JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.237.212.188

85.237.212.188 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 60%: ?

60%

ISP	LIVAPROXY YAZILIM TICARET LIMITED SIRKETI
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	livaproxy.com
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.237.212.188

Whois 85.237.212.188

IP Abuse Reports for 85.237.212.188:

This IP address has been reported a total of 34 times from 18 distinct sources. 85.237.212.188 was first reported on March 30th 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-20 11:05:50 (6 hours ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇩🇪 conseilgouz	2026-06-13 00:38:38 (1 week ago)	vew-(visforms) : try to access forms...	Hacking
🇺🇸 TPI-Abuse	2026-06-12 22:03:47 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 18:03:43.629732 2026] [security2:error] [pid 27915:tid 27915] [client 85.237.212.188:62053] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|oculaser.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "oculaser.net"] [uri "/license.txt"] [unique_id "aiyCP_Sb2FyrV23DFdbOyAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 21:35:10 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 17:35:04.863866 2026] [security2:error] [pid 7808:tid 7808] [client 85.237.212.188:29201] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|activethinkers.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "activethinkers.net"] [uri "/license.txt"] [unique_id "aix7iCLBq0F9CfNLEA_cdAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-12 20:19:58 (1 week ago)	[FriJun1222:19:53.5436212026][security2:error][pid1753700:tid1753860][client85.237.212.188:0]ModSecu ... show more [FriJun1222:19:53.5436212026][security2:error][pid1753700:tid1753860][client85.237.212.188:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:n\(\?:-stealth\\|sauditor\\|e\(\?:ssus\\|etwork-services-auditor\)\\|ikto\\|map\)\\|b\(\?:lack\?widow\\|rutus\\|ilbo\)\\|web\(\?:inspec\\|roo\)t\\|p\(\?:mafind\\|aros\\|avuk\)\\|cgichk\\|jaascois\\|\\\\\\\\.nasl\\|metis\\|w\(\?:ebtrendssecurityanalyzer\\|hcc\\|3af\\\\\\\\.sourceforge\\\\\\\\.net\)\\|\\\\\\\\bzmeu\\\\\\\\b\\|springenwerk\\|...\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"184\"][id\"330034\"][rev\"14\"][msg\"Atomicorp.comWAFRules:UnauthorizedVulnerabilityScannerdetected\"][data\"paros\"][severity\"CRITICAL\"][hostname\"hosting-e-domini.net\"][uri\"/license.txt\"][unique_id\"aixp6U6aovKnvAT-BBKn8wAAAAE\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 20:00:27 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:00:18.748171 2026] [security2:error] [pid 2254:tid 2254] [client 85.237.212.188:64999] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|jaojoco.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "jaojoco.net"] [uri "/license.txt"] [unique_id "aixlUj76EJivkNRLPtIhEQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 19:25:10 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 15:25:06.133930 2026] [security2:error] [pid 20090:tid 20090] [client 85.237.212.188:37877] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|www.robcohn.com\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "www.robcohn.com"] [uri "/license.txt"] [unique_id "aixdElokGxJmlfhtPt6i3QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 18:30:03 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.188 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 14:29:56.685972 2026] [security2:error] [pid 3937:tid 3943] [client 85.237.212.188:21291] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|sattraffic.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "sattraffic.net"] [uri "/license.txt"] [unique_id "aixQJCeDFbJmsnNlmdVrLQAAAQE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 i-turnradio.nl	2026-06-12 18:11:44 (1 week ago)	2026-06-12 @ 20:11:43 (CET) ~ Blocked for trying to access: /license.txt	Web App Attack
🇩🇪 FeG Deutschland	2026-06-09 19:03:47 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇩🇪 todix	2026-06-09 17:31:23 (1 week ago)	WebAttack or semilar from 85.237.212.188	Web App Attack
🇨🇭 backslash	2026-06-02 15:42:01 (2 weeks ago)	block ruleset 1E8A9918B1655D0828F2EEF05553DD2681055C9A	Web Spam
🇬🇧 consul.to	2026-05-31 18:23:32 (2 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-05-26 22:04:38 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇦🇺 oncord	2026-05-24 13:55:23 (3 weeks ago)	Form spam	Web Spam

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2602:80d:1008::9d

🇺🇸 192.178.119.220

🇻🇳 171.244.61.79

🇫🇮 147.185.133.241

🇸🇦 143.92.232.191

🇫🇷 85.217.140.33

🇱🇹 45.227.254.170

🇬🇧 213.166.84.52

🇺🇸 207.90.244.28

🇨🇦 142.198.117.85

🇲🇦 105.156.11.5

🇫🇷 85.217.140.3

🇯🇵 45.192.198.28

🇺🇸 45.79.54.163

🇺🇸 43.110.38.5

🇺🇸 108.171.195.174

🇺🇸 64.62.156.80

🇷🇺 217.150.72.111

🇬🇧 198.244.168.184

🇳🇱 193.176.31.243