JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.47.216

85.203.47.216 was found in our database!

This IP was reported 87 times. Confidence of Abuse is 22%: ?

22%

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42708
Domain Name	falco-networks.com
Country	🇩🇰 Denmark
City	Copenhagen, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.47.216

Whois 85.203.47.216

IP Abuse Reports for 85.203.47.216:

This IP address has been reported a total of 87 times from 38 distinct sources. 85.203.47.216 was first reported on January 20th 2024, and the most recent report was 37 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Octopuce	2026-06-05 12:24:50 (37 minutes ago)	Aggressive web search of vulnerable pages: /wp-content/themes/hello-element/ /wp-includes/Text/ /wp- ... show more Aggressive web search of vulnerable pages: /wp-content/themes/hello-element/ /wp-includes/Text/ /wp-includes/sitemaps/ /wp-includes/sodium_comp ... show less	Web App Attack
🇨🇭 zynex	2026-04-28 02:57:31 (1 month ago)	URL Probing: /wp-file.php	Web App Attack
🇬🇧 consul.to	2026-04-27 16:54:11 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇮 YF	2026-04-27 16:01:17 (1 month ago)	Attaque distribuée subnet	DDoS Attack Web App Attack
🇫🇷 dynamix	2026-04-27 14:48:47 (1 month ago)	Multiple WAF Violations	Web App Attack
🇫🇷 Octopuce	2026-04-03 23:42:56 (2 months ago)	Aggressive web search of vulnerable pages: /inputs.php /alfa.php /file.php /mini.php /info.php /log. ... show more Aggressive web search of vulnerable pages: /inputs.php /alfa.php /file.php /mini.php /info.php /log.php /wso.php /modules/scrollbottom/anamama- ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-19 00:26:08 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.216 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 18 20:25:55.503415 2026] [security2:error] [pid 16165:tid 16165] [client 85.203.47.216:40037] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bitcointoolfair.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcointoolfair.com"] [uri "/back/mysql.sql"] [unique_id "abtCkx8AygHQodoEb0aPLgAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-03-12 23:21:36 (2 months ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 myagent.site	2026-03-09 03:21:43 (2 months ago)	Blocking for trying to access an exploit file: //wp-admin/maint/index.php	Hacking
🇪🇸 masterguru	2026-03-09 00:58:57 (2 months ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-122) show less	Bad Web Bot
🇺🇸 mnsf	2026-03-08 18:05:13 (2 months ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-03-05 05:43:23 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.216 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 00:43:05.891431 2026] [security2:error] [pid 23962:tid 24029] [client 85.203.47.216:51931] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|siestakeybch.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "siestakeybch.com"] [uri "/backups/www.sql"] [unique_id "aakX6e23p8PBB5XJyi2J2gAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2026-03-04 10:56:16 (3 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2026-03-04 10:39:20 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.216 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 04 05:39:07.084070 2026] [security2:error] [pid 3972:tid 3972] [client 85.203.47.216:51633] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|matteozacchino.dev\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "matteozacchino.dev"] [uri "/restore/sql.sql"] [unique_id "aagLyy82kLb9R_57THVHSgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-27 18:43:04 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.216 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 13:42:50.802628 2026] [security2:error] [pid 26581:tid 26581] [client 85.203.47.216:60503] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|barnesandbrower.com\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "barnesandbrower.com"] [uri "/restore/wallet.dat"] [unique_id "aaHlqmh2mKHxFYFMZ5s93gAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 87 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 117.34.85.185

🇮🇩 103.117.57.106

🇯🇵 60.126.222.50

🇳🇱 45.148.10.183

🇸🇬 45.82.78.106

🇺🇸 45.56.111.60

🇨🇳 222.92.61.242

🇸🇬 212.73.148.30

🇺🇸 147.185.132.235

🇳🇱 108.61.198.30

🇲🇩 89.35.14.14

🇬🇧 81.19.219.248

🇰🇷 59.24.133.197

🇶🇦 37.211.3.143

🇫🇷 37.60.247.32

🇦🇺 20.227.141.208

🇺🇸 165.1.75.106

🇧🇩 123.49.38.114

🇰🇷 112.216.108.62

🇸🇬 103.250.11.116