JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.20.63

85.203.20.63 was found in our database!

This IP was reported 109 times. Confidence of Abuse is 3%: ?

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	falco-networks.com
Country	🇭🇷 Croatia
City	Zagreb, Zagreb

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.20.63

Whois 85.203.20.63

IP Abuse Reports for 85.203.20.63:

This IP address has been reported a total of 109 times from 33 distinct sources. 85.203.20.63 was first reported on April 3rd 2021, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 demonsword	2026-06-03 13:47:19 (1 week ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.expressapisv2.net:443 show less	Open Proxy Port Scan
🇺🇸 TPI-Abuse	2026-03-15 03:45:13 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 23:45:06.871460 2026] [security2:error] [pid 25328:tid 25328] [client 85.203.20.63:58361] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lusocleaningservice.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lusocleaningservice.com"] [uri "/backups/dump.sql"] [unique_id "abYrQlgDaVZixwK1ntFC3AAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-11 09:34:59 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 11 05:34:52.111765 2026] [security2:error] [pid 9997:tid 9997] [client 85.203.20.63:26101] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mapleleaf-marketing.com"] [uri "/restore/sftp-config.json"] [unique_id "abE3PJmzVpMJL4OfJc8nuQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Axel	2026-03-10 01:49:24 (3 months ago)	Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by pol ... show more Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by policy\|\|ipvi.network\|F\|2 Phase: 2 Severity: CRITICAL URI: /backup/www.sql Server: UK-01 show less	Web App Attack Hacking SQL Injection
Anonymous	2026-02-17 12:22:41 (3 months ago)	wordpress-trap	Web App Attack
🇺🇸 Penny Packer	2026-02-13 09:29:36 (3 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇫🇷 dynamix	2026-02-09 06:09:48 (4 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-02-07 04:45:19 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 06 23:45:12.371747 2026] [security2:error] [pid 25087:tid 25087] [client 85.203.20.63:54881] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|qualityelevatorcabs.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "qualityelevatorcabs.com"] [uri "/restore/www.sql"] [unique_id "aYbDWNMFAc6LV08UJDjBtAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-05 20:07:36 (4 months ago)	(mod_security) mod_security (id:240000) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240000) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 05 15:07:30.429187 2026] [security2:error] [pid 30467:tid 30467] [client 85.203.20.63:25251] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|www.ifilemuseum.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.ifilemuseum.com"] [uri "/images/stories/themes.php"] [unique_id "aYT4gmAnGoTEOw0T_civfAAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-05 17:11:56 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 05 12:11:52.877586 2026] [security2:error] [pid 393:tid 393] [client 85.203.20.63:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ccamp.dev\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ccamp.dev"] [uri "/bak/wallet.dat"] [unique_id "aYTPWGcNfa7qXm8dogf6LwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-05 15:06:36 (4 months ago)	85.203.20.63 - - [05/Feb/2026:15:06:35 +0000] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 302 485 ... show more 85.203.20.63 - - [05/Feb/2026:15:06:35 +0000] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 302 485 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0" ... show less	Bad Web Bot Web App Attack
Anonymous	2026-02-05 13:05:38 (4 months ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: WordPress scanning, Webshell probing show less	Bad Web Bot Web App Attack
Anonymous	2026-02-04 12:03:27 (4 months ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: WordPress scanning, Webshell probing show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-03 03:43:57 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 02 22:43:52.967374 2026] [security2:error] [pid 22993:tid 22993] [client 85.203.20.63:54943] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|russiacoin.info\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "russiacoin.info"] [uri "/backups/sql.sql"] [unique_id "aYFu-IAeS4CrVo5AmBXrZAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2026-01-22 04:42:11 (4 months ago)	Fail2Ban apache-tripwires	Web App Attack

Showing 1 to 15 of 109 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 195.230.103.246

🇲🇽 189.203.190.153

🇮🇶 169.224.95.215

🇺🇸 165.154.162.126

🇭🇰 150.5.154.160

🇻🇳 115.76.55.174

🇺🇸 108.72.18.36

🇮🇳 103.248.120.6

🇷🇺 92.255.196.193

🇷🇸 77.105.37.219

🇻🇳 42.118.25.68

🇬🇧 35.203.211.185

🇺🇸 15.204.165.54

🇻🇳 14.191.13.194

🇧🇪 198.235.24.223

🇺🇸 195.184.76.104

🇲🇽 186.96.145.241

🇺🇸 162.240.237.81

🇹🇼 111.70.16.7

🇳🇵 103.124.99.242