JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 109.235.48.224

109.235.48.224 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 46%: ?

46%

ISP	Ultahost, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS214036
Domain Name	ultahost.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 109.235.48.224

Whois 109.235.48.224

IP Abuse Reports for 109.235.48.224:

This IP address has been reported a total of 19 times from 11 distinct sources. 109.235.48.224 was first reported on March 23rd 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 [email protected]	2026-06-12 14:47:18 (1 week ago)	[Fri Jun 12 16:47:17.470941 2026] [proxy_fcgi:error] [pid 2878452:tid 2878573] [client 109.235.48.22 ... show more [Fri Jun 12 16:47:17.470941 2026] [proxy_fcgi:error] [pid 2878452:tid 2878573] [client 109.235.48.224:61933] AH01071: Got error "Primary script unknown" show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 11:58:32 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:58:25.201860 2026] [security2:error] [pid 17516:tid 17516] [client 109.235.48.224:55615] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.235.48.224 (+1 hits since last alert)\|midwayisland.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "midwayisland.com"] [uri "/xmlrpc.php"] [unique_id "aiv0YRGdYYPGeeJex6Y0XAAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 11:28:11 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:28:05.628357 2026] [security2:error] [pid 4757:tid 4757] [client 109.235.48.224:60422] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.235.48.224 (+1 hits since last alert)\|jonasrimkunas.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jonasrimkunas.com"] [uri "/xmlrpc.php"] [unique_id "aivtRcQSFLmeWdT5bzDXqAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 09:53:11 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 05:53:08.574972 2026] [security2:error] [pid 16686:tid 16686] [client 109.235.48.224:58469] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.235.48.224 (+1 hits since last alert)\|futuresgrowhere.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "futuresgrowhere.com"] [uri "/xmlrpc.php"] [unique_id "aivXBJ6HgIuANK3dpCzh5wAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-11 16:39:45 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇯🇵 demonsword	2026-06-10 12:36:13 (1 week ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: 82.22.5.24:25565 show less	Open Proxy Port Scan
🇺🇸 TPI-Abuse	2026-06-09 11:46:44 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 07:46:36.178676 2026] [security2:error] [pid 23813:tid 23813] [client 109.235.48.224:57673] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.235.48.224 (+1 hits since last alert)\|agworldmissions.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "agworldmissions.org"] [uri "/xmlrpc.php"] [unique_id "aif9HIZ8r1WmXC-LRHBweAAAAC0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 16:22:19 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 12:22:11.855839 2026] [security2:error] [pid 10838:tid 10923] [client 109.235.48.224:60033] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.235.48.224 (+1 hits since last alert)\|greaternorthmiamihistory.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "greaternorthmiamihistory.org"] [uri "/xmlrpc.php"] [unique_id "aibsM4EIzUo_sHBIfuSMmQAAAcw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 11:54:47 (1 week ago)	Attac	Brute-Force
🇫🇷 masterguru	2026-06-07 09:12:39 (2 weeks ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TPI-Abuse	2026-06-06 12:10:50 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 08:10:45.960845 2026] [security2:error] [pid 10408:tid 10408] [client 109.235.48.224:49780] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.235.48.224 (+1 hits since last alert)\|fractalsky.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fractalsky.com"] [uri "/xmlrpc.php"] [unique_id "aiQORZ-1NErMXXVslBRkcAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-06 11:36:23 (2 weeks ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 16:10:05 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 109.235.48.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 12:09:57.107310 2026] [security2:error] [pid 26624:tid 26624] [client 109.235.48.224:58947] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.235.48.224 (+1 hits since last alert)\|talentstar.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "talentstar.com"] [uri "/xmlrpc.php"] [unique_id "aiL01ahgfP5kBbhHWkqozgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 francoisunix	2026-06-05 16:06:56 (2 weeks ago)	109.235.48.224 - - [05/Jun/2026:16:06:12 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12. ... show more 109.235.48.224 - - [05/Jun/2026:16:06:12 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.5; WordPress/6.1; http://site61259947.com" 109.235.48.224 - - [05/Jun/2026:16:06:22 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack/12.0; WordPress/6.3; http://site47808678.com" 109.235.48.224 - - [05/Jun/2026:16:06:32 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com" 109.235.48.224 - - [05/Jun/2026:16:06:43 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" 109.235.48.224 - - [05/Jun/2026:16:06:53 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)" ... show less	Web App Attack
Anonymous	2026-06-05 15:37:10 (2 weeks ago)	(wordpress) Failed wordpress login from 109.235.48.224 (-)	Brute-Force

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 123.58.198.35

🇳🇱 217.60.195.72

🇦🇪 152.32.180.138

🇳🇱 89.21.67.178

🇫🇷 85.217.140.32

🇸🇰 37.9.175.195

🇺🇸 216.180.246.233

🇳🇱 204.76.203.219

🇳🇱 176.65.149.212

🇻🇳 125.212.244.35

🇰🇷 106.251.244.178

🇩🇪 92.113.23.232

🇬🇧 81.19.219.237

🇳🇱 45.148.10.157

🇳🇱 45.148.10.147

🇺🇸 44.112.147.98

🇨🇳 220.194.128.211

🇧🇷 205.210.31.202

🇧🇷 177.97.177.167

🇺🇸 134.122.21.135