JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.21.159

85.203.21.159 was found in our database!

This IP was reported 538 times. Confidence of Abuse is 86%: ?

86%

ISP	VPN Consumer Network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	falco-networks.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.21.159

Whois 85.203.21.159

IP Abuse Reports for 85.203.21.159:

This IP address has been reported a total of 538 times from 167 distinct sources. 85.203.21.159 was first reported on August 2nd 2023, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 dbmwebdesign	2026-06-21 21:10:12 (8 hours ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇮🇪 Jim Keir	2026-06-21 17:56:05 (12 hours ago)	2026-06-21 17:56:04 85.203.21.159 File scanning, blocking 85.203.21.159 for 5 minutes	Web App Attack
🇩🇪 Ba-Yu	2026-06-21 12:24:06 (17 hours ago)	WordPress hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 12:07:07 (17 hours ago)	(mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 08:07:01.397007 2026] [security2:error] [pid 11792:tid 11792] [client 85.203.21.159:40369] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.the-it-man.com"] [uri "/wp-includes/wp-config.php"] [unique_id "ajfT5Q68ahJjgL0DmYqU9wAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-21 09:47:07 (20 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 24	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 19:17:28 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 15:17:21.474408 2026] [security2:error] [pid 19045:tid 19045] [client 85.203.21.159:37571] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.flatchestedmama.com"] [uri "/wp-includes/js/wp-config.php"] [unique_id "ajbnQcKR_hDz1OtDzNqu9wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 14:08:26 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 10:08:18.366018 2026] [security2:error] [pid 22379:tid 22379] [client 85.203.21.159:47841] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.fishleadership.org"] [uri "/wp-includes/wp-config.php"] [unique_id "ajae0s0HGVAL_-yqgs97vAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ghostwarriors	2026-06-20 08:20:08 (1 day ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-20 01:17:48 (2 days ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-19 18:25:16 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:25:13.327999 2026] [security2:error] [pid 8515:tid 8515] [client 85.203.21.159:37045] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wsffjatc.org"] [uri "/wp-content/wp-config.php"] [unique_id "ajWJiWJUN1dY_X6vUKIgbgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 11:53:27 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.203.21.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 07:53:22.454240 2026] [security2:error] [pid 17976:tid 18107] [client 85.203.21.159:39367] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trulyoriginalpurpleoctopus.art"] [uri "/wp-includes/js/wp-config.php"] [unique_id "ajUtsocKFkpiNkLWwR95IgAAARU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ghostwarriors	2026-06-19 01:50:03 (3 days ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-14 23:15:05 (1 week ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇺🇸 Mundo Bueno	2026-05-29 05:58:52 (3 weeks ago)	[ISILIA Protection v2.1] Tentative d'accès: /wp-includes/config.php \| Pays: SG \| UA: Go-http-client/ ... show more [ISILIA Protection v2.1] Tentative d'accès: /wp-includes/config.php \| Pays: SG \| UA: Go-http-client/1.1 show less	Hacking Web App Attack
🇳🇱 Site.eu	2026-05-29 02:59:52 (3 weeks ago)	Excessive multi-domain requests	Brute-Force

Showing 1 to 15 of 538 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 113.182.90.235

🇺🇸 2604:a880:400:d1:0:4:9e8e:4001

🇨🇦 207.60.83.16

🇧🇷 179.146.44.138

🇸🇬 178.128.93.93

🇮🇩 103.146.202.84

🇩🇪 69.5.169.205

🇮🇶 65.20.187.47

🇦🇺 45.134.20.125

🇺🇸 45.79.207.181

🇺🇸 40.124.175.136

🇧🇷 190.9.82.56

🇲🇽 187.141.210.92

🇨🇷 186.15.58.226

🇧🇷 177.92.132.244

🇺🇸 143.20.253.200

🇻🇳 113.190.5.57

🇻🇳 113.186.35.20

🇨🇳 112.228.97.52

🇹🇼 101.13.5.195