JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.239.57.94

85.239.57.94 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	JSC TIMEWEB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9123
Hostname(s)	7627547-bg56273.twc1.net
Domain Name	timeweb.com
Country	🇷🇺 Russian Federation
City	Moscow, Moscow

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.239.57.94

Whois 85.239.57.94

IP Abuse Reports for 85.239.57.94:

This IP address has been reported a total of 12 times from 6 distinct sources. 85.239.57.94 was first reported on April 12th 2024, and the most recent report was 11 months ago.

Old Reports: The most recent abuse report for this IP address is from 11 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-06-21 02:22:06 (11 months ago)	(mod_security) mod_security (id:210730) triggered by 85.239.57.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.239.57.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 20 22:21:49.447821 2025] [security2:error] [pid 3098867:tid 3098867] [client 85.239.57.94:42593] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Danbury II/Danbury II/Stetson Bordeaux/originals/Thumbs.db"] [unique_id "aFYXPYYbJKodpCxIJUu6gwAAABs"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Danbury%20II/Danbury%20II/Stetson%20Bordeaux/originals/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2025-05-24 02:35:04 (1 year ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 TPI-Abuse	2024-11-10 07:29:36 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 85.239.57.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.239.57.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 02:29:21.367425 2024] [security2:error] [pid 1920996:tid 1920996] [client 85.239.57.94:45713] [client 85.239.57.94] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Golden-Technologies/pics/Golden Technologies 2009 Marketing CD/Lift Chairs/Thumbs.db"] [unique_id "ZzBg0XcLtvgdPUeIo3N8OAAAAA8"], referer: https://vitalitywebb.com/backstore/Golden-Technologies/pics/Golden%20Technologies%202009%20Marketing%20CD/Lift%20Chairs/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 wil.com	2024-09-24 04:28:09 (1 year ago)	GlobalProtect login attempts with user jcannon.	VPN IP Brute-Force
🇺🇸 TPI-Abuse	2024-08-07 18:14:29 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 85.239.57.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.239.57.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 14:14:11.922099 2024] [security2:error] [pid 968:tid 968] [client 85.239.57.94:33487] [client 85.239.57.94] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Golden-Technologies/pics/Golden Technologies 2009 Marketing CD/Lift Chairs/Signature Series/Thumbs.db"] [unique_id "ZrO5c5ORzrnx6KCRgjLexgAAABo"], referer: https://vitalitywebb.com/backstore/Golden-Technologies/pics/Golden%20Technologies%202009%20Marketing%20CD/Lift%20Chairs/Signature%20Series/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-07-24 18:33:26 (1 year ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2024-06-28 23:13:40 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 85.239.57.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 85.239.57.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 28 19:13:22.196954 2024] [security2:error] [pid 24019] [client 85.239.57.94:22095] [client 85.239.57.94] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|flutepraise.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "flutepraise.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zn9DkubiI2dJ93qqMUVc8wAAABs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 bsoft.de	2024-06-28 01:51:52 (1 year ago)	85.239.57.94 - - [28/Jun/2024:03:51:41 +0200] "GET /wp-json/wp/v2/users HTTP/1.1" 404 144 "https://w ... show more 85.239.57.94 - - [28/Jun/2024:03:51:41 +0200] "GET /wp-json/wp/v2/users HTTP/1.1" 404 144 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 85.239.57.94 - - [28/Jun/2024:03:51:46 +0200] "GET /wp-json/wp/v2/users HTTP/1.1" 404 144 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 85.239.57.94 - - [28/Jun/2024:03:51:51 +0200] "POST /xmlrpc.php HTTP/1.1" 200 181 "-" "Apache-HttpClient/4.5.13 (Java/11.0.23)" show less	Web App Attack
Anonymous	2024-06-25 21:53:58 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-05-25 04:35:36 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇨🇭 backslash	2024-05-18 05:15:04 (2 years ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇨🇭 backslash	2024-04-12 06:43:48 (2 years ago)	honeypot	Bad Web Bot

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 171.231.182.182

🇺🇸 152.32.151.121

🇺🇸 64.62.197.81

🇺🇸 20.80.72.203

🇭🇰 223.197.186.7

🇵🇰 223.123.38.122

🇹🇷 176.91.48.40

🇭🇰 165.154.70.170

🇰🇷 116.32.159.148

🇮🇳 89.117.245.247

🇺🇸 66.132.186.134

🇨🇳 59.38.131.149

🇨🇳 58.216.251.198

🇳🇱 2a06:a880:5:5c0e::1

🇬🇧 188.240.59.6

🇳🇱 185.156.73.233

🇮🇩 119.47.90.19

🇷🇴 86.124.137.89

🇺🇸 66.132.195.59

🇨🇳 58.247.144.147