JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.82.218.85

185.82.218.85 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 28%: ?

28%

ISP	ITLDC EU2.SOF Datacenter Network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59729
Hostname(s)	bg32.nodes.vertichost.eu
Domain Name	itldc.com
Country	🇧🇬 Bulgaria
City	Sofia, Sofia-Capital

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.82.218.85

Whois 185.82.218.85

IP Abuse Reports for 185.82.218.85:

This IP address has been reported a total of 37 times from 16 distinct sources. 185.82.218.85 was first reported on January 18th 2021, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-31 14:37:36 (4 days ago)	(mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in ... show more (mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 10:37:33.284295 2026] [security2:error] [pid 6873:tid 6873] [client 185.82.218.85:49248] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|haverhillhouse.com:443\|F\|4"] [data "CONNECT haverhillhouse.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "haverhillhouse.com"] [uri "/"] [unique_id "ahxHrdbnZYjw8P0_W29DdQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 23:09:08 (5 days ago)	(mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in ... show more (mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 19:09:01.767733 2026] [security2:error] [pid 7256:tid 7256] [client 185.82.218.85:18714] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|bodiehistory.com:443\|F\|4"] [data "CONNECT bodiehistory.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "bodiehistory.com"] [uri "/"] [unique_id "ahtuDT9jUOUu83ChR8F4JwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-30 00:50:02 (6 days ago)	Web App Attack, Hacking	Hacking Web App Attack
🇨🇭 Origon	2026-05-28 04:41:10 (1 week ago)	http-open-proxy - IP: 185.82.218.85 - time="2026-05-28T06:41:10+02:00" level=info msg="(555f66b4f6a ... show more http-open-proxy - IP: 185.82.218.85 - time="2026-05-28T06:41:10+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-open-proxy by ip 185.82.218.85 (BG/59729) : 4h ban on Ip 185.82.218.85" module=db show less	Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (1 week ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 22ada211-5b5c-463a-b46f-60fd11dc639d	DDoS Attack
🇺🇸 TPI-Abuse	2026-05-24 10:24:49 (1 week ago)	(mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in ... show more (mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 06:24:42.481299 2026] [security2:error] [pid 13281:tid 13281] [client 185.82.218.85:25546] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|www.graymatterofdc.com:443\|F\|4"] [data "CONNECT www.graymatterofdc.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.graymatterofdc.com"] [uri "/"] [unique_id "ahLR6h5qNtQYhO4CpsWCMQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 15:41:58 (2 weeks ago)	(mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in ... show more (mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 11:41:51.002994 2026] [security2:error] [pid 6529:tid 6529] [client 185.82.218.85:40012] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|schonmusic.com:443\|F\|4"] [data "CONNECT schonmusic.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "schonmusic.com"] [uri "/"] [unique_id "agnhv_0YvirQZriz2Hf-WgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 21:31:09 (2 weeks ago)	(mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in ... show more (mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 17:31:01.938209 2026] [security2:error] [pid 3837:tid 3892] [client 185.82.218.85:24490] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|www.myrtlebeachdiet.com:443\|F\|4"] [data "CONNECT www.myrtlebeachdiet.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.myrtlebeachdiet.com"] [uri "/"] [unique_id "ageQlZ_4i0w7z5aKUAwL7QAAAFU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-25 10:44:19 (3 months ago)	Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ... show more Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in thread-skip.asp show less	Exploited Host Bad Web Bot
🇳🇱 exxos	2025-09-15 03:03:01 (8 months ago)	http-no-verb	Hacking
🇺🇸 TPI-Abuse	2025-09-13 12:00:04 (8 months ago)	(mod_security) mod_security (id:210831) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in ... show more (mod_security) mod_security (id:210831) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 13 07:59:53.717174 2025] [security2:error] [pid 22102:tid 22102] [client 185.82.218.85:45683] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|backstore.com\|F\|4"] [data "a href="] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "backstore.com"] [uri "/"] [unique_id "aMVcuXBV4zJjCsT_6S3aWwAAAAU"], referer: https://filmazoon.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Murazaki	2025-09-12 22:02:59 (8 months ago)	185.82.218.85 - - [12/Sep/2025:20:19:42 +0200] "CONNECT mastodon.balamb.fr:443 HTTP/1.1" 500 170 "-" ... show more 185.82.218.85 - - [12/Sep/2025:20:19:42 +0200] "CONNECT mastodon.balamb.fr:443 HTTP/1.1" 500 170 "-" "-" "-" ... show less	Hacking
🇺🇸 TPI-Abuse	2025-09-08 11:32:26 (8 months ago)	(mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in ... show more (mod_security) mod_security (id:217210) triggered by 185.82.218.85 (bg32.nodes.vertichost.eu): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 08 07:32:18.388790 2025] [security2:error] [pid 16974:tid 16974] [client 185.82.218.85:46131] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|james.ahlstrom.name:443\|F\|4"] [data "CONNECT james.ahlstrom.name:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "james.ahlstrom.name"] [uri "/"] [unique_id "aL6-wtvo6QifvxEwMj_CuAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 bescared	2025-09-05 20:38:59 (8 months ago)	F2B - Malicious activity detected. URL Probing.	Hacking Bad Web Bot Web App Attack
🇫🇷 Murazaki	2025-09-03 22:01:44 (9 months ago)	185.82.218.85 - - [03/Sep/2025:03:09:57 +0200] "CONNECT lemmy.balamb.fr:443 HTTP/1.1" 500 170 "-" "- ... show more 185.82.218.85 - - [03/Sep/2025:03:09:57 +0200] "CONNECT lemmy.balamb.fr:443 HTTP/1.1" 500 170 "-" "-" "-" ... show less	Hacking

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇬 197.44.15.210

🇨🇳 117.164.191.217

🇩🇪 69.5.169.205

🇯🇵 43.133.164.143

🇨🇳 39.171.199.221

🇪🇹 196.190.41.137

🇧🇩 103.183.62.2

🇷🇺 92.37.142.176

🇺🇸 64.62.197.183

🇳🇱 45.148.10.157

🇨🇳 42.239.191.248

🇩🇪 213.209.159.56

🇭🇰 152.32.129.154

🇮🇳 122.15.139.162

🇷🇴 92.118.39.62

🇳🇱 81.19.216.111

🇩🇪 69.5.169.73

🇷🇴 2.57.121.25

🇩🇪 213.209.159.108

🇪🇸 213.165.74.84