JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.237.212.164

85.237.212.164 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 41%: ?

41%

ISP	LIVAPROXY YAZILIM TICARET LIMITED SIRKETI
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	livaproxy.com
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.237.212.164

Whois 85.237.212.164

IP Abuse Reports for 85.237.212.164:

This IP address has been reported a total of 26 times from 11 distinct sources. 85.237.212.164 was first reported on April 11th 2026, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 conseilgouz	2026-06-21 00:54:50 (7 hours ago)	vew-(visforms) : try to access forms...	Hacking
🇺🇸 TPI-Abuse	2026-06-12 21:58:51 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 17:58:46.422201 2026] [security2:error] [pid 31722:tid 31722] [client 85.237.212.164:25235] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|charityroast.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "charityroast.net"] [uri "/license.txt"] [unique_id "aiyBFgCfTI-MZgHFshEOCQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 21:25:50 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 17:25:46.307004 2026] [security2:error] [pid 15367:tid 15367] [client 85.237.212.164:25529] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|www.adj-tech.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "www.adj-tech.net"] [uri "/license.txt"] [unique_id "aix5WrsGM3e0kKOW-yRnfwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 20:26:02 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:25:58.828803 2026] [security2:error] [pid 20487:tid 20487] [client 85.237.212.164:29587] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|rahjx.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "rahjx.net"] [uri "/license.txt"] [unique_id "aixrVkuXdAaLPN5qK6r-7QAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 19:48:35 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 15:48:28.439228 2026] [security2:error] [pid 17947:tid 17947] [client 85.237.212.164:47445] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|citati.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "citati.net"] [uri "/license.txt"] [unique_id "aixijFx3p9hESfs_PdwAtwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 19:23:14 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 15:23:08.105384 2026] [security2:error] [pid 13472:tid 13472] [client 85.237.212.164:53971] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|advancedmotorsports.com\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "advancedmotorsports.com"] [uri "/license.txt"] [unique_id "aixcnD_PCjKmjoW_g2Eh2gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 18:50:20 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 14:50:12.194990 2026] [security2:error] [pid 1779:tid 1779] [client 85.237.212.164:38805] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|militaryordnance.com\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "militaryordnance.com"] [uri "/license.txt"] [unique_id "aixU5C-LF9o7LLi51bv8rQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-09 19:03:34 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇩🇪 todix	2026-06-09 17:31:53 (1 week ago)	WebAttack or semilar from 85.237.212.164	Web App Attack
🇺🇸 donarev419	2026-06-08 05:43:50 (1 week ago)	Connection to port 80 with data transfer. Data preview: GET / HTTP/1.0 User-Agent: masscan/1.3 (htt ... show more Connection to port 80 with data transfer. Data preview: GET / HTTP/1.0 User-Agent: masscan/1.3 (https://github.com/robertdavidgraham/masscan) Accept: / show less	Port Scan Hacking
🇬🇧 consul.to	2026-05-31 18:23:23 (2 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-05-27 03:13:40 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 conseilgouz	2026-05-24 10:29:05 (3 weeks ago)	vew-(visforms) : try to access forms...	Hacking
🇬🇧 consul.to	2026-05-15 12:45:25 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-05-10 00:45:09 (1 month ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.190.216.105

🇩🇪 155.117.127.214

🇧🇷 187.49.63.41

🇩🇪 140.248.36.55

🇮🇩 110.239.95.16

🇫🇷 85.217.140.23

🇺🇸 65.49.1.10

🇳🇱 45.148.10.157

🇯🇵 14.137.237.192

🇩🇪 2602:fb54:1e00::1e7

🇬🇪 195.54.179.244

🇬🇧 185.216.145.184

🇨🇳 182.43.164.191

🇺🇸 159.223.144.213

🇺🇸 159.223.132.86

🇮🇳 111.235.66.253

🇨🇳 111.38.30.39

🇪🇸 88.20.24.71

🇱🇹 81.30.98.158

🇳🇱 45.148.10.147