JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.133.7.85

45.133.7.85 was found in our database!

This IP was reported 72 times. Confidence of Abuse is 40%: ?

40%

ISP	VPN-Consumer-NZ
Usage Type	Data Center/Web Hosting/Transit
ASN	AS137409
Domain Name	legaconetworks.nl
Country	🇳🇿 New Zealand
City	Auckland, Auckland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.133.7.85

Whois 45.133.7.85

IP Abuse Reports for 45.133.7.85:

This IP address has been reported a total of 72 times from 38 distinct sources. 45.133.7.85 was first reported on December 19th 2021, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-20 13:05:42 (8 hours ago)	(mod_security) mod_security (id:240000) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240000) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 09:05:38.598232 2026] [security2:error] [pid 13296:tid 13326] [client 45.133.7.85:20989] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|oswgr.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "oswgr.com"] [uri "/images/stories/themes.php"] [unique_id "ajaQIuJk57hdrA6RZvV8MwAAANg"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-20 11:55:19 (9 hours ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-06-19 17:13:17 (1 day ago)	45.133.7.85 - - [20/Jun/2026:01:13:13 +0800] "GET /wp-content/languages/about.php HTTP/1.1" 404 196 ... show more 45.133.7.85 - - [20/Jun/2026:01:13:13 +0800] "GET /wp-content/languages/about.php HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 OPR/70.0.3728.95" 45.133.7.85 - - [20/Jun/2026:01:13:14 +0800] "GET /wp-content/plugins/wp-theme-editor/include.php HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0" 45.133.7.85 - - [20/Jun/2026:01:13:14 +0800] "GET /wp-content/plugins/up/main.php HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" 45.133.7.85 - - [20/Jun/2026:01:13:14 +0800] "GET /fonts/fontawesome-webfont.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 45.133.7.85 - - [20/Jun/2026:01:13:15 +0800] "GET /wp-admin/wp-conflg.php HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 12:28:32 (1 day ago)	(mod_security) mod_security (id:240000) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240000) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 08:28:27.514029 2026] [security2:error] [pid 24459:tid 24459] [client 45.133.7.85:62843] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|francoiseroy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "francoiseroy.com"] [uri "/images/stories/themes.php"] [unique_id "ajU16-r7wXZpcMXpSlyXhwAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 conseilgouz	2026-06-19 06:19:17 (1 day ago)	doe-17 : Block hidden directories=>/.trash7206/index.php(/)	Hacking
🇫🇷 SpaceHost-Server	2026-06-18 22:32:46 (1 day ago)		Brute-Force Web App Attack
🇫🇷 SpaceHost-Server	2026-06-17 22:32:09 (2 days ago)		Brute-Force Web App Attack
🇺🇦 URAN Publishing Service	2026-05-07 03:34:34 (1 month ago)	45.133.7.85 - - [07/May/2026:06:30:48 +0300] "GET /wp-content/plugins/WPManager/up.php HTTP/1.1" 404 ... show more 45.133.7.85 - - [07/May/2026:06:30:48 +0300] "GET /wp-content/plugins/WPManager/up.php HTTP/1.1" 404 705 "-" "Go-http-client/1.1" 45.133.7.85 - - [07/May/2026:06:34:33 +0300] "GET /wp-content/plugins/template-singl-portfolio.php HTTP/1.1" 404 705 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇮🇹 VHosting	2026-04-23 08:15:03 (1 month ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-04-21 07:14:24 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 03:14:19.602497 2026] [security2:error] [pid 953244:tid 953244] [client 45.133.7.85:21089] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ankitoner.com"] [uri "/.git/execute.php"] [unique_id "aecjy7IC3Y6fOHqYQdzcZwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-20 22:50:57 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 20 18:50:49.902734 2026] [security2:error] [pid 4164011:tid 4164011] [client 45.133.7.85:52117] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daveskountrykatering.com"] [uri "/.git/execute.php"] [unique_id "aeatyYfoG5qun4MP5T4r1AAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-20 22:16:58 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.133.7.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 20 18:16:50.942308 2026] [security2:error] [pid 3888325:tid 3888325] [client 45.133.7.85:39655] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "zost.net"] [uri "/.git/execute.php"] [unique_id "aeal0pxYiEcFH6ephMCQxAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 fazar	2026-03-12 23:27:58 (3 months ago)	crowdsecurity/http-admin-interface-probing on node: us01	Web App Attack Hacking
🇫🇮 6kilowatti	2026-03-12 23:14:15 (3 months ago)	2026/03/13 01:14:14 [error] 88990#88990: 5179 FastCGI sent in stderr: "Primary script unknown" whil ... show more 2026/03/13 01:14:14 [error] 88990#88990: 5179 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 45.133.7.85, server: oh6ah.fi, request: "GET //alfa.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/oh6ah.fi.sock:", host: "oh6ah.fi" 2026/03/13 01:14:15 [error] 88990#88990: *5179 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 45.133.7.85, server: oh6ah.fi, request: "GET //file.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/oh6ah.fi.sock:", host: "oh6ah.fi" ... show less	Web App Attack
🇺🇸 myagent.site	2026-03-12 20:57:41 (3 months ago)	Blocking for trying to access an exploit file: //wp-admin/maint/index.php	Hacking

Showing 1 to 15 of 72 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 172.253.193.21

🇺🇸 52.6.5.24

🇷🇴 2.57.122.238

🇭🇰 220.246.47.146

🇧🇷 205.210.31.221

🇸🇬 152.32.218.244

🇺🇸 147.182.225.86

🇱🇹 81.30.98.62

🇯🇵 14.137.237.192

🇫🇮 135.181.182.250

🇿🇦 102.129.60.169

🇧🇬 93.94.141.115

🇸🇬 47.236.155.98

🇳🇱 185.213.175.171

🇯🇵 152.32.201.80

🇳🇱 109.104.154.188

🇧🇩 103.86.198.253

🇫🇷 85.217.140.38

🇧🇬 79.124.62.134

🇺🇸 65.49.1.90