JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 109.199.104.4

109.199.104.4 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 59%: ?

59%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3105970.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 109.199.104.4

Whois 109.199.104.4

IP Abuse Reports for 109.199.104.4:

This IP address has been reported a total of 10 times from 9 distinct sources. 109.199.104.4 was first reported on June 26th 2026, and the most recent report was 11 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 poundawebsiteltd	2026-06-26 05:50:10 (11 minutes ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 109.199.104.4 - - [26/Jun/2026:06:50:04 +0100] P ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 109.199.104.4 - - [26/Jun/2026:06:50:04 +0100] POST /wp-login.php HTTP/2.0 200 5415 https://[REDACTED_DOMAIN]/wp-login.php Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 05:48:45 (12 minutes ago)	(mod_security) mod_security (id:225170) triggered by 109.199.104.4 (vmi3105970.contaboserver.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 109.199.104.4 (vmi3105970.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 01:48:37.787700 2026] [security2:error] [pid 26304:tid 26304] [client 109.199.104.4:39308] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|midcityrotary.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "midcityrotary.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aj4StfjCWZ_0U94GyS_HjAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 cwytech	2026-06-26 05:45:48 (15 minutes ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wordpress-login-lockdown-high.	Bad Web Bot Web App Attack
🇲🇹 Malta	2026-06-26 05:42:25 (18 minutes ago)	109.199.104.4 - - [26/Jun/2026:07:42:25 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more 109.199.104.4 - - [26/Jun/2026:07:42:25 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇺🇸 lostswordfish.com	2026-06-26 05:32:05 (29 minutes ago)	Wordfence waf block on robdarnell	Web App Attack
🇺🇸 nationaleventpros.com	2026-06-26 05:04:54 (56 minutes ago)	WordPress login attempt	Brute-Force
Anonymous	2026-06-26 04:53:25 (1 hour ago)	109.199.104.4 - - [26/Jun/2026:06:53:20 +0200] "GET /wp-login.php HTTP/2.0" 200 4000 "-" "Mozilla/5. ... show more 109.199.104.4 - - [26/Jun/2026:06:53:20 +0200] "GET /wp-login.php HTTP/2.0" 200 4000 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0" ... show less	Web App Attack
🇩🇪 FeG Deutschland	2026-06-26 04:37:59 (1 hour ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 04:19:46 (1 hour ago)	(mod_security) mod_security (id:225170) triggered by 109.199.104.4 (vmi3105970.contaboserver.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 109.199.104.4 (vmi3105970.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 00:19:40.351842 2026] [security2:error] [pid 7272:tid 7307] [client 109.199.104.4:33646] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.dontbeajerklikeyourwork.com.teritemme.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dontbeajerklikeyourwork.com.teritemme.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aj393O6oybm97-yF8I_IcQAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 expandmade.com	2026-06-26 04:18:47 (1 hour ago)	unauthorized rest api call [26/Jun/2026:04:18:47 "GET /wp-json/wp/v2/users/me"]	Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.193

🇧🇼 168.167.228.123

🇺🇸 71.6.240.19

🇨🇳 220.180.171.157

🇺🇸 217.148.142.94

🇨🇬 197.157.252.162

🇲🇿 196.28.226.125

🇵🇱 194.180.49.217

🇩🇪 193.124.20.235

🇲🇽 189.217.130.86

🇧🇷 187.8.120.90

🇧🇷 186.239.41.74

🇫🇷 185.182.186.243

🇨🇦 178.93.201.244

🇨🇦 178.93.201.240

🇨🇦 178.93.201.237

🇨🇦 178.93.201.200

🇨🇦 178.93.201.189

🇨🇦 178.93.201.172

🇨🇦 178.93.201.166