JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.105.122.219

198.105.122.219 was found in our database!

This IP was reported 72 times. Confidence of Abuse is 0%: ?

ISP	SYN LTD
Usage Type	Fixed Line ISP
ASN	AS64080
Domain Name	syn.uk
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	London, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.105.122.219

Whois 198.105.122.219

IP Abuse Reports for 198.105.122.219:

This IP address has been reported a total of 72 times from 5 distinct sources. 198.105.122.219 was first reported on February 28th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 [email protected]	2026-01-30 01:21:50 (4 months ago)	Attack attempt against Interwebbi servers; Port Scan detected from 198.105.122.219 (GB/United King ... show more Attack attempt against Interwebbi servers; Port Scan detected from 198.105.122.219 (GB/United Kingdom/-). 5 hits in the last 105 seconds; IP: 198.105.122.219; Ports: *; Direction: 0; Trigger: PS_LIMIT; show less	Brute-Force
🇺🇸 TPI-Abuse	2026-01-17 00:14:45 (5 months ago)	(mod_security) mod_security (id:212620) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:212620) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 19:14:29.182297 2026] [security2:error] [pid 17429:tid 17429] [client 198.105.122.219:53239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /ie50/system/login/sysloginuser.aspx?login=denied&uid=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "aWrUZRn25QOiJeZt3CH2MwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 20:33:06 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 15:33:00.423205 2025] [security2:error] [pid 21770:tid 21790] [client 198.105.122.219:48451] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/.env"] [unique_id "aVLlfO1IUNfWG5lsn0GVDAAAAZE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:17:55 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:17:48.068710 2025] [security2:error] [pid 27471:tid 27493] [client 198.105.122.219:60341] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.net\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/windows/win.ini"] [unique_id "aS0zDHLXOKC0tXS7y0knPwAAAIU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 07:47:39 (7 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-11-12 09:31:19 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 04:31:14.934692 2025] [security2:error] [pid 26157:tid 26157] [client 198.105.122.219:34103] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nbcnewsradio.com"] [uri "/footer.php.bak"] [unique_id "aRRT4oAnluBDNMjbu4_nRgAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 12:58:21 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 08:58:17.943828 2025] [security2:error] [pid 14574:tid 14574] [client 198.105.122.219:36037] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.davispickering.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.davispickering.com"] [uri "/\\\\windows/win.ini"] [unique_id "aQIPaYwZA5UmGMi8TzLzDwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 21:07:03 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 198.105.122.219 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 17:06:56.549092 2025] [security2:error] [pid 4769:tid 4769] [client 198.105.122.219:55145] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.deandobkin.com"] [uri "/.env.www"] [unique_id "aNG6cISjh0EGkpvPN6hVWQAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇿🇦 slartybartfast69420blazit	2025-08-14 20:31:50 (10 months ago)	Fail2ban picked up 198.105.122.219 attacking nginx	Web App Attack
🇿🇦 slartybartfast69420blazit	2025-08-13 20:27:34 (10 months ago)	Fail2ban picked up 198.105.122.219 attacking nginx	Web App Attack
🇿🇦 slartybartfast69420blazit	2025-08-12 20:25:22 (10 months ago)	Fail2ban picked up 198.105.122.219 attacking nginx	Web App Attack
🇿🇦 slartybartfast69420blazit	2025-08-11 20:21:42 (10 months ago)	Fail2ban picked up 198.105.122.219 attacking nginx	Web App Attack
🇿🇦 slartybartfast69420blazit	2025-08-09 20:37:46 (10 months ago)	Fail2ban picked up 198.105.122.219 attacking nginx	Web App Attack
🇿🇦 slartybartfast69420blazit	2025-08-08 20:34:47 (10 months ago)	Fail2ban picked up 198.105.122.219 attacking nginx	Web App Attack
🇿🇦 slartybartfast69420blazit	2025-08-07 20:31:54 (10 months ago)	Fail2ban picked up 198.105.122.219 attacking nginx	Web App Attack

Showing 1 to 15 of 72 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 206.221.176.60

🇧🇷 177.61.176.110

🇬🇧 118.193.64.15

🇫🇷 85.217.140.27

🇧🇷 170.254.114.210

🇺🇸 136.35.246.152

🇰🇪 102.210.149.236

🇲🇦 81.192.46.49

🇩🇪 68.183.212.68

🇸🇬 43.160.251.13

🇫🇮 34.88.181.148

🇺🇸 20.190.155.2

🇺🇸 2001:504:105::7

🇨🇱 186.104.151.9

🇷🇴 185.142.217.18

🇺🇸 172.202.117.170

🇺🇸 170.106.174.205

🇫🇮 104.28.165.181

🇧🇬 79.124.56.250

🇺🇸 68.183.30.24