
Anonymous	2026-06-03 15:21:38 (1 day ago)	IP banned by Fail2Ban	Brute-Force SSH
🇩🇪 mxpgmbh	2026-06-03 14:33:11 (1 day ago)	2026-06-03T16:32:35.617697+02:00 ** sshd-session[56356]: pam_unix(sshd:auth): authentication failu ... show more 2026-06-03T16:32:35.617697+02:00 sshd-session[56356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 user=root 2026-06-03T16:32:37.542385+02:00 sshd-session[56356]: Failed password for root from 85.239.239.57 port 60788 ssh2 2026-06-03T16:33:08.849492+02:00 sshd-session[56783]: Invalid user from 85.239.239.57 port 46260 2026-06-03T16:33:08.850923+02:00 sshd-session[56783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 2026-06-03T16:33:10.466543+02:00 sshd-session[56783]: Failed password for invalid user ** from 85.239.239.57 port 46260 ssh2 show less	Brute-Force SSH
🇺🇸 MPL	2026-06-03 14:18:56 (1 day ago)	tcp/443 (2 or more attempts)	Port Scan
🇫🇮 6kilowatti	2026-06-03 14:08:14 (1 day ago)	2026-06-03T17:08:12.940586+03:00 6kw kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:b6:e7:09:78:9a:18 ... show more 2026-06-03T17:08:12.940586+03:00 6kw kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:b6:e7:09:78:9a:18:bd:57:7e:08:00 SRC=85.239.239.57 DST=5.61.88.83 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=40401 PROTO=TCP SPT=50287 DPT=23 WINDOW=65535 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇬🇧 Apache	2026-06-03 14:03:13 (1 day ago)	(mod_security) mod_security (id:920170) triggered by 85.239.239.57 (US/United States/vmi3340136.cont ... show more (mod_security) mod_security (id:920170) triggered by 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇺🇸 mc4bbs	2026-06-03 14:02:47 (1 day ago)	Automated Apache detection on Windows host. 5 suspicious HTTP requests within 300 seconds. Examples: ... show more Automated Apache detection on Windows host. 5 suspicious HTTP requests within 300 seconds. Examples: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh -> 403 UA=""; POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh -> 403 UA=""; GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php -> 404 UA=""; GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php -> 404 UA=""; GET /vendor/phpunit/src/Util/PHP/eval-stdin.php -> 404 UA="" show less	Web App Attack Hacking
🇺🇸 bigscoots.com	2026-06-03 14:01:14 (1 day ago)	(sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the ... show more (sshd) Failed SSH login from 85.239.239.57 (US/United States/vmi3340136.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 3 08:59:49 14828 sshd[29878]: Invalid user admin from 85.239.239.57 port 41888 Jun 3 08:59:51 14828 sshd[29878]: Failed password for invalid user admin from 85.239.239.57 port 41888 ssh2 Jun 3 09:00:21 14828 sshd[30287]: Invalid user orangepi from 85.239.239.57 port 49996 Jun 3 09:00:23 14828 sshd[30287]: Failed password for invalid user orangepi from 85.239.239.57 port 49996 ssh2 Jun 3 09:00:53 14828 sshd[30471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.239.239.57 user=root show less	Brute-Force SSH
🇩🇪 paissangroup	2026-06-03 13:59:10 (1 day ago)	Multiple WAF Violations	Web App Attack
🇮🇪 AutosOnShow	2026-06-03 13:26:05 (1 day ago)	blocked for webapp attack \| path requested: / \| seen at 2026-06-03 13:25:11.995 \|	Web App Attack
🇩🇪 fds.io	2026-06-03 12:49:20 (1 day ago)	detected and blocked multiple http 400 bad-request attempts	Bad Web Bot Web App Attack
🇮🇪 AutosOnShow	2026-06-03 12:45:07 (1 day ago)	blocked for webapp attack \| path requested: /index.php \| seen at 2026-06-03 12:44:13.785 \|	Web App Attack
🇧🇷 Peregrine	2026-06-03 12:44:32 (1 day ago)	Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: - 85.239.239.57 - - [03/Jun/2026:09:44:22 -0300] "G ... show more Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: - 85.239.239.57 - - [03/Jun/2026:09:44:22 -0300] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 18193 show less	Bad Web Bot
🇳🇱 tpjg	2026-06-03 12:28:43 (1 day ago)	Automated: 15 requests with error status in 120s window from 85.239.239.57. Evidence: /lib/phpunit/p ... show more Automated: 15 requests with error status in 120s window from 85.239.239.57. Evidence: /lib/phpunit/phpunit/Util/PHP/eval-stdin.php:404,/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php:404,/phpunit/Util/PHP/eval-stdin.php:404,/phpunit/src/Util/PHP/eval-stdin.php:404,/phpunit/phpunit/Util/PHP/eval-stdin.php:404,/phpunit/phpunit/src/Util/PHP/eval-stdin.php:404,/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php:404,/vendor/phpunit/phpunit/LICENSE/eval-stdin.php:404,/vendor/phpunit/Util/PHP/eval-stdin.php:404,/vendor/phpunit/src/Util/PHP/eval-stdin.php:404,/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php:404,/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php:404,/hello.world:404,/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh:404,/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh:404 show less	Web App Attack

Showing 76 to 90 of 252 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 160.251.185.39

🇮🇳 122.185.146.18

🇺🇸 98.97.105.167

🇷🇺 89.23.113.208

🇺🇸 68.235.62.179

🇰🇷 58.225.2.61

🇺🇸 18.225.107.147

🇺🇸 216.24.219.111

🇬🇧 185.247.137.191

🇷🇺 147.45.48.17

🇨🇳 115.190.113.87

🇵🇱 83.218.116.2

🇸🇦 51.235.175.69

🇯🇵 212.32.76.37

🇯🇵 203.25.124.106

🇲🇽 187.190.35.163

🇩🇪 154.14.23.208

🇫🇮 147.185.133.122

🇫🇷 146.70.194.254

🇱🇹 141.98.9.45