JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.109.222.22

103.109.222.22 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 73%: ?

73%

ISP	Angrow Netcomm Pvt. Ltd
Usage Type	Fixed Line ISP
ASN	AS151690
Domain Name	fab5network.com
Country	🇮🇳 India
City	Kolkata, West Bengal

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.109.222.22

Whois 103.109.222.22

IP Abuse Reports for 103.109.222.22:

This IP address has been reported a total of 28 times from 17 distinct sources. 103.109.222.22 was first reported on May 28th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-07 08:08:38 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇫🇷 masterguru	2026-06-07 03:44:10 (1 week ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇩🇪 rh24	2026-06-07 03:03:33 (1 week ago)	(xmlrpc_405) XMLRPC-Bot 405 103.109.222.22 (IN/India/-)	Hacking
🇺🇸 TPI-Abuse	2026-06-05 14:18:31 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.109.222.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.109.222.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 10:18:24.279396 2026] [security2:error] [pid 12471:tid 12471] [client 103.109.222.22:51228] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.109.222.22 (+1 hits since last alert)\|pharmaceuticalsalescertifications.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pharmaceuticalsalescertifications.com"] [uri "/xmlrpc.php"] [unique_id "aiLasKd42UQNCMlrAJDPmwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-05 12:45:19 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-05 02:06:51 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.109.222.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.109.222.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 22:06:45.072633 2026] [security2:error] [pid 18369:tid 18369] [client 103.109.222.22:55645] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.109.222.22 (+1 hits since last alert)\|riser-astrology.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "riser-astrology.com"] [uri "/xmlrpc.php"] [unique_id "aiIvNdRjwYhYe46lTCuusgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 alferez	2026-06-04 15:51:44 (1 week ago)	Multiple WP Login Attack	Brute-Force
🇺🇸 lostswordfish.com	2026-06-04 11:14:04 (1 week ago)	Wordfence waf block on pameganslaw	Web App Attack
Anonymous	2026-06-04 07:30:16 (1 week ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-03 13:34:39 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.109.222.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.109.222.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 09:34:32.389076 2026] [security2:error] [pid 3728:tid 3728] [client 103.109.222.22:61788] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.109.222.22 (+1 hits since last alert)\|ucommsi.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ucommsi.com"] [uri "/xmlrpc.php"] [unique_id "aiAtaOSHaLEdFKpqHR8f6gAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 bittiguru.fi	2026-06-03 13:26:36 (1 week ago)	103.109.222.22 - [03/Jun/2026:16:26:25 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by Wo ... show more 103.109.222.22 - [03/Jun/2026:16:26:25 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com" "-" 103.109.222.22 - [03/Jun/2026:16:26:35 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)" "-" ... show less	Hacking Brute-Force Web App Attack
🇫🇮 bittiguru.fi	2026-06-03 13:11:22 (1 week ago)	103.109.222.22 - [03/Jun/2026:16:11:12 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "WordPress.com ... show more 103.109.222.22 - [03/Jun/2026:16:11:12 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "WordPress.com; https://wordpress.com" "-" 103.109.222.22 - [03/Jun/2026:16:11:22 +0300] "POST /xmlrpc.php HTTP/1.1" 200 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)" "-" ... show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 11:42:15 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 103.109.222.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 103.109.222.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 07:42:08.533776 2026] [security2:error] [pid 24456:tid 24456] [client 103.109.222.22:61358] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 103.109.222.22 (+1 hits since last alert)\|my-spec.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "my-spec.com"] [uri "/xmlrpc.php"] [unique_id "aiATEMrvk7uKWZrjaS0kjgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-03 04:22:15 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/-	Web App Attack
Anonymous	2026-06-03 01:34:40 (1 week ago)	Attac	Brute-Force

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 138.68.78.61

🇺🇸 109.105.209.17

🇩🇪 69.5.169.117

🇲🇽 187.191.2.214

🇮🇳 139.59.59.165

🇫🇷 91.196.152.35

🇫🇷 85.217.140.45

🇱🇹 81.30.98.44

🇬🇪 2.57.217.229

🇳🇱 185.242.226.18

🇷🇺 176.109.67.69

🇩🇪 162.158.86.101

🇺🇸 147.185.132.191

🇧🇬 78.128.114.162

🇳🇱 45.142.193.169

🇨🇳 36.134.208.91

🇸🇬 8.222.209.182

🇬🇧 217.146.80.109

🇩🇪 213.209.159.238

🇩🇪 130.12.182.140