JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 39.154.11.22

39.154.11.22 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 5%: ?

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Hohhot, Inner Mongolia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 39.154.11.22

Whois 39.154.11.22

IP Abuse Reports for 39.154.11.22:

This IP address has been reported a total of 24 times from 6 distinct sources. 39.154.11.22 was first reported on September 6th 2021, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-26 15:48:15 (3 hours ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 11:48:03.957458 2026] [security2:error] [pid 497:tid 497] [client 39.154.11.22:4439] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.panmaneecnc.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.panmaneecnc.com"] [uri "/"] [unique_id "aj6fMy3YWJ1miAS931h-fwAAAAQ"], referer: https://www.panmaneecnc.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 11:22:01 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 07:21:52.301865 2026] [security2:error] [pid 5159:tid 5159] [client 39.154.11.22:6416] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|getlawforms.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "getlawforms.com"] [uri "/"] [unique_id "ajEx0AZkB11GH0C8RJrNTQAAAAE"], referer: http://getlawforms.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 22:20:20 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 18:20:10.826307 2026] [security2:error] [pid 21661:tid 21661] [client 39.154.11.22:19914] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.genevainvestors.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.genevainvestors.com"] [uri "/"] [unique_id "ahduGthR3Gn7OzljY0haPgAAACo"], referer: http://www.genevainvestors.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-24 19:18:04 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 15:17:53.579515 2026] [security2:error] [pid 1195913:tid 1195913] [client 39.154.11.22:8675] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.artfranz.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.artfranz.com"] [uri "/"] [unique_id "aevB4dNRXGfhpe8yl-Dc9QAAACo"], referer: http://www.artfranz.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-22 22:45:42 (3 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 18:45:34.701930 2026] [security2:error] [pid 1611:tid 1611] [client 39.154.11.22:3074] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.malesview.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.malesview.com"] [uri "/index.html"] [unique_id "acBxDv5ZUokV8jBDgbPC2wAAAAY"], referer: https://www.malesview.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-05 16:20:31 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 05 11:20:22.895537 2026] [security2:error] [pid 15081:tid 15081] [client 39.154.11.22:17604] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.localpetsitters.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.localpetsitters.com"] [uri "/"] [unique_id "aYTDRkPVvFcVsnsivASrGgAAAAQ"], referer: https://www.localpetsitters.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-31 20:52:24 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 39.154.11.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 31 15:52:16.985127 2026] [security2:error] [pid 23023:tid 23023] [client 39.154.11.22:7758] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|aimer.es\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aimer.es"] [uri "/"] [unique_id "aX5rgLaWFpQd2JRS28HcSwAAAAQ"], referer: http://aimer.es/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-11-19 23:30:13 (7 months ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.11.22 2025-11- ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/39.154.11.22 2025-11-19 18:37:17 / show less	Web App Attack
🇨🇳 ThreatBook.io	2025-10-24 23:21:10 (8 months ago)	ThreatBook Intelligence: Mobile,Spam more details on https://threatbook.io/ip/39.154.11.22 2025-10-2 ... show more ThreatBook Intelligence: Mobile,Spam more details on https://threatbook.io/ip/39.154.11.22 2025-10-24 08:07:55 /explore/projects?non_archived=true&page=2&sort=latest_activity_desc show less	Web App Attack
🇨🇳 ThreatBook.io	2025-05-07 00:09:54 (1 year ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.22 2025-05-0 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.22 2025-05-06 13:11:00 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-05-02 00:11:46 (1 year ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.22 2025-05-0 ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/39.154.11.22 2025-05-01 02:56:47 /guard.html show less	Web App Attack
🇨🇳 ThreatBook.io	2025-03-15 00:05:41 (1 year ago)	ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/39.154.11.22 2025-03 ... show more ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/39.154.11.22 2025-03-14 18:45:34 /sitemap.xml show less	Web App Attack
🇨🇳 ThreatBook.io	2025-03-11 00:10:16 (1 year ago)	ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/39.154.11.22 2025-03 ... show more ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/39.154.11.22 2025-03-10 01:45:22 /robots.txt show less	Web App Attack
🇮🇩 hermawan	2025-02-15 23:22:50 (1 year ago)	[Sun Feb 16 06:22:49.091622 2025] [security2:error] [pid 332187:tid 140539374593728] [client 39.154. ... show more [Sun Feb 16 06:22:49.091622 2025] [security2:error] [pid 332187:tid 140539374593728] [client 39.154.11.22:1523] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "WOW64" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "165"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: WOW64 found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/"] [unique_id "Z7EhyTzuG8zY4EDjwNzr9wAAATE"], referer https://staklim-malang.info/ [staklim-malang.info] [staklim-malang.info] top=[332274] [1Dq9kR5/ud8] [Z7EhyTzuG8zY4EDjwNzr9wAAATE] keep_alive=[0] [2025-02-16 06:22:49.091625] [R:Z7EhyTzuG8zY4EDjwNzr9wAAATE] UA:'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.1 ... show less	Hacking Web App Attack
Anonymous	2024-02-27 00:40:54 (2 years ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 212.132.120.41

🇺🇸 185.243.5.56

🇺🇸 147.185.132.117

🇰🇪 102.203.215.6

🇸🇦 93.112.196.165

🇲🇳 66.181.189.252

🇨🇳 39.148.225.234

🇵🇱 185.241.208.23

🇳🇱 176.65.139.235

🇺🇸 172.200.228.35

🇬🇭 154.161.118.217

🇨🇱 152.172.0.158

🇺🇸 149.28.52.241

🇺🇸 147.185.132.106

🇨🇦 144.217.161.208

🇮🇳 122.187.237.122

🇫🇷 104.28.159.180

🇸🇬 47.84.139.158

🇨🇳 39.154.11.60

🇧🇬 193.24.211.107