JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.20.86

85.203.20.86 was found in our database!

This IP was reported 139 times. Confidence of Abuse is 0%: ?

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	falco-networks.com
Country	🇭🇷 Croatia
City	Zagreb, Zagreb

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.20.86

Whois 85.203.20.86

IP Abuse Reports for 85.203.20.86:

This IP address has been reported a total of 139 times from 48 distinct sources. 85.203.20.86 was first reported on July 11th 2021, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-02-19 05:31:26 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 00:31:20.650142 2026] [security2:error] [pid 20121:tid 20121] [client 85.203.20.86:47181] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|brazilianbikinis.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "brazilianbikinis.com"] [uri "/bak/mysql.sql"] [unique_id "aZagKAsDrYr94jzetNthdgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 pinguin	2026-02-18 18:20:53 (3 months ago)	Triggered Cloudflare WAF (firewallManaged) from HR. Action taken: LOG Protocol: HTTP/2 (HEAD method) ... show more Triggered Cloudflare WAF (firewallManaged) from HR. Action taken: LOG Protocol: HTTP/2 (HEAD method) Endpoint: /backup.tar UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 Penny Packer	2026-02-16 05:03:32 (4 months ago)	Fail2Ban apache-tripwires	Web App Attack
Anonymous	2026-02-05 15:06:25 (4 months ago)	[Thu Feb 05 15:06:24.815311 2026] [proxy_fcgi:error] [pid 215805:tid 215805] [client 85.203.20.86:21 ... show more [Thu Feb 05 15:06:24.815311 2026] [proxy_fcgi:error] [pid 215805:tid 215805] [client 85.203.20.86:21531] AH01071: Got error 'Primary script unknown' [Thu Feb 05 15:06:24.946204 2026] [proxy_fcgi:error] [pid 215805:tid 215805] [client 85.203.20.86:21531] AH01071: Got error 'Primary script unknown' [Thu Feb 05 15:06:25.151533 2026] [proxy_fcgi:error] [pid 215805:tid 215805] [client 85.203.20.86:21531] AH01071: Got error 'Primary script unknown' [Thu Feb 05 15:06:25.296798 2026] [proxy_fcgi:error] [pid 215805:tid 215805] [client 85.203.20.86:21531] AH01071: Got error 'Primary script unknown' [Thu Feb 05 15:06:25.429493 2026] [proxy_fcgi:error] [pid 215805:tid 215805] [client 85.203.20.86:21531] AH01071: Got error 'Primary script unknown' ... show less	Hacking
Anonymous	2026-02-05 13:05:20 (4 months ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: WordPress scanning, Webshell probing, Backup file probing show less	Bad Web Bot Web App Attack
Anonymous	2026-02-04 12:03:11 (4 months ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HR, Attack patterns: WordPress scanning, Webshell probing, Backup file probing show less	Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2026-01-22 21:09:20 (4 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇯🇵 Valhalla	2026-01-14 20:36:14 (5 months ago)	/backup/bak.tar	Hacking Web App Attack
🇩🇪 FeG Deutschland	2026-01-06 07:59:05 (5 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-01-04 17:54:59 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 04 12:54:54.104603 2026] [security2:error] [pid 3359522:tid 3359637] [client 85.203.20.86:49077] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|magazineofwallstreet.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "magazineofwallstreet.com"] [uri "/backup/dump.sql"] [unique_id "aVqpblsgVv3iGSiA81vm9AAAAhA"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 pinguin	2025-12-28 05:10:25 (5 months ago)	Triggered Cloudflare WAF (firewallManaged) from HR. Action taken: LOG Protocol: HTTP/2 (HEAD method) ... show more Triggered Cloudflare WAF (firewallManaged) from HR. Action taken: LOG Protocol: HTTP/2 (HEAD method) Endpoint: /bak/backup.tar UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-15 22:52:21 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 15 17:52:13.849075 2025] [security2:error] [pid 2417:tid 2417] [client 85.203.20.86:34233] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.pcga.golf\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pcga.golf"] [uri "/bak/backup.sql"] [unique_id "aUCRHW0UhC7-uFP6auqB3AAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 21:29:47 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 16:29:39.765896 2025] [security2:error] [pid 19969:tid 19969] [client 85.203.20.86:51159] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|loriatrading.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "loriatrading.com"] [uri "/backup/www.sql"] [unique_id "aTiUw6RQO7lXksaOj_An4AAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-11-26 06:16:51 (6 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2025-11-17 12:05:15 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.20.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 17 07:05:11.936679 2025] [security2:error] [pid 30596:tid 30596] [client 85.203.20.86:25771] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cier.xyz\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cier.xyz"] [uri "/bak/dump.sql"] [unique_id "aRsPd1UUrcb3DyRjcmAg7gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 139 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 220.189.209.18

🇹🇼 211.72.129.211

🇲🇾 211.25.241.153

🇨🇴 201.184.50.251

🇧🇪 198.235.24.207

🇺🇸 195.184.76.68

🇵🇱 194.180.49.104

🇬🇧 193.32.209.246

🇬🇧 193.8.186.29

🇮🇶 185.136.148.151

🇨🇳 116.1.179.117

🇻🇳 113.187.249.34

🇺🇸 104.243.35.104

🇺🇸 73.165.96.23

🇩🇪 69.5.169.138

🇬🇧 45.82.76.109

🇫🇷 37.60.250.29

🇨🇳 220.180.249.165

🇨🇳 219.143.197.1

🇬🇧 193.32.209.254