AbuseIPDB » 85.203.45.241

85.203.45.241 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 32%: ?

32%

ISP	AF Networks
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	falco-networks.com
Country	Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 85.203.45.241

Whois 85.203.45.241

IP Abuse Reports for 85.203.45.241:

This IP address has been reported a total of 18 times from 7 distinct sources. 85.203.45.241 was first reported on December 12th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Penny Packer	2025-03-26 00:35:23 (1 day ago)	Fail2Ban apache-tripwires	Web App Attack
TPI-Abuse	2025-03-22 17:35:08 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 22 13:35:03.291387 2025] [security2:error] [pid 573864:tid 573864] [client 85.203.45.241:56697] [client 85.203.45.241] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aico-sal.com"] [uri "/back/sftp-config.json"] [unique_id "Z970x4jvyZAEyPTPm94NhwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Valhalla	2025-03-11 10:28:03 (2 weeks ago)	/back/bak.tar	Hacking Web App Attack
homemade.mg	2025-03-05 07:00:40 (3 weeks ago)	Low quality URL in spam	Web Spam Blog Spam
bescared	2025-03-05 05:45:31 (3 weeks ago)	F2B - Malicious activity detected. URL Probing.	Hacking Bad Web Bot Web App Attack
TPI-Abuse	2025-02-27 13:41:23 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 08:41:19.994540 2025] [security2:error] [pid 12809:tid 12809] [client 85.203.45.241:51615] [client 85.203.45.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||qualityelevatorcabs.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "qualityelevatorcabs.com"] [uri "/back/mysql.sql"] [unique_id "Z8Brf1TS4OuSrmP3yRMyqwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Valhalla	2025-02-25 18:13:57 (1 month ago)	Please go home & write a better scraper	Hacking Bad Web Bot Web App Attack
Penny Packer	2025-02-25 07:39:45 (1 month ago)	Fail2Ban apache-tripwires	Web App Attack
TPI-Abuse	2025-02-23 03:18:46 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 22 22:18:39.373800 2025] [security2:error] [pid 28761:tid 28761] [client 85.203.45.241:25545] [client 85.203.45.241] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.enriquelaw.com"] [uri "/backups/sftp-config.json"] [unique_id "Z7qTj3EOUcAPOa_u_0AzIQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Thaliruth	2025-02-19 21:13:16 (1 month ago)	reiter-von-rohan.com:443 85.203.45.241 - - [19/Feb/2025:22:13:14 +0100] "HEAD /backups/directory.tar ... show morereiter-von-rohan.com:443 85.203.45.241 - - [19/Feb/2025:22:13:14 +0100] "HEAD /backups/directory.tar.gz HTTP/1.0" 404 930 "-" "-" 85.203.45.241 - - [19/Feb/2025:22:13:14 +0100] "HEAD /backups/directory.tar.gz HTTP/1.0" 404 930 "-" "-" reiter-von-rohan.com:443 85.203.45.241 - - [19/Feb/2025:22:13:16 +0100] "HEAD /backup/config.js HTTP/1.0" 404 930 "-" "-" ... show less	Hacking Web App Attack
TPI-Abuse	2025-01-31 17:09:20 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 31 12:09:14.170379 2025] [security2:error] [pid 24080:tid 24080] [client 85.203.45.241:37833] [client 85.203.45.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.robcohn.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.robcohn.com"] [uri "/bak/dump.sql"] [unique_id "Z50Duv-X6OFB0KHT1PE6QwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-01-28 17:59:42 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 28 12:59:39.515034 2025] [security2:error] [pid 460818:tid 460818] [client 85.203.45.241:4321] [client 85.203.45.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||keychainfilms.com|F|2"] [data ".com.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "keychainfilms.com"] [uri "/keychainfilms.com.sql"] [unique_id "Z5kbC8S9I--DAZbOEeeO8AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-01-28 15:40:00 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 28 10:39:53.172346 2025] [security2:error] [pid 25159:tid 25159] [client 85.203.45.241:12491] [client 85.203.45.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||crypto-stamps.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crypto-stamps.com"] [uri "/backup.sql"] [unique_id "Z5j6SZlfaV_HOzh4n1_K1QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-01-21 00:24:00 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 20 19:23:53.813323 2025] [security2:error] [pid 13684:tid 13684] [client 85.203.45.241:7185] [client 85.203.45.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||nationalenq.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nationalenq.com"] [uri "/backups/wallet.dat"] [unique_id "Z47pGbmEBGbZhtJxWmWlCQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-01-07 15:32:09 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 85.203.45.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 07 10:32:01.939187 2025] [security2:error] [pid 19618:tid 19618] [client 85.203.45.241:31947] [client 85.203.45.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||brazilianbikinis.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "brazilianbikinis.com"] [uri "/backup/wallet.dat"] [unique_id "Z31I8QuljJiHprC47ksDhAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩