JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.21.223

85.203.21.223 was found in our database!

This IP was reported 516 times. Confidence of Abuse is 82%: ?

82%

ISP	VPN Consumer Network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	falco-networks.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.21.223

Whois 85.203.21.223

IP Abuse Reports for 85.203.21.223:

This IP address has been reported a total of 516 times from 152 distinct sources. 85.203.21.223 was first reported on June 30th 2023, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 dbmwebdesign	2026-06-21 21:20:12 (16 hours ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇮🇪 Jim Keir	2026-06-21 17:57:01 (20 hours ago)	2026-06-21 17:57:01 85.203.21.223 File scanning, blocking 85.203.21.223 for 5 minutes	Web App Attack
🇩🇪 FeG Deutschland	2026-06-21 09:42:36 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇳🇱 Site.eu	2026-06-20 09:31:15 (2 days ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 ghostwarriors	2026-06-20 08:20:07 (2 days ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 02:28:52 (3 days ago)	Multiple, malicious web requests detected	Port Scan Hacking
🇩🇪 ghostwarriors	2026-06-19 01:50:45 (3 days ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-14 23:15:06 (1 week ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-14 15:45:49 (1 week ago)	(mod_security) mod_security (id:240000) triggered by 85.203.21.223 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240000) triggered by 85.203.21.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 11:45:43.271645 2026] [security2:error] [pid 30031:tid 30031] [client 85.203.21.223:30947] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|snowmanchristmascards.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "snowmanchristmascards.net"] [uri "/images/stories/themes.php"] [unique_id "ai7Mp-iqKFmBDyNgdPNgTQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 paissangroup	2026-06-14 07:03:35 (1 week ago)	Multiple WAF Violations	Web App Attack
🇩🇪 LRob.fr	2026-05-28 23:30:07 (3 weeks ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇮🇳 evicky2002	2026-05-28 07:33:20 (3 weeks ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇫🇷 masterguru	2026-05-27 12:48:38 (3 weeks ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-195) show less	Bad Web Bot
Anonymous	2026-05-27 06:04:24 (3 weeks ago)	85.203.21.223 - - [27/May/2026:08:04:23 +0200] "GET /wp-includes/blocks/gallery/ HTTP/1.1" 404 124 " ... show more 85.203.21.223 - - [27/May/2026:08:04:23 +0200] "GET /wp-includes/blocks/gallery/ HTTP/1.1" 404 124 "-" "Go-http-client/1.1" 85.203.21.223 - - [27/May/2026:08:04:23 +0200] "GET /wp-content/languages/autoload_classmap.php HTTP/1.1" 404 124 "-" "Go-http-client/1.1" 85.203.21.223 - - [27/May/2026:08:04:23 +0200] "GET /wp-includes/block-supports/chosen.php HTTP/1.1" 404 124 "-" "Go-http-client/1.1" 85.203.21.223 - - [27/May/2026:08:04:23 +0200] "GET /wp-includes/blocks/group/ HTTP/1.1" 404 124 "-" "Go-http-client/1.1" 85.203.21.223 - - [27/May/2026:08:04:24 +0200] "GET /wp-includes/Text/Diff/Engine/template-singl-portfolio.php HTTP/1.1" 404 124 "-" "Go-http-client/1.1" ... show less	Brute-Force Web App Attack
🇬🇧 andypiper	2026-05-27 01:03:05 (3 weeks ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack

Showing 1 to 15 of 516 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 171.25.158.70

🇨🇳 114.220.176.69

🇧🇩 103.154.158.70

🇵🇱 93.176.211.0

🇺🇸 68.183.122.9

🇵🇱 57.128.225.99

🇳🇱 45.148.10.141

🇳🇬 41.219.149.74

🇰🇷 222.239.251.12

🇻🇳 202.158.244.203

🇳🇱 195.178.110.155

🇩🇪 164.92.249.85

🇺🇸 158.51.126.144

🇸🇬 94.231.206.248

🇮🇳 66.116.224.161

🇺🇸 195.184.76.181

🇷🇴 193.32.162.82

🇨🇦 138.197.150.117

🇸🇬 128.199.118.234

🇺🇸 91.246.177.7