JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.20.20

85.203.20.20 was found in our database!

This IP was reported 124 times. Confidence of Abuse is 39%: ?

39%

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	falco-networks.com
Country	🇭🇷 Croatia
City	Zagreb, Zagreb

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.20.20

Whois 85.203.20.20

IP Abuse Reports for 85.203.20.20:

This IP address has been reported a total of 124 times from 38 distinct sources. 85.203.20.20 was first reported on May 6th 2021, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 bsoft.de	2026-06-26 08:11:39 (9 hours ago)	85.203.20.20 - - [26/Jun/2026:10:11:35 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 200 798 "-" "Mozilla/5 ... show more 85.203.20.20 - - [26/Jun/2026:10:11:35 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 200 798 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 85.203.20.20 - - [26/Jun/2026:10:11:37 +0200] "GET //wp-json/wp/v2/users/ HTTP/1.1" 404 148 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 85.203.20.20 - - [26/Jun/2026:10:11:38 +0200] "POST //xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" show less	Web App Attack
🇲🇽 octageeks.com	2026-06-26 04:12:19 (13 hours ago)	Wordpress malicious attack:[octawpauthor]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 01:56:56 (15 hours ago)	(mod_security) mod_security (id:225170) triggered by 85.203.20.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 85.203.20.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 21:56:51.854671 2026] [security2:error] [pid 11514:tid 11514] [client 85.203.20.20:30513] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.natickvillagerentals.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.natickvillagerentals.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aj3cY3nph98kkSIjZx20egAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-25 21:31:06 (20 hours ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇧🇪 cmbplf	2026-06-25 13:41:00 (1 day ago)	2.994 requests with url.path //xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 Penny Packer	2026-02-01 12:21:10 (4 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇩🇪 bescared	2026-02-01 12:06:16 (4 months ago)	F2B - Malicious activity detected. URL Probing.	Hacking Bad Web Bot Web App Attack
🇺🇸 WizardsToolkit	2026-01-31 06:42:39 (4 months ago)	attempted to access /backups/Archive.zip	Web App Attack
🇺🇸 TPI-Abuse	2026-01-20 17:19:22 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 12:19:09.694149 2026] [security2:error] [pid 17721:tid 17721] [client 85.203.20.20:46683] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|highstakeslearning.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "highstakeslearning.com"] [uri "/old/mysql.sql"] [unique_id "aW-5DRN_K4RP3hMsS_tWEQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 hbrks	2026-01-19 20:29:57 (5 months ago)	1 attack(s) detected, such as these: {"event":"web_block","ip":"85.203.20.20","host":"marche-be.com" ... show more 1 attack(s) detected, such as these: {"event":"web_block","ip":"85.203.20.20","host":"marche-be.com","request":"GET / HTTP/1.1","user_agent":"","reason":"service:unknow","timestamp":"2026-01-19T20:29:57 00:00","logentry":"marche-be.com 85.203.20.20 - - [19/Jan/2026:20:29:57 0000] GET / HTTP/1.1 444 0 - - - matched:service:unknow"} * Report Details : https://p4u.xyz/VIZ6Q5VBJ62/1 IP Details *: https://p4u.xyz/VIZ6Q5VBJ62/2 show less	Web Spam Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-20 00:55:34 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 19 19:55:31.098863 2025] [security2:error] [pid 10039:tid 10039] [client 85.203.20.20:53709] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bitcointradingsquare.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcointradingsquare.com"] [uri "/backups/sql.sql"] [unique_id "aUX0AxvOf2LkCdchjS92gAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 COMPLEX	2025-12-07 19:03:11 (6 months ago)	Triggered Cloudflare WAF (firewallCustom) from HR. Action taken: MANAGED_CHALLENGE ASN: 212238 (CDNE ... show more Triggered Cloudflare WAF (firewallCustom) from HR. Action taken: MANAGED_CHALLENGE ASN: 212238 (CDNEXT) Protocol: HTTP/2 (GET method) Endpoint: / show less	Bad Web Bot
Anonymous	2025-12-06 09:45:38 (6 months ago)	85.203.20.20 - - [06/Dec/2025:10:44:35 +0100] "GET /burjuva.aspx HTTP/1.1" 404 459 "-" "Mozilla/5.0 ... show more 85.203.20.20 - - [06/Dec/2025:10:44:35 +0100] "GET /burjuva.aspx HTTP/1.1" 404 459 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 85.203.20.20 - - [06/Dec/2025:10:44:35 +0100] "GET /pvt.php HTTP/1.1" 404 459 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" 85.203.20.20 - - [06/Dec/2025:10:44:36 +0100] "GET /shell20211028.php HTTP/1.1" 404 459 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36" 85.203.20.20 - - [06/Dec/2025:10:44:36 +0100] "GET /cgi-bin/wp-2019.php HTTP/1.1" 404 459 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0" 85.203.20.20 - - [06/Dec/2025:10:44:36 +0100] "GET /crypted.php HTTP/1.1" 404 459 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 85.203.20.2 ... show less	DDoS Attack
🇳🇱 i-turnradio.nl	2025-12-03 21:56:57 (6 months ago)	2025-12-03 @ 22:56:57 (CET) ~ Blocked based on risk assessment and prior abuse reports	Web App Attack
Anonymous	2025-12-03 12:00:23 (6 months ago)	wordpress-trap	Web App Attack

Showing 1 to 15 of 124 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 190.92.239.22

🇺🇸 153.66.28.132

🇬🇧 31.14.254.29

🇮🇳 122.166.49.42

🇺🇸 100.49.117.77

🇭🇰 58.152.212.239

🇮🇳 2401:4900:8827:df68:acab:b7f2:4a1c:d149

🇧🇷 191.36.152.28

🇩🇪 185.201.137.85

🇩🇪 167.94.145.17

🇫🇮 147.185.133.178

🇵🇰 111.68.111.124

🇫🇷 91.231.89.131

🇨🇳 81.70.30.41

🇫🇷 45.157.112.219

🇧🇪 34.38.143.207

🇺🇸 20.121.46.95

🇨🇳 1.24.16.5

🇺🇸 213.169.230.77

🇺🇸 195.184.76.23