JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.45.82

85.203.45.82 was found in our database!

This IP was reported 121 times. Confidence of Abuse is 34%: ?

34%

ISP	AF Networks
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	falco-networks.com
Country	🇨🇭 Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.45.82

Whois 85.203.45.82

IP Abuse Reports for 85.203.45.82:

This IP address has been reported a total of 121 times from 40 distinct sources. 85.203.45.82 was first reported on June 7th 2021, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-14 21:19:06 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 17:18:58.453021 2026] [security2:error] [pid 4069:tid 4069] [client 85.203.45.82:25381] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.alsetsystems.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.alsetsystems.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ai8awt2Ky6CPFkpqwItZ8AAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇰🇷 MW	2026-06-12 08:32:01 (3 days ago)	85.203.45.82 - - [12/Jun/2026:17:31:57 +0900] "GET /wp-includes/blocks/query-pagination-previous/ HT ... show more 85.203.45.82 - - [12/Jun/2026:17:31:57 +0900] "GET /wp-includes/blocks/query-pagination-previous/ HTTP/1.1" 404 4232 "http://piazza.co.kr/wp-includes/blocks/query-pagination-previous/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" 85.203.45.82 - - [12/Jun/2026:17:31:58 +0900] "GET /wp-content/wp-config-backup.php HTTP/1.1" 404 459 "http://piazza.co.kr/wp-content/wp-config-backup.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" 85.203.45.82 - - [12/Jun/2026:17:31:59 +0900] "GET /wp-content/uploads/wp.php HTTP/1.1" 404 459 "http://piazza.co.kr/wp-content/uploads/wp.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" show less	Bad Web Bot Web App Attack
Anonymous	2026-06-12 08:06:10 (3 days ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (11/60 min)'; Requests=11	Port Scan
🇧🇪 cmbplf	2026-06-11 18:33:52 (4 days ago)	20.132 requests with url.path //xmlrpc.php 20.131 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇯🇵 SentinalX by uzumaru	2026-06-04 07:15:29 (1 week ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.deezer.com:443 show less	Open Proxy Port Scan
🇺🇸 TPI-Abuse	2026-03-17 19:46:27 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 17 15:46:19.772886 2026] [security2:error] [pid 5647:tid 5647] [client 85.203.45.82:21201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kim-porter.com"] [uri "/backups/sftp-config.json"] [unique_id "abmvi-N4caEiuqOJr2wC8wAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-28 21:08:50 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 28 16:08:44.406209 2026] [security2:error] [pid 31136:tid 31136] [client 85.203.45.82:34051] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.crypto-stamps.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.crypto-stamps.com"] [uri "/old/mysql.sql"] [unique_id "aaNZXOptW4YO2Lgjkzxo-QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 pinguin	2026-02-28 18:55:49 (3 months ago)	Triggered Cloudflare WAF (firewallManaged) from CH. Action taken: LOG Protocol: HTTP/1.1 (HEAD metho ... show more Triggered Cloudflare WAF (firewallManaged) from CH. Action taken: LOG Protocol: HTTP/1.1 (HEAD method) Endpoint: /bak/backup.sql.gz UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 mnsf	2026-02-15 21:05:14 (4 months ago)	Too many Status 40X (23)	Brute-Force Web App Attack
🇩🇪 BlueWire Hosting	2026-02-15 05:55:59 (4 months ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇺🇸 mnsf	2026-02-14 20:05:06 (4 months ago)	Too many Status 40X (13)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-06 16:34:12 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 06 11:34:04.818391 2026] [security2:error] [pid 19466:tid 19466] [client 85.203.45.82:51923] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lusocleaningservice.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lusocleaningservice.com"] [uri "/mysql.sql"] [unique_id "aYYX_NMhuGhs6Rr7t7l1TgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-02-02 16:05:19 (4 months ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-01-31 23:49:09 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 85.203.45.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 31 18:49:05.505601 2026] [security2:error] [pid 21814:tid 21814] [client 85.203.45.82:30729] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mpaexchangeinc.com"] [uri "/backup/sftp-config.json"] [unique_id "aX6U8QIgS2bdm_qS51E44QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 Valhalla	2026-01-30 12:20:30 (4 months ago)	/backups/dump.sql	Hacking Web App Attack

Showing 1 to 15 of 121 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 203.189.219.195

🇪🇹 196.189.126.10

🇮🇷 195.238.240.31

🇺🇸 107.180.88.176

🇻🇳 103.74.116.219

🇮🇪 18.201.37.82

🇺🇸 208.84.101.109

🇧🇩 203.18.158.156

🇺🇸 172.212.200.195

🇩🇪 118.193.59.15

🇸🇬 103.187.147.214

🇮🇹 93.92.77.187

🇷🇴 80.94.92.184

🇨🇳 60.24.209.60

🇻🇳 27.79.40.79

🇩🇪 167.94.145.31

🇺🇸 136.35.246.152

🇮🇹 93.92.76.243

🇳🇱 85.11.167.118

🇺🇸 13.89.125.17