JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.239.56.212

85.239.56.212 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 0%: ?

ISP	JSC TIMEWEB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9123
Domain Name	timeweb.com
Country	🇷🇺 Russian Federation
City	Moscow, Moscow

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.239.56.212

Whois 85.239.56.212

IP Abuse Reports for 85.239.56.212:

This IP address has been reported a total of 14 times from 9 distinct sources. 85.239.56.212 was first reported on March 19th 2022, and the most recent report was 9 months ago.

Old Reports: The most recent abuse report for this IP address is from 9 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-09-06 20:01:29 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 85.239.56.212 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.239.56.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 16:01:24.610666 2025] [security2:error] [pid 20052:tid 20052] [client 85.239.56.212:9927] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Carter 3070/Thumbs.db"] [unique_id "aLyTFFfXcfmraM6jXS3VUQAAABs"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Carter%203070/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-20 22:56:08 (11 months ago)	(mod_security) mod_security (id:210730) triggered by 85.239.56.212 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.239.56.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 20 18:55:58.046944 2025] [security2:error] [pid 2952563:tid 2952563] [client 85.239.56.212:19669] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Churchill II Recliner/Thumbs.db"] [unique_id "aFXm_kEL9TVZZ4m-HOJUJQAAABM"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Churchill%20II%20Recliner/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2025-06-19 05:00:18 (11 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 TPI-Abuse	2024-12-01 08:02:40 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 85.239.56.212 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.239.56.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 03:02:35.238744 2024] [security2:error] [pid 3697706:tid 3697706] [client 85.239.56.212:57789] [client 85.239.56.212] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Kendall/Thumbs.db"] [unique_id "Z0wYG1NgFvALOumafMWksQAAAAk"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Kendall/ show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 sms.ru	2024-09-26 07:20:10 (1 year ago)	SMS pumping attack from foreign country	DDoS Attack
🇦🇺 MAGIC	2024-09-24 19:03:42 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2024-08-26 18:43:38 (1 year ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2024-08-07 18:08:48 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 85.239.56.212 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.239.56.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 14:08:39.656122 2024] [security2:error] [pid 28871:tid 28871] [client 85.239.56.212:25493] [client 85.239.56.212] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Briarwood II/Stetson Coffee/originals/Thumbs.db"] [unique_id "ZrO4JwePX0vBWlXZqg-q5QAAAAQ"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Briarwood%20II/Stetson%20Coffee/originals/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 NXTwoThou	2024-06-01 12:40:00 (2 years ago)	Verb	Web App Attack
🇨🇭 backslash	2024-05-18 05:23:19 (2 years ago)	honeypot detection	Bad Web Bot
🇨🇭 backslash	2024-04-12 08:28:05 (2 years ago)	honeypot	Bad Web Bot
🇳🇿 Tripwire	2023-08-22 14:49:45 (2 years ago)	Wordpress login attempts	Brute-Force Web App Attack
🇩🇪 SCHAPPY	2023-07-26 18:48:01 (2 years ago)	IP was involved in L7 DDoS attack.	DDoS Attack
Anonymous	2022-03-19 22:30:00 (4 years ago)	Password Spary Attack	Brute-Force Exploited Host

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.229

🇲🇪 79.143.107.53

🇱🇹 62.60.130.31

🇺🇸 40.67.183.165

🇨🇳 218.25.89.208

🇺🇸 205.185.124.118

🇧🇪 198.235.24.225

🇭🇰 165.154.41.232

🇷🇴 80.94.92.186

🇺🇸 40.67.183.164

🇺🇸 40.67.161.178

🇨🇳 27.39.130.144

🇨🇳 27.17.197.98

🇺🇸 20.168.122.60

🇲🇽 186.96.145.241

🇷🇺 178.176.224.83

🇮🇹 95.240.192.149

🇫🇷 91.231.89.187

🇫🇷 82.102.18.126

🇳🇱 81.19.216.96