JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.20.8

85.203.20.8 was found in our database!

This IP was reported 95 times. Confidence of Abuse is 23%: ?

23%

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	falco-networks.com
Country	🇭🇷 Croatia
City	Zagreb, Zagreb

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.20.8

Whois 85.203.20.8

IP Abuse Reports for 85.203.20.8:

This IP address has been reported a total of 95 times from 23 distinct sources. 85.203.20.8 was first reported on February 27th 2023, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-25 21:33:29 (23 hours ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 Dolphi	2026-06-25 08:20:21 (1 day ago)	POST //xmlrpc.php	Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-25 08:01:17 (1 day ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-03-10 22:34:40 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 18:34:32.580072 2026] [security2:error] [pid 20071:tid 20071] [client 85.203.20.8:58609] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.spectorworld.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.spectorworld.com"] [uri "/bak/dump.sql"] [unique_id "abCceBLCUkLZ9VxvdUgXogAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 Valhalla	2026-03-02 23:52:09 (3 months ago)	/backup/directory.tar.gz	Hacking Web App Attack
🇩🇪 FeG Deutschland	2026-02-23 23:01:07 (4 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇯🇵 Valhalla	2026-02-23 20:20:50 (4 months ago)	/restore/public_html.gz	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-07 06:56:40 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 01:56:32.649616 2026] [security2:error] [pid 11547:tid 11547] [client 85.203.20.8:64945] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nationalenq.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nationalenq.com"] [uri "/restore/mysql.sql"] [unique_id "aYbiIJ1DpRV6dUqJTvYPawAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-28 18:36:33 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 28 13:36:26.529552 2026] [security2:error] [pid 23729:tid 23729] [client 85.203.20.8:38221] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.pcga.golf\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pcga.golf"] [uri "/old/www.sql"] [unique_id "aXpXKh4EgS8Ke1SuQokYyQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2026-01-12 22:36:46 (5 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2025-11-29 05:54:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 29 00:54:51.647306 2025] [security2:error] [pid 13115:tid 13115] [client 85.203.20.8:61945] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bitcoinsquaretrader.com"] [uri "/backup/sftp-config.json"] [unique_id "aSqKq5CY_ktUi9884Ebm3gAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 Valhalla	2025-11-16 04:19:08 (7 months ago)	/back/directory.gz	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-10-31 06:04:39 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 31 02:04:31.089832 2025] [security2:error] [pid 24924:tid 24924] [client 85.203.20.8:31525] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|intercotrading.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "intercotrading.com"] [uri "/backup/www.sql"] [unique_id "aQRRb1o-hMhPOfULKhLozwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-22 04:18:24 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 22 00:18:19.942403 2025] [security2:error] [pid 626:tid 626] [client 85.203.20.8:35027] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bitcointradingsquare.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcointradingsquare.com"] [uri "/backups/backup.sql"] [unique_id "aPhbC-hOYFjemuWy0oO5fwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-10-17 09:57:14 (8 months ago)	Fail2Ban apache-tripwires	Web App Attack

Showing 1 to 15 of 95 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 131.72.173.38

🇨🇳 121.227.31.13

🇮🇳 103.180.212.135

🇻🇳 103.161.170.12

🇺🇿 87.192.224.131

🇧🇷 45.190.235.5

🇲🇽 187.190.179.251

🇨🇳 112.86.225.247

🇸🇦 77.31.230.229

🇩🇪 69.5.169.90

🇬🇧 35.203.211.252

🇺🇸 34.71.30.159

🇺🇸 205.210.31.47

🇮🇳 122.166.253.226

🇨🇳 112.86.225.202

🇮🇷 80.191.201.43

🇺🇸 54.162.157.17

🇳🇱 45.198.224.244

🇧🇷 45.182.5.98

🇧🇷 191.243.4.6