JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.20.62

85.203.20.62 was found in our database!

This IP was reported 113 times. Confidence of Abuse is 2%: ?

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	falco-networks.com
Country	🇭🇷 Croatia
City	Zagreb, Zagreb

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.20.62

Whois 85.203.20.62

IP Abuse Reports for 85.203.20.62:

This IP address has been reported a total of 113 times from 31 distinct sources. 85.203.20.62 was first reported on June 22nd 2021, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 demonsword	2026-06-05 13:37:09 (1 week ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.expressapisv2.net:443 show less	Open Proxy Port Scan
Anonymous	2026-02-17 07:58:13 (4 months ago)	wordpress-trap	Web App Attack
🇷🇺 DZBOT	2026-02-16 14:29:22 (4 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇬🇧 consul.to	2026-02-10 01:47:37 (4 months ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-02-05 15:06:45 (4 months ago)	85.203.20.62 - - [05/Feb/2026:15:06:44 +0000] "GET /wp-includes/style-engine/worksec.php HTTP/1.1" 3 ... show more 85.203.20.62 - - [05/Feb/2026:15:06:44 +0000] "GET /wp-includes/style-engine/worksec.php HTTP/1.1" 302 485 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" ... show less	Bad Web Bot Web App Attack
Anonymous	2026-02-05 13:05:20 (4 months ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: WordPress scanning, Webshell probing, Backup file probing show less	Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-02-05 07:24:39 (4 months ago)	200 requests with url.path /.well-known/acme-challenge/.php	Brute-Force Bad Web Bot
Anonymous	2026-02-04 12:03:10 (4 months ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: WordPress scanning, Webshell probing, Backup file probing show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-22 20:56:43 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.62 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 22 15:56:36.630178 2026] [security2:error] [pid 23960:tid 23960] [client 85.203.20.62:23579] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.domainexecs.com\|F\|2"] [data ".com.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.domainexecs.com"] [uri "/outpatientspinesurgery.com.sql"] [unique_id "aXKPBGrwp-DOTavuM1xPsAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2026-01-22 04:42:20 (4 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2026-01-14 22:53:39 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.62 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 14 17:53:34.272058 2026] [security2:error] [pid 27848:tid 27848] [client 85.203.20.62:37389] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|trafficstopper.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "trafficstopper.com"] [uri "/bak/dump.sql"] [unique_id "aWgebgc7WQBjx0RKAngNtQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-12-18 19:27:42 (5 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 09:22:04 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.62 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 04:21:57.935939 2025] [security2:error] [pid 15010:tid 15010] [client 85.203.20.62:64957] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|phantomkennels.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "phantomkennels.com"] [uri "/backups/sql.sql"] [unique_id "aTfqNUdGq_26PBOTQCVOswAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 14:30:18 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.62 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 09:30:08.413748 2025] [security2:error] [pid 15813:tid 15813] [client 85.203.20.62:28037] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|pellman-world.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pellman-world.com"] [uri "/restore/mysql.sql"] [unique_id "aS2mcNm3cj4QaNuyUkOarAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Thaliruth	2025-11-30 08:48:23 (6 months ago)	85.203.20.62 - - [30/Nov/2025:09:48:22 +0100] "HEAD /backup.sql.zip HTTP/1.0" 404 5090 "-" "-" ...	SQL Injection

Showing 1 to 15 of 113 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 104.252.49.162

🇭🇰 101.32.1.25

🇺🇸 91.230.168.183

🇩🇪 69.5.169.15

🇰🇷 49.247.37.22

🇭🇰 43.128.60.40

🇬🇧 5.226.140.70

🇷🇴 2.57.122.177

🇺🇸 205.210.31.13

🇧🇷 189.50.142.78

🇺🇸 167.99.148.102

🇰🇷 119.193.10.118

🇮🇩 103.63.25.214

🇸🇬 101.47.15.26

🇵🇱 83.168.110.24

🇭🇰 38.150.12.15

🇺🇸 34.59.142.192

🇮🇳 2402:a00:403:1cc2:ee00:4967:c8c6:268c

🇹🇳 196.203.166.42

🇫🇷 185.188.249.30