JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.239.59.49

85.239.59.49 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 0%: ?

ISP	JSC TIMEWEB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9123
Domain Name	timeweb.com
Country	🇷🇺 Russian Federation
City	Moscow, Moscow

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.239.59.49

Whois 85.239.59.49

IP Abuse Reports for 85.239.59.49:

This IP address has been reported a total of 11 times from 5 distinct sources. 85.239.59.49 was first reported on April 12th 2024, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-09-11 00:18:26 (8 months ago)	(mod_security) mod_security (id:210350) triggered by 85.239.59.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 85.239.59.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 10 20:18:18.828116 2025] [security2:error] [pid 16232:tid 16232] [client 85.239.59.49:39513] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|lpsleesburg.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "lpsleesburg.com"] [uri "/"] [unique_id "aMIVSpEPxfv-nRFoyJSNYwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-20 23:05:29 (11 months ago)	(mod_security) mod_security (id:210730) triggered by 85.239.59.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.239.59.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 20 19:05:20.204782 2025] [security2:error] [pid 2961580:tid 2961580] [client 85.239.59.49:11901] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Apex II/Thumbs.db"] [unique_id "aFXpMB-1CuzknRtmbongUgAAABs"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Apex%20II/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2025-06-18 14:50:06 (11 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-03-05 09:09:42 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 85.239.59.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.239.59.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 05 04:09:34.009388 2025] [security2:error] [pid 4124853:tid 4124853] [client 85.239.59.49:38599] [client 85.239.59.49] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".jpg - shortcut.lnk"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Golden-Technologies/pics/Golden_Technologies_PR535_MaxiComfort_Lift_Chair_Recliner_Anchor_Front.jpg - Shortcut.lnk"] [unique_id "Z8gUzi0e-0frzpfubJC9bAAAAAk"], referer: https://vitalitywebb.com/backstore/Golden-Technologies/pics/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-10-10 18:00:11 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
Anonymous	2024-10-03 20:00:11 (1 year ago)	Automatic report - Vulnerability scan /RDWeb/Pages/en-US/login.aspx	Web App Attack
🇨🇦 wil.com	2024-09-25 08:18:26 (1 year ago)	GlobalProtect login attempts with user gshechter.	VPN IP Brute-Force
🇺🇸 TPI-Abuse	2024-08-07 14:44:04 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 85.239.59.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.239.59.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 10:43:56.289255 2024] [security2:error] [pid 27056:tid 27056] [client 85.239.59.49:50753] [client 85.239.59.49] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Steelcase/pics/Cobi/Thumbs.db"] [unique_id "ZrOILAML5SRbiDDygpcIfAAAAAE"], referer: https://vitalitywebb.com/backstore/Steelcase/pics/Cobi/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2024-05-18 05:23:44 (2 years ago)	honeypot detection	Bad Web Bot
Anonymous	2024-05-15 16:57:20 (2 years ago)	Malicious activity detected	Hacking Web App Attack
🇨🇭 backslash	2024-04-12 06:45:05 (2 years ago)	honeypot	Bad Web Bot

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇾 183.171.158.232

🇺🇸 162.144.238.147

🇺🇸 66.132.172.138

🇳🇱 176.65.139.173

🇧🇬 79.124.58.130

🇻🇳 27.71.230.31

🇰🇷 220.80.66.168

🇧🇷 187.72.128.177

🇺🇸 134.122.118.134

🇸🇬 101.47.156.170

🇺🇸 69.12.64.60

🇺🇸 67.207.86.226

🇸🇬 43.163.81.180

🇹🇼 35.201.130.161

🇨🇳 222.222.168.9

🇬🇧 193.163.125.50

🇺🇸 162.216.149.18

🇺🇸 138.91.105.36

🇵🇰 116.71.136.125

🇺🇸 64.95.9.250