JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.47.120

85.203.47.120 was found in our database!

This IP was reported 94 times. Confidence of Abuse is 28%: ?

28%

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42708
Domain Name	falco-networks.com
Country	🇩🇰 Denmark
City	Copenhagen, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.47.120

Whois 85.203.47.120

IP Abuse Reports for 85.203.47.120:

This IP address has been reported a total of 94 times from 45 distinct sources. 85.203.47.120 was first reported on January 22nd 2024, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-11-09 15:56:55 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 09 10:56:39.372234 2025] [security2:error] [pid 29627:tid 29627] [client 85.203.47.120:42037] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|jussetcotradinglimited.co\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jussetcotradinglimited.co"] [uri "/wallet.dat"] [unique_id "aRC5t_DAVkYVqYFfeQ6GQwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-11-02 23:15:42 (7 months ago)	ThreatBook Intelligence: vpn_proxy more details on http://threatbook.io/ip/85.203.47.120	Web App Attack
🇳🇱 BlueWire Hosting	2025-10-26 15:10:28 (7 months ago)	Probing for application vulnerabilities	Brute-Force Web App Attack
🇧🇪 cmbplf	2025-10-26 06:32:39 (7 months ago)	235 requests with url.path /.well-known/pki-validation/.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2025-10-25 05:14:54 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 25 01:14:39.742917 2025] [security2:error] [pid 19938:tid 19938] [client 85.203.47.120:24657] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mindtoken.app\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mindtoken.app"] [uri "/bak/backup.sql"] [unique_id "aPxcvzTwByByPBwzAlis-QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-22 18:16:59 (7 months ago)	fail2ban apache-modsecurity web [msg "php scripts are not allowed here"] [uri "/makeasmtp.php"]	Web App Attack
🇺🇸 island-freaks.com	2025-10-12 12:29:06 (7 months ago)	Attack Type: WordPress Exploit Bot attempt on /backup/bak.rar \| DNS 85.203.47.120 \| Agent: none	Port Scan Hacking Bad Web Bot Exploited Host Web App Attack
Anonymous	2025-10-08 16:43:50 (7 months ago)	wordpress-trap	Web App Attack
🇧🇪 voormedia	2025-10-08 14:32:32 (7 months ago)	Accessed trap at '/admin.php'	Web App Attack
🇩🇪 kjaerulff	2025-10-08 14:16:20 (7 months ago)	Probing for PHP files (1.php)	Web App Attack
🇯🇵 Valhalla	2025-09-27 23:27:20 (8 months ago)	/bak/archive.zip	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-09-21 16:49:53 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 21 12:49:39.861526 2025] [security2:error] [pid 2013074:tid 2013087] [client 85.203.47.120:52995] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|liquido.cocoonprojects.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "liquido.cocoonprojects.com"] [uri "/bak/www.sql"] [unique_id "aNAsoz_ZJbRKwXrCcu-J1wAAAIk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-21 06:35:09 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 21 02:34:56.158901 2025] [security2:error] [pid 26785:tid 26785] [client 85.203.47.120:21411] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|portfolioboosterllc.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "portfolioboosterllc.com"] [uri "/old/sql.sql"] [unique_id "aM-ckPxjQ_ID0XpllheDTwAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-18 21:08:25 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 18 17:08:12.556753 2025] [security2:error] [pid 31874:tid 31874] [client 85.203.47.120:29633] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.spectorworld.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.spectorworld.com"] [uri "/back/www.sql"] [unique_id "aMx0vMSBodnYszSp_5_3MAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-09-16 19:53:19 (8 months ago)	Fail2Ban apache-tripwires	Web App Attack

Showing 31 to 45 of 94 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 199.45.154.151

🇸🇬 107.150.112.233

🇺🇸 2607:f8b0:400e:c05::123

🇺🇸 205.210.31.17

🇭🇰 199.45.155.96

🇳🇱 190.2.149.244

🇫🇷 147.93.93.184

🇻🇳 103.48.82.186

🇳🇱 85.11.167.11

🇺🇸 65.49.1.100

🇳🇱 45.148.10.157

🇩🇪 43.228.157.184

🇮🇳 216.10.245.205

🇳🇱 213.177.179.166

🇬🇧 188.30.79.201

🇨🇳 183.218.213.217

🇺🇸 166.155.116.155

🇮🇳 125.19.179.18

🇮🇳 122.166.49.42

🇰🇷 116.123.150.231