JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.237.212.26

85.237.212.26 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 58%: ?

58%

ISP	LIVAPROXY YAZILIM TICARET LIMITED SIRKETI
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	livaproxy.com
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.237.212.26

Whois 85.237.212.26

IP Abuse Reports for 85.237.212.26:

This IP address has been reported a total of 31 times from 14 distinct sources. 85.237.212.26 was first reported on March 30th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 oncord	2026-06-13 01:22:14 (1 hour ago)	Form spam	Web Spam
🇩🇪 conseilgouz	2026-06-13 00:38:41 (1 hour ago)	vew-(visforms) : try to access forms...	Hacking
🇺🇸 TPI-Abuse	2026-06-12 21:59:57 (4 hours ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 17:59:49.958335 2026] [security2:error] [pid 11600:tid 11634] [client 85.237.212.26:63153] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|coloradosellers.com\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "coloradosellers.com"] [uri "/license.txt"] [unique_id "aiyBVdA28b1VHgZHRbJ5RwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 21:18:11 (5 hours ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 17:18:04.328364 2026] [security2:error] [pid 13958:tid 13958] [client 85.237.212.26:26299] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|m2pg.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "m2pg.net"] [uri "/license.txt"] [unique_id "aix3jKKH8p9XZpgTFziFYAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 21:01:16 (5 hours ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 17:01:12.272379 2026] [security2:error] [pid 19559:tid 19559] [client 85.237.212.26:35987] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|hi-niemczuras.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "hi-niemczuras.net"] [uri "/license.txt"] [unique_id "aixzmIRkkZTUP7Efbg3bdgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 20:23:41 (6 hours ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:23:33.408185 2026] [security2:error] [pid 7143:tid 7143] [client 85.237.212.26:30791] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|toomuchcaffeine.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "toomuchcaffeine.net"] [uri "/license.txt"] [unique_id "aixqxaFtOq2lbz41nQa8PAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 20:02:44 (6 hours ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:02:39.569255 2026] [security2:error] [pid 11554:tid 11554] [client 85.237.212.26:41551] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|nomorenicenice.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "nomorenicenice.net"] [uri "/license.txt"] [unique_id "aixl32PkcED8R-HMEaD1ngAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 19:34:58 (6 hours ago)	(mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210801) triggered by 85.237.212.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 15:34:52.861163 2026] [security2:error] [pid 23266:tid 23266] [client 85.237.212.26:54293] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|apsni.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "apsni.net"] [uri "/license.txt"] [unique_id "aixfXEwyU5aDFhrlnwDTSwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-09 19:03:48 (3 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇩🇪 todix	2026-06-09 17:31:53 (3 days ago)	WebAttack or semilar from 85.237.212.26	Web App Attack
🇸🇪 SkyDancer	2026-06-07 07:39:35 (5 days ago)	Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by Sk ... show more Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-Vx show less	Hacking Brute-Force SSH
🇦🇺 oncord	2026-06-02 15:35:40 (1 week ago)	Form spam	Web Spam
🇬🇧 consul.to	2026-05-31 18:23:28 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-05-26 22:04:08 (2 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇦🇺 oncord	2026-05-24 11:12:48 (2 weeks ago)	Form spam	Web Spam

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.75

🇩🇪 69.5.169.92

🇫🇷 62.171.136.158

🇱🇹 45.227.254.170

🇭🇰 36.255.220.145

🇬🇧 35.203.210.155

🇮🇷 2.180.149.86

🇬🇧 193.163.125.103

🇺🇸 193.3.53.3

🇧🇷 190.115.84.25

🇲🇽 187.212.10.12

🇧🇴 177.222.98.122

🇵🇰 175.107.2.37

🇵🇰 160.187.180.175

🇸🇬 101.47.8.187

🇪🇸 80.103.53.84

🇧🇷 45.205.1.241

🇸🇾 37.48.151.251

🇧🇪 34.22.190.43

🇺🇸 18.119.209.50