JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.239.57.213

85.239.57.213 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 2%: ?

ISP	JSC TIMEWEB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9123
Domain Name	timeweb.com
Country	🇷🇺 Russian Federation
City	Moscow, Moscow

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.239.57.213

Whois 85.239.57.213

IP Abuse Reports for 85.239.57.213:

This IP address has been reported a total of 13 times from 11 distinct sources. 85.239.57.213 was first reported on June 5th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-01 05:32:08 (2 weeks ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇺🇸 TPI-Abuse	2025-09-11 14:55:15 (9 months ago)	(mod_security) mod_security (id:210350) triggered by 85.239.57.213 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 85.239.57.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 11 10:55:00.243526 2025] [security2:error] [pid 16885:tid 16885] [client 85.239.57.213:54113] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|targetbinario.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "targetbinario.com"] [uri "/"] [unique_id "aMLixHIRXrbcxhK1NdlRlAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-11 00:14:48 (9 months ago)	(mod_security) mod_security (id:210350) triggered by 85.239.57.213 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 85.239.57.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 10 20:14:30.389372 2025] [security2:error] [pid 26139:tid 26194] [client 85.239.57.213:41787] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.docdalton.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.docdalton.com"] [uri "/"] [unique_id "aMIUZlEXtNqHZSrEG1d84AAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-08-29 21:47:02 (9 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2024-12-04 06:32:11 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 85.239.57.213 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 85.239.57.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 04 01:31:58.126540 2024] [security2:error] [pid 4522:tid 4522] [client 85.239.57.213:20713] [client 85.239.57.213] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|egret.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "egret.us"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0_3XsVZWAvgX7_2W5rJ9AAAAA0"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 SilverZippo	2024-11-29 08:05:31 (1 year ago)	Web App Attack	Web App Attack
🇫🇷 Jean Valjean	2024-11-16 09:00:19 (1 year ago)	Fail2ban Caboom : wp-login.php Bruteforce	Brute-Force Web App Attack
🇸🇬 oncord	2024-11-01 03:40:38 (1 year ago)	Form spam	Web Spam
🇺🇸 MrDD	2024-10-21 16:02:33 (1 year ago)	Brute Force Attack on Cisco Web VPN	Brute-Force
Anonymous	2024-10-10 01:25:10 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
🇺🇸 Bryan Lemas	2024-10-05 01:58:38 (1 year ago)	"Attempts to brute force our VPN"	Brute-Force
🇨🇦 wil.com	2024-09-25 02:49:31 (1 year ago)	GlobalProtect login attempts with user imorris.	VPN IP Brute-Force
🇩🇪 Admins@FBN	2024-06-05 02:06:15 (2 years ago)	VPN Logon Failed: AAA user authentication Rejected user = <isharlowstreet>	Brute-Force Exploited Host

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇹 185.169.4.161

🇯🇴 176.29.242.161

🇺🇸 65.111.8.21

🇺🇸 45.156.129.88

🇻🇪 38.254.114.7

🇮🇩 36.85.220.88

🇸🇬 23.249.27.90

🇵🇰 210.56.12.205

🇺🇸 172.208.153.6

🇦🇪 152.32.180.86

🇳🇱 45.148.10.183

🇨🇳 36.151.144.76

🇹🇼 1.165.63.233

🇧🇷 190.115.84.25

🇮🇳 182.95.186.22

🇪🇬 154.182.133.105

🇺🇸 100.52.14.225

🇷🇺 81.177.101.45

🇭🇷 78.2.16.37

🇮🇳 20.244.81.58