JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.47.116

85.203.47.116 was found in our database!

This IP was reported 68 times. Confidence of Abuse is 34%: ?

34%

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42708
Domain Name	falco-networks.com
Country	🇩🇰 Denmark
City	Copenhagen, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.47.116

Whois 85.203.47.116

IP Abuse Reports for 85.203.47.116:

This IP address has been reported a total of 68 times from 27 distinct sources. 85.203.47.116 was first reported on January 28th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 dyln	2026-06-02 17:32:40 (1 day ago)	Dyls honeypot brute-force: proto8 (1 total hits)	Brute-Force
🇮🇩 David Koswari	2026-05-25 05:23:00 (1 week ago)	REQ_BLOCKED_ACL	DDoS Attack FTP Brute-Force Ping of Death Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇩🇪 ghostwarriors	2026-05-24 10:50:27 (1 week ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇬🇧 knock	2026-05-16 15:29:00 (2 weeks ago)	Knock-Knock honeypot brute-force: proto8 (1 total hits)	Brute-Force
🇺🇸 TPI-Abuse	2026-05-15 15:45:09 (2 weeks ago)	(mod_security) mod_security (id:240000) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240000) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 11:44:54.809735 2026] [security2:error] [pid 23441:tid 23441] [client 85.203.47.116:56433] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|eefinchco.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "eefinchco.com"] [uri "/images/stories/themes.php"] [unique_id "agc_dgl2iGPWKlm6fXREMwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-05-10 15:05:16 (3 weeks ago)	Too many Status 40X (12)	Brute-Force Web App Attack
🇫🇷 Octopuce	2026-04-28 10:40:15 (1 month ago)	Aggressive web search of vulnerable pages: /wp-includes/block-supports/index.php /wp-includes/ID3/ab ... show more Aggressive web search of vulnerable pages: /wp-includes/block-supports/index.php /wp-includes/ID3/about.php /wp-content/themes/index.php /wp-ad ... show less	Web App Attack
🇬🇧 consul.to	2026-04-26 00:56:47 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-04-15 00:12:35 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 14 20:12:20.014157 2026] [security2:error] [pid 1243090:tid 1243115] [client 85.203.47.116:60479] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kandooo.com"] [uri "/.git/execute.php"] [unique_id "ad7X5AhwmDVvi8zQ5EK8igAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-17 21:43:43 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 17 17:43:29.013463 2026] [security2:error] [pid 2322:tid 2322] [client 85.203.47.116:33217] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|secureonebank.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "secureonebank.net"] [uri "/backups/sql.sql"] [unique_id "abnLAXiV_q852Cy4uz211gAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 Valhalla	2026-03-17 12:08:11 (2 months ago)	/old/backup.rar	Hacking Web App Attack
🇬🇧 consul.to	2026-03-12 22:21:05 (2 months ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-03-03 08:22:45 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 dynamix	2026-03-03 02:22:47 (3 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-02-24 05:26:31 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 24 00:26:16.125361 2026] [security2:error] [pid 13932:tid 13932] [client 85.203.47.116:43717] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.crypto-stamps.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.crypto-stamps.com"] [uri "/back/mysql.sql"] [unique_id "aZ02ePpqSolQXQAdfzeKrwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 68 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.231

🇬🇧 185.247.137.96

🇮🇷 185.231.181.16

🇳🇱 176.65.148.84

🇺🇸 172.178.16.179

🇺🇸 152.32.205.153

🇺🇸 149.57.63.23

🇵🇰 103.213.112.188

🇲🇲 103.25.76.177

🇫🇮 65.109.78.187

🇺🇸 46.37.100.35

🇺🇸 35.88.214.166

🇫🇮 185.148.3.54

🇳🇱 151.246.238.104

🇦🇫 149.54.62.62

🇺🇸 71.6.199.65

🇭🇰 47.86.185.101

🇦🇿 46.32.170.48

🇺🇸 216.218.206.120

🇧🇦 185.65.107.14