JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 109.120.156.6

109.120.156.6 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 0%: ?

ISP	AEZA GROUP LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS210644
Hostname(s)	reserved-by-avm.ptr.network
Domain Name	aeza.ru
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 109.120.156.6

Whois 109.120.156.6

IP Abuse Reports for 109.120.156.6:

This IP address has been reported a total of 27 times from 14 distinct sources. 109.120.156.6 was first reported on July 8th 2024, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 octageeks.com	2024-10-20 04:06:27 (1 year ago)	Wordpress malicious attack:[octawp]	Web App Attack
🇺🇸 octageeks.com	2024-10-18 04:06:27 (1 year ago)	Wordpress malicious attack:[octawp]	Web App Attack
🇺🇸 octageeks.com	2024-10-17 04:06:27 (1 year ago)	Wordpress malicious attack:[octawp]	Web App Attack
🇺🇸 octageeks.com	2024-10-16 04:06:26 (1 year ago)	Wordpress malicious attack:[octawp]	Web App Attack
🇺🇸 octageeks.com	2024-10-14 04:06:33 (1 year ago)	Wordpress malicious attack:[octawp]	Web App Attack
🇺🇸 TPI-Abuse	2024-10-13 14:21:02 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 10:20:58.779187 2024] [security2:error] [pid 5876:tid 5876] [client 109.120.156.6:49864] [client 109.120.156.6] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.120.156.6 (+1 hits since last alert)\|ardath.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ardath.net"] [uri "/xmlrpc.php"] [unique_id "ZwvXSnFkuj-W-LEwiPiqkQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-10-13 13:52:06 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 09:51:59.655623 2024] [security2:error] [pid 26990:tid 26990] [client 109.120.156.6:49936] [client 109.120.156.6] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.120.156.6 (+1 hits since last alert)\|www.hotpay.co\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.hotpay.co"] [uri "/xmlrpc.php"] [unique_id "ZwvQf37bWhIJi2gaStdTuwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-10-13 12:57:05 (1 year ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2024-10-13 12:50:56 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 08:50:51.710112 2024] [security2:error] [pid 18856:tid 18856] [client 109.120.156.6:55226] [client 109.120.156.6] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.120.156.6 (+1 hits since last alert)\|grabagame.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "grabagame.com"] [uri "/xmlrpc.php"] [unique_id "ZwvCK3X8gsT-HCFmMdYqYwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 Julio Covolato	2024-10-11 10:05:02 (1 year ago)	Imap or Submission login brute-force attacks.	Brute-Force
🇺🇸 TPI-Abuse	2024-10-11 07:06:57 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 11 03:06:49.829752 2024] [security2:error] [pid 13914:tid 13914] [client 109.120.156.6:53267] [client 109.120.156.6] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.120.156.6 (+1 hits since last alert)\|www.vangentholding.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.vangentholding.com"] [uri "/xmlrpc.php"] [unique_id "ZwjOiZcw7-Fiiilb8RdiPwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-10-11 03:42:56 (1 year ago)	Ports: 25,110,143,993,995; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇷🇸 Smel	2024-10-11 01:49:02 (1 year ago)	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	Email Spam Hacking Brute-Force
🇩🇪 dihost	2024-10-11 00:39:50 (1 year ago)	(smtpauth) Failed SMTP AUTH login from 109.120.156.6 (SE/Sweden/shut-egg.aeza.network): 5 in the las ... show more (smtpauth) Failed SMTP AUTH login from 109.120.156.6 (SE/Sweden/shut-egg.aeza.network): 5 in the last 3600 secs show less	Brute-Force
🇺🇸 TPI-Abuse	2024-10-11 00:22:54 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 109.120.156.6 (shut-egg.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 10 20:22:48.999383 2024] [security2:error] [pid 28828:tid 28828] [client 109.120.156.6:35233] [client 109.120.156.6] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.120.156.6 (+1 hits since last alert)\|www.healingworksmassage.studio\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.healingworksmassage.studio"] [uri "/xmlrpc.php"] [unique_id "Zwhv2Hi52W48MoR7UrXfrgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.23.223.168

🇮🇳 202.9.122.13

🇬🇧 185.216.145.181

🇺🇸 104.243.35.45

🇫🇷 85.217.140.43

🇺🇸 66.154.109.226

🇮🇪 54.78.136.45

🇭🇰 47.238.136.107

🇺🇸 35.209.96.157

🇺🇸 15.204.184.105

🇮🇪 3.252.249.107

🇮🇪 2a05:d018:10df:d400:7287:8819:8bfc:bf04

🇺🇸 195.184.76.21

🇳🇱 160.119.69.14

🇨🇳 117.50.51.198

🇨🇳 111.39.190.137

🇨🇳 110.185.173.167

🇺🇸 104.43.131.157

🇯🇵 103.143.72.165

🇲🇰 79.125.162.32