JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 109.104.153.22

109.104.153.22 was found in our database!

This IP was reported 834 times. Confidence of Abuse is 0%: ?

ISP	oneprovider.com - Amsterdam Infrastructure
Usage Type	Data Center/Web Hosting/Transit
ASN	AS136258
Domain Name	oneprovider.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 109.104.153.22

Whois 109.104.153.22

IP Abuse Reports for 109.104.153.22:

This IP address has been reported a total of 834 times from 188 distinct sources. 109.104.153.22 was first reported on August 7th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 oncord	2026-02-24 02:14:12 (4 months ago)	Form spam	Web Spam
🇪🇸 gnom4ik	2026-02-21 01:05:15 (4 months ago)	ban-reviewer auto report; ip=109.104.153.22; scenario=http:scan; verdict=valid_ban; confidence=0.85; ... show more ban-reviewer auto report; ip=109.104.153.22; scenario=http:scan; verdict=valid_ban; confidence=0.85; categories=14,15,18; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=http:scan scenario detected; port scan category (14) applicable; repeated abuse patterns in lookback window show less	Port Scan Hacking Brute-Force
🇺🇸 Ar1s	2026-02-10 12:49:58 (4 months ago)	[1:2522000] ET TOR Known Tor Relay/Router (Not Exit) Node Traffic ::: Port: 443/TCP	Exploited Host
🇺🇸 Gabriel Camargo	2026-02-10 09:36:43 (4 months ago)	109.104.153.22 - - [10/Feb/2026:04:36:41 -0500] "POST /php.exe?%ADd+cgi.force_redirect%3D0+%ADd+cgi. ... show more 109.104.153.22 - - [10/Feb/2026:04:36:41 -0500] "POST /php.exe?%ADd+cgi.force_redirect%3D0+%ADd+cgi.redirect_status_env%3D0+%ADd+fastcgi.impersonate%3D1+%ADd+open_basedir%3D+%ADd+disable_functions%3D+%ADd+auto_prepend_file%3Dphp://input+%ADd+allow_url_include%3D1+%ADd+allow_url_fopen%3D1 HTTP/1.1" 404 134 "-" "Mozilla/5.0" 109.104.153.22 - - [10/Feb/2026:04:36:42 -0500] "POST /php/php.exe?%ADd+cgi.force_redirect%3D0+%ADd+cgi.redirect_status_env%3D0+%ADd+fastcgi.impersonate%3D1+%ADd+open_basedir%3D+%ADd+disable_functions%3D+%ADd+auto_prepend_file%3Dphp://input+%ADd+allow_url_include%3D1+%ADd+allow_url_fopen%3D1 HTTP/1.1" 404 134 "-" "Mozilla/5.0" 109.104.153.22 - - [10/Feb/2026:04:36:42 -0500] "POST /cgi-bin/php.exe?%ADd+cgi.force_redirect%3D0+%ADd+cgi.redirect_status_env%3D0+%ADd+fastcgi.impersonate%3D1+%ADd+open_basedir%3D+%ADd+disable_functions%3D+%ADd+auto_prepend_file%3Dphp://input+%ADd+allow_url_include%3D1+%ADd+allow_url_fopen%3D1 HTTP/1.1" 404 134 "-" "Mozilla/5.0" ... show less	Brute-Force SSH
🇫🇷 Nicolmn	2026-02-08 21:27:15 (4 months ago)	Web form spam ( id ncrn.l )	Web Spam
🇳🇱 homeshowdomain.nl	2026-02-06 22:59:03 (4 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-02-05. show less	Hacking Web App Attack SSH
🇺🇸 oncord	2026-02-04 23:19:04 (4 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-02-04 05:39:51 (4 months ago)	(mod_security) mod_security (id:210350) triggered by 109.104.153.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 109.104.153.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 04 00:39:43.679139 2026] [security2:error] [pid 26944:tid 26944] [client 109.104.153.22:43670] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|artglass-jerusalem.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "artglass-jerusalem.net"] [uri "/xmlrpc.php"] [unique_id "aYLbn92nEn21-oYE0v2VnwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-01-30 13:44:22 (4 months ago)	http-bad-user-agent - IP: 109.104.153.22 - time="2026-01-30T14:44:22+01:00" level=info msg="(555f66 ... show more http-bad-user-agent - IP: 109.104.153.22 - time="2026-01-30T14:44:22+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-bad-user-agent by ip 109.104.153.22 (NL/136258) : 4h ban on Ip 109.104.153.22" module=db show less	Bad Web Bot
🇩🇪 LRob.fr	2026-01-25 08:20:27 (5 months ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇩🇪 LRob.fr	2026-01-24 02:05:35 (5 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-01-23 07:12:39 (5 months ago)	Try to access /xmlrpc.php	Web App Attack
🇩🇪 LRob.fr	2026-01-20 18:20:39 (5 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇵🇱 IROK	2026-01-17 17:56:38 (5 months ago)	Firewall Blocked - Unauthorized Port Scanning ...	Port Scan
🇬🇧 oncord	2026-01-09 17:49:30 (5 months ago)	Form spam	Web Spam

Showing 1 to 15 of 834 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 183.197.75.113

🇧🇷 170.84.56.136

🇿🇦 154.17.153.102

🇺🇸 135.237.127.14

🇨🇳 123.116.141.82

🇺🇸 100.29.192.80

🇺🇸 75.112.23.30

🇧🇷 2a09:bac1:1120:b0::422:52

🇰🇷 221.155.237.108

🇧🇷 192.141.188.142

🇺🇸 152.32.182.41

🇨🇱 136.248.242.166

🇩🇪 130.12.180.65

🇨🇳 106.226.117.189

🇮🇩 103.155.47.50

🇯🇵 43.165.170.198

🇬🇧 35.203.211.107

🇨🇳 223.83.149.197

🇿🇦 154.73.4.144

🇯🇵 152.32.147.106