JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 31.22.118.90

31.22.118.90 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 82%: ?

82%

ISP	Michael Vassileiou trading as DATAHOST
Usage Type	Data Center/Web Hosting/Transit
ASN	AS215161
Hostname(s)	server2.gili.gr
Domain Name	datahost.gr
Country	🇬🇷 Greece
City	Alimos, Attica

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 31.22.118.90

Whois 31.22.118.90

IP Abuse Reports for 31.22.118.90:

This IP address has been reported a total of 29 times from 13 distinct sources. 31.22.118.90 was first reported on June 12th 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-13 05:30:38 (4 hours ago)	(mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 3 ... show more (mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 01:30:32.033892 2026] [security2:error] [pid 9289:tid 9289] [client 31.22.118.90:48830] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|clipper1970.com.jimgrenier.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "clipper1970.com.jimgrenier.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aizq-IAK-oWGhL6_a7m5KwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 taivas.nl	2026-06-13 04:32:33 (5 hours ago)	Many_bad_calls	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 23:07:31 (10 hours ago)	(mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 3 ... show more (mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 19:07:28.349156 2026] [security2:error] [pid 3005:tid 3005] [client 31.22.118.90:53840] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|zacharypowers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "zacharypowers.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiyRMMFWkXI-mE2t2E9r-wAAAAI"], referer: http://zacharypowers.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 22:41:47 (11 hours ago)	(mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 3 ... show more (mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 18:41:42.273391 2026] [security2:error] [pid 5376:tid 5376] [client 31.22.118.90:44182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|add-a-heading.xyz\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "add-a-heading.xyz"] [uri "/wp-json/wp/v2/users"] [unique_id "aiyLJr3t9PUvmNfqGc0DNAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 YF	2026-06-12 22:00:13 (12 hours ago)	WordPress author enumeration	Web App Attack
🇩🇪 4server	2026-06-12 21:42:53 (12 hours ago)	[FriJun1223:42:51.5592762026][security2:error][pid134076:tid134151][client31.22.118.90:0]ModSecurity ... show more [FriJun1223:42:51.5592762026][security2:error][pid134076:tid134151][client31.22.118.90:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"wp.aaaa6877.org\"][uri\"/xmlrpc.php\"][unique_id\"aix9W6B6PKKwse1Fy6reXgAAAIw\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 21:05:36 (12 hours ago)	(mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 3 ... show more (mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 17:05:30.019106 2026] [security2:error] [pid 11441:tid 11441] [client 31.22.118.90:50216] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lysedzija.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lysedzija.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aix0mjmezwQRXTCGMQZV9QAAACM"], referer: https://lysedzija.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Vianpyro	2026-06-12 20:49:11 (13 hours ago)	Honeypot: 6 request(s) in 123 min. Paths: /, /graphql, /feed/. Method(s): GET,POST. UA: Mozilla/5.0 ... show more Honeypot: 6 request(s) in 123 min. Paths: /, /graphql, /feed/. Method(s): GET,POST. UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko). ASN: 215161 (Michael Vassileiou trading as DATAHOST). show less	Web App Attack Bad Web Bot Hacking
🇺🇸 TPI-Abuse	2026-06-12 20:45:05 (13 hours ago)	(mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 3 ... show more (mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:44:57.094639 2026] [security2:error] [pid 26430:tid 26430] [client 31.22.118.90:44300] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|greenlight.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "greenlight.us"] [uri "/wp-json/wp/v2/users"] [unique_id "aixvyTHxg74En9nI1s5K4wAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-06-12 20:39:47 (13 hours ago)	mareeshefford.com:443 31.22.118.90 - - [13/Jun/2026:06:39:45 +1000] "GET /?author=3 HTTP/1.1" 404 50 ... show more mareeshefford.com:443 31.22.118.90 - - [13/Jun/2026:06:39:45 +1000] "GET /?author=3 HTTP/1.1" 404 5079 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 20:19:51 (13 hours ago)	(mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 3 ... show more (mod_security) mod_security (id:225170) triggered by 31.22.118.90 (server2.gili.gr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:19:45.077727 2026] [security2:error] [pid 18287:tid 18287] [client 31.22.118.90:60378] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|prostar.industries\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "prostar.industries"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aixp4SabXBRCUmhFsPom2gAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 polycoda	2026-06-12 20:06:01 (13 hours ago)	🔑 Wordpress login brute force attempt	Hacking Web App Attack
🇺🇸 mnsf	2026-06-12 20:05:40 (13 hours ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇺🇸 omc	2026-06-12 20:01:23 (14 hours ago)	Unauthorized file [PP]	Bad Web Bot
🇺🇸 ph	2026-06-12 19:43:53 (14 hours ago)	Bad web bot attempting to run wp-json on non-WP site	Hacking Bad Web Bot Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 165.154.206.204

🇭🇰 101.36.106.78

🇳🇱 45.148.10.134

🇰🇿 212.154.234.9

🇷🇴 193.32.162.16

🇮🇳 182.95.120.178

🇷🇺 176.120.22.113

🇳🇱 176.65.148.44

🇺🇸 172.90.128.97

🇵🇭 124.217.97.190

🇸🇬 118.194.235.16

🇿🇦 105.12.4.232

🇸🇬 103.189.234.96

🇧🇩 103.115.158.32

🇮🇩 103.99.214.130

🇳🇱 91.92.40.18

🇯🇪 87.244.85.163

🇮🇪 52.169.217.131

🇺🇸 44.255.12.169

🇸🇬 43.134.238.108