JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.45.234

85.203.45.234 was found in our database!

This IP was reported 82 times. Confidence of Abuse is 39%: ?

39%

ISP	AF Networks
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	falco-networks.com
Country	🇨🇭 Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.45.234

Whois 85.203.45.234

IP Abuse Reports for 85.203.45.234:

This IP address has been reported a total of 82 times from 21 distinct sources. 85.203.45.234 was first reported on December 22nd 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇿 Antinson	2026-06-14 21:56:01 (2 days ago)	Scraping with a high error ratio and request rate	Bad Web Bot
🇺🇸 integrantservices.com	2026-06-12 13:46:38 (5 days ago)	(PERMBLOCK) 85.203.45.234 (CH/Switzerland/-) has had more than 4 temp blocks	Hacking
🇺🇸 integrantservices.com	2026-06-12 12:42:58 (5 days ago)	(wordpress) Failed wordpress login from 85.203.45.234 (CH/Switzerland/-)	Brute-Force
🇰🇷 MW	2026-06-12 08:23:34 (5 days ago)	85.203.45.234 - - [12/Jun/2026:17:23:29 +0900] "GET /wp-admin/js/widgets/ HTTP/1.1" 404 4232 "http:/ ... show more 85.203.45.234 - - [12/Jun/2026:17:23:29 +0900] "GET /wp-admin/js/widgets/ HTTP/1.1" 404 4232 "http://piazza.co.kr/wp-admin/js/widgets/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" 85.203.45.234 - - [12/Jun/2026:17:23:31 +0900] "GET /wp-content/plugins/so-pinyin-slugs/inc/main_json.php HTTP/1.1" 404 459 "http://piazza.co.kr/wp-content/plugins/so-pinyin-slugs/inc/main_json.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" 85.203.45.234 - - [12/Jun/2026:17:23:33 +0900] "GET /wp-content/themes/ HTTP/1.1" 404 459 "http://piazza.co.kr/wp-content/themes/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" show less	Bad Web Bot Web App Attack
Anonymous	2026-06-12 03:51:48 (5 days ago)	[redacted] 85.203.45.234 - - [12/Jun/2026:05:50:57 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" " ... show more [redacted] 85.203.45.234 - - [12/Jun/2026:05:50:57 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted] 85.203.45.234 - - [12/Jun/2026:05:51:03 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted] 85.203.45.234 - - [12/Jun/2026:05:51:12 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted] 85.203.45.234 - - [12/Jun/2026:05:51:18 +0200] "POST //xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" [redacted] 85.203.45.234 - - [12/Jun/2026:05:51:22 + ... show less	Hacking Web App Attack
🇧🇪 cmbplf	2026-06-11 18:34:44 (6 days ago)	13.909 requests with url.path */xmlrpc.php 13.909 requests with url.path //xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-11 17:58:31 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 85.203.45.234 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 85.203.45.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 13:58:26.104924 2026] [security2:error] [pid 21645:tid 21645] [client 85.203.45.234:23339] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 85.203.45.234 (+1 hits since last alert)\|yerevanpress.am\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "yerevanpress.am"] [uri "/xmlrpc.php"] [unique_id "air3QuT-Nj8NXrEHogclOwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-25 16:43:21 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.234 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.45.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 11:43:12.648687 2026] [security2:error] [pid 7090:tid 7090] [client 85.203.45.234:42851] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|matteozacchino.dev\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "matteozacchino.dev"] [uri "/backups/wallet.dat"] [unique_id "aZ8moIKJsZZeQGmLH0IDrAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-24 03:00:49 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.234 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.45.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 22:00:44.754835 2026] [security2:error] [pid 21778:tid 21778] [client 85.203.45.234:38541] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.pcga.golf\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pcga.golf"] [uri "/backup/sql.sql"] [unique_id "aZ0UXPvZiuD3FhnEWlf36wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-16 00:05:14 (4 months ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇺🇸 mnsf	2026-02-14 23:05:21 (4 months ago)	Too many Status 40X (13)	Brute-Force Web App Attack
🇯🇵 Valhalla	2026-02-05 13:52:31 (4 months ago)	/bak/www.gz	Hacking Web App Attack
🇺🇸 Penny Packer	2026-02-01 09:21:18 (4 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 mnsf	2026-01-30 05:05:08 (4 months ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇺🇸 mnsf	2026-01-25 16:05:17 (4 months ago)	Too many Status 40X (11)	Brute-Force Web App Attack

Showing 1 to 15 of 82 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 184.168.21.211

🇷🇴 80.94.92.187

🇮🇳 2409:40f2:1183:79ca:a5f4:4014:e503:f6a8

🇮🇳 2405:201:5804:2068:51c2:3783:5b6b:fed9

🇧🇷 200.6.91.87

🇷🇺 188.234.242.48

🇫🇷 185.144.27.63

🇨🇳 180.76.105.165

🇳🇱 178.16.54.237

🇺🇸 173.255.223.89

🇩🇪 167.94.146.39

🇧🇩 103.146.150.98

🇫🇷 91.231.89.244

🇳🇱 81.19.216.93

🇳🇬 62.173.38.229

🇷🇺 46.39.254.221

🇳🇱 45.148.10.152

🇺🇸 216.73.216.94

🇲🇽 186.96.182.109

🇺🇸 172.105.128.12