JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.47.130

85.203.47.130 was found in our database!

This IP was reported 88 times. Confidence of Abuse is 31%: ?

31%

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42708
Domain Name	falco-networks.com
Country	🇩🇰 Denmark
City	Copenhagen, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.47.130

Whois 85.203.47.130

IP Abuse Reports for 85.203.47.130:

This IP address has been reported a total of 88 times from 34 distinct sources. 85.203.47.130 was first reported on October 31st 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 paissangroup	2025-10-25 19:48:15 (7 months ago)	Multiple WAF Violations	Web App Attack
Anonymous	2025-10-23 09:03:02 (7 months ago)	Bot / scanning and/or hacking attempts: GET /admin/tmp/ HTTP/1.1, GET /admin/uploads/images/ HTTP/1. ... show more Bot / scanning and/or hacking attempts: GET /admin/tmp/ HTTP/1.1, GET /admin/uploads/images/ HTTP/1.1, GET /shellv3.php HTTP/1.1, GET /admin/images/slider/ HTTP/1.1, GET /wp-content/uploads/2021/ HTTP/1.1, GET /wp-admin/images/ HTTP/1.1, GET /admin/uploads/ HTTP/1.1, GET /wordpress/wp-includes/ HTTP/1.1, GET /blog/wp-includes/ HTTP/1.1, GET /admin/editor/ HTTP/1.1, GET /wp-content/plugins/elementor/ HTTP/1.1, GET /wp-content/mu-plugins/ HTTP/1.1, GET /upload/image/ HTTP/1.1, GET /wp-content/uploads/ao_ccss/ HTTP/1.1, GET /sites/default/files/ HTTP/1.1, GET /Admin/uploads/ HTTP/1.1, GET /wordpress/wp-content/uploads/ HTTP/1.1, GET /admin/controller/extension/extension/ HTTP/1.1 show less	Hacking Web App Attack
🇫🇷 dynamix	2025-10-22 23:27:16 (7 months ago)	Multiple WAF Violations	Web App Attack
Anonymous	2025-10-22 18:16:50 (7 months ago)	fail2ban apache-modsecurity web [msg "php scripts are not allowed here"] [uri "/css.php"]	Web App Attack
🇺🇸 Penny Packer	2025-10-13 19:19:28 (7 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2025-09-20 16:26:38 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.130 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 20 12:26:24.027555 2025] [security2:error] [pid 10788:tid 10788] [client 85.203.47.130:50285] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mindtoken.app\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mindtoken.app"] [uri "/backups/dump.sql"] [unique_id "aM7VsHUhrhq-rLpBVEWx7QAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-17 03:03:12 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.130 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 16 23:02:57.999877 2025] [security2:error] [pid 30650:tid 30650] [client 85.203.47.130:37771] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|brazilianbikinis.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "brazilianbikinis.com"] [uri "/old/www.sql"] [unique_id "aMok4Q_AhktKIH7Vkok5qwAAAFY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-09-16 18:49:27 (8 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 ipblock.com	2025-09-07 13:25:00 (8 months ago)	Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-08-23 02:59:55 (9 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇯🇵 Valhalla	2025-07-20 21:53:50 (10 months ago)	/bak/config.json	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-07-20 21:37:53 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.130 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 20 17:37:48.100211 2025] [security2:error] [pid 13378:tid 13398] [client 85.203.47.130:53619] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lancasterdesignercraftsmen.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lancasterdesignercraftsmen.org"] [uri "/backup/dump.sql"] [unique_id "aH1hrMCvTE3fiuWcE1BczwAAAJI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-11 15:19:16 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.130 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 11 11:19:00.924129 2025] [security2:error] [pid 1762:tid 1762] [client 85.203.47.130:46855] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bitcoinsquaretrader.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoinsquaretrader.com"] [uri "/back/dump.sql"] [unique_id "aHErZBaLlrDZXnd1VADYtQAAACM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-07-01 04:55:54 (11 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 Penny Packer	2025-06-05 12:35:04 (11 months ago)	Fail2Ban apache-tripwires	Web App Attack

Showing 31 to 45 of 88 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.167

🇮🇳 128.185.201.170

🇮🇩 103.188.177.46

🇺🇸 66.132.172.156

🇹🇼 61.220.235.10

🇺🇸 47.251.119.72

🇮🇶 185.244.152.117

🇺🇸 184.105.247.246

🇺🇸 162.216.149.20

🇧🇷 131.221.194.9

🇺🇸 93.180.224.80

🇸🇦 46.153.93.72

🇧🇷 2804:52b8:c02b:ff00:d2a0:bbff:fe93:b0a6

🇷🇺 176.48.47.95

🇧🇷 170.150.255.26

🇺🇸 147.185.132.68

🇫🇷 51.38.192.10

🇷🇺 46.147.195.11

🇲🇳 203.91.118.90

🇵🇱 185.241.208.74