JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.47.20

85.203.47.20 was found in our database!

This IP was reported 83 times. Confidence of Abuse is 18%: ?

18%

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42708
Domain Name	falco-networks.com
Country	🇩🇰 Denmark
City	Copenhagen, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.47.20

Whois 85.203.47.20

IP Abuse Reports for 85.203.47.20:

This IP address has been reported a total of 83 times from 30 distinct sources. 85.203.47.20 was first reported on October 2nd 2023, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mw	2026-06-05 01:20:05 (5 hours ago)	GET /wp-admin/css/colors/light/profile.php HTTP/1.1	Web App Attack
🇬🇧 consul.to	2026-04-27 16:54:04 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇳🇱 Site.eu	2026-04-22 00:31:27 (1 month ago)	Excessive 404/403 errors	Brute-Force
🇸🇪 vaia.cloud	2026-04-16 05:33:02 (1 month ago)	trying wp-login.php/xmlrpc.php 32 times in 1 minutes	Brute-Force Web App Attack
🇨🇭 backslash	2026-04-04 11:21:01 (2 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇫🇷 Octopuce	2026-04-03 23:43:19 (2 months ago)	Aggressive web search of vulnerable pages: /.well-known/pki-validation/moon.php /wp-content/themes/t ... show more Aggressive web search of vulnerable pages: /.well-known/pki-validation/moon.php /wp-content/themes/twenty/twenty.php /wp-content/plugins/pwnd-1 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-09 09:47:19 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 09 05:47:02.772142 2026] [security2:error] [pid 4311:tid 4319] [client 85.203.47.20:62997] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|liquido.cocoonprojects.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "liquido.cocoonprojects.com"] [uri "/www.sql"] [unique_id "aa6XFkTxR0wQVCqky6HtpwAAAUY"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-03-09 00:56:06 (2 months ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-122) show less	Bad Web Bot
🇺🇸 Penny Packer	2026-02-27 19:12:42 (3 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2026-02-25 09:37:59 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 04:37:44.814846 2026] [security2:error] [pid 26447:tid 26447] [client 85.203.47.20:38065] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bitcointoolshop.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcointoolshop.com"] [uri "/old/mysql.sql"] [unique_id "aZ7C6LSU1f7s5UZ5I0i-LAAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-02-24 09:13:32 (3 months ago)	85.203.47.20 - - [24/Feb/2026:11:13:31 +0200] "GET /wp-includes/widgets/ HTTP/1.1" 404 279 "-" "Mozi ... show more 85.203.47.20 - - [24/Feb/2026:11:13:31 +0200] "GET /wp-includes/widgets/ HTTP/1.1" 404 279 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36" 85.203.47.20 - - [24/Feb/2026:11:13:31 +0200] "GET /wp-admin/network/ HTTP/1.1" 404 279 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" ... show less	Web App Attack
🇬🇧 consul.to	2026-02-24 05:13:11 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-02-24 02:39:32 (3 months ago)	(mod_security) mod_security (id:240000) triggered by 85.203.47.20 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240000) triggered by 85.203.47.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 21:39:18.891791 2026] [security2:error] [pid 9184:tid 9184] [client 85.203.47.20:56067] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|murphylumber.ca\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "murphylumber.ca"] [uri "/images/stories/themes.php"] [unique_id "aZ0PVsoVzPs-GAaDf_05_AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇿 Antinson	2026-02-21 09:57:14 (3 months ago)	Scraping with a high error ratio and request rate	Bad Web Bot
🇬🇧 consul.to	2026-02-20 06:00:19 (3 months ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 83 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 202.46.62.19

🇩🇪 176.65.132.22

🇺🇸 165.154.172.79

🇺🇸 162.216.150.131

🇩🇿 154.254.219.17

🇩🇴 152.166.156.221

🇯🇵 103.163.220.65

🇧🇷 187.45.125.234

🇧🇷 177.52.215.80

🇦🇪 176.205.78.191

🇺🇸 172.59.33.179

🇨🇳 113.232.31.63

🇩🇪 92.122.215.120

🇫🇷 91.231.89.135

🇩🇪 2.27.36.23

🇹🇼 198.235.24.66

🇺🇸 165.154.134.246

🇨🇳 112.6.11.184

🇻🇳 103.98.148.62

🇺🇸 64.62.156.227