JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 204.85.191.7

204.85.191.7 was found in our database!

This IP was reported 713 times. Confidence of Abuse is 38%: ?

38%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	University of North Carolina at Chapel Hill
Usage Type	University/College/School
ASN	AS36850
Hostname(s)	tor02.telenet.unc.edu
Domain Name	unc.edu
Country	🇺🇸 United States of America
City	Chapel Hill, North Carolina

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 204.85.191.7

Whois 204.85.191.7

IP Abuse Reports for 204.85.191.7:

This IP address has been reported a total of 713 times from 178 distinct sources. 204.85.191.7 was first reported on October 21st 2021, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 02:37:48 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 22:37:43.892668 2026] [security2:error] [pid 32245:tid 32245] [client 204.85.191.7:47544] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.cityoffoley.gov"] [uri "/.git/config"] [unique_id "ajSrdx-Zu3Ib4VffLsEUfAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 grassau.com	2026-06-15 19:26:15 (1 week ago)	(wordpress) Failed wordpress login from 204.85.191.7 (US/United States/-/-/tor02.telenet.unc.edu)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-14 06:15:48 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 02:15:40.215203 2026] [security2:error] [pid 26981:tid 26981] [client 204.85.191.7:54394] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.alphazeta.net"] [uri "/.git/config"] [unique_id "ai5HDEQrbB_FxbOR0-IFCwAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 20:06:30 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 16:06:23.526499 2026] [security2:error] [pid 21413:tid 21426] [client 204.85.191.7:33392] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.sellmantitle.com"] [uri "/.git/config"] [unique_id "aiMsP4MiWUgOUw0yzspEEQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-06-03 18:03:49 (2 weeks ago)	Try to access /xmlrpc.php?rsd	Web App Attack
🇺🇸 cwytech	2026-06-03 05:04:15 (2 weeks ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/rdg-local-lockdown-high.	Bad Web Bot Web App Attack
🇸🇬 securejdprop	2026-05-29 05:47:43 (3 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 69). Ip 204.85.191.7 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-05-29 05:47:41.681707298 +0000 UTC show less	Hacking Web App Attack
🇩🇪 EGP Abuse Dept	2026-05-19 07:26:06 (1 month ago)	Scraping webshop URLs (www.kleintweewielers.nl), likely botnet drone	Bad Web Bot Exploited Host
🇩🇪 psauxit	2026-05-12 22:02:24 (1 month ago)	Fail2Ban - NGINX heavily bad-bot, possible vulnerability scanning and excessive crawling/scraping	Bad Web Bot Web App Attack Hacking Web Spam
🇧🇷 ICS Labs	2026-05-12 00:55:03 (1 month ago)	ICS Labs identified 204.85.191.7 as a malicious indicator from threat intelligence.	Hacking
🇩🇪 big-cloud.nl	2026-05-09 17:18:57 (1 month ago)	Try to access /xmlrpc.php?rsd	Web App Attack
Anonymous	2026-05-06 04:02:48 (1 month ago)	2026-05-05 19:00:29,275 fail2ban.actions [3625835]: NOTICE [tor] Ban 204.85.191.7 2026-05-05 ... show more 2026-05-05 19:00:29,275 fail2ban.actions [3625835]: NOTICE [tor] Ban 204.85.191.7 2026-05-05 22:00:26,697 fail2ban.actions [3625835]: NOTICE [tor] Ban 204.85.191.7 2026-05-06 01:00:26,247 fail2ban.actions [3625835]: NOTICE [tor] Ban 204.85.191.7 2026-05-06 04:00:34,758 fail2ban.actions [3625835]: NOTICE [tor] Ban 204.85.191.7 2026-05-06 07:02:47,307 fail2ban.actions [3625835]: NOTICE [tor] Ban 204.85.191.7 show less	Brute-Force
🇨🇿 ddw	2026-04-29 17:32:53 (1 month ago)	WordPress XMLRPC.PHP Access Attempt.	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 00:39:41 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 20:39:36.326431 2026] [security2:error] [pid 7835:tid 7835] [client 204.85.191.7:50682] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.abecasis.com"] [uri "/.git/config"] [unique_id "afAByJBPglR8BaPqrn5-GwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 18:20:57 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the ... show more (mod_security) mod_security (id:210831) triggered by 204.85.191.7 (tor02.telenet.unc.edu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 14:20:51.522084 2026] [security2:error] [pid 28337:tid 28337] [client 204.85.191.7:52682] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.bonnesfrequences.com\|F\|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.bonnesfrequences.com"] [uri "/robots.txt"] [unique_id "ae5Xg-6kZg0Rugksbqx5jAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 713 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.154

🇺🇸 216.25.89.89

🇺🇸 162.216.149.199

🇨🇳 111.61.175.117

🇳🇴 87.120.104.75

🇺🇸 66.132.172.112

🇳🇱 45.148.10.151

🇺🇸 45.43.57.251

🇸🇬 43.156.91.175

🇧🇷 20.206.105.71

🇷🇴 2.57.121.25

🇨🇳 202.108.14.225

🇮🇩 165.154.48.160

🇺🇸 155.103.69.40

🇸🇬 43.172.198.251

🇳🇱 176.65.139.181

🇸🇪 176.10.197.168

🇦🇷 131.108.140.106

🇨🇳 117.50.119.132

🇨🇳 111.61.192.153