JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.9.156.22

45.9.156.22 was found in our database!

This IP was reported 129 times. Confidence of Abuse is 52%: ?

52%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	MAXKO d.o.o.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS211619
Hostname(s)	vps19823.maxko-hosting.net
Domain Name	maxko.org
Country	🇧🇬 Bulgaria
City	Sofia, Sofia-Capital

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.9.156.22

Whois 45.9.156.22

IP Abuse Reports for 45.9.156.22:

This IP address has been reported a total of 129 times from 65 distinct sources. 45.9.156.22 was first reported on October 2nd 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 ✨	2026-06-02 01:34:12 (4 days ago)	Rule : PLESK BOT 2026-06-02 03:32:58 Unauthorized login attempt to Plesk Panel from IP 45.9.156.22 w ... show more Rule : PLESK BOT 2026-06-02 03:32:58 Unauthorized login attempt to Plesk Panel from IP 45.9.156.22 with username admin show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 15:21:29 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 11:21:24.600835 2026] [security2:error] [pid 17594:tid 17611] [client 45.9.156.22:35322] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|wasula.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wasula.com"] [uri "/dump.sql"] [unique_id "ahxR9CAxeoeiggeZQAEpFwAAAEw"], referer: wasula.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Martin Lundstrom	2026-05-31 07:31:34 (5 days ago)	https://www.eagleeye-intelligence.com — IDS: network scan. Automatically detected and blocked.	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 09:26:29 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 05:26:24.142276 2026] [security2:error] [pid 9461:tid 9461] [client 45.9.156.22:53896] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nigunensemble.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nigunensemble.net"] [uri "/dump.sql"] [unique_id "ahqtQJDda_-2xVJt3acZdgAAAAc"], referer: nigunensemble.net/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-05-28 12:57:13 (1 week ago)	IM360 WAF: WordPress malicious plugin install block MV:dummy-plugin.zip	Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 15:24:38 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 11:24:34.885605 2026] [security2:error] [pid 13605:tid 13605] [client 45.9.156.22:43162] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|athome360.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "athome360.com"] [uri "/dump.sql"] [unique_id "ahcMstCYrd91DB04FklMsQAAAA8"], referer: athome360.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 14:43:47 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 10:43:41.329769 2026] [security2:error] [pid 22568:tid 22568] [client 45.9.156.22:47498] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|electra-shield.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "electra-shield.com"] [uri "/dump.sql"] [unique_id "ahcDHcFBqOPGNnEtAGiXDQAAAAY"], referer: electra-shield.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-05-27 11:15:15 (1 week ago)	Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk- ... show more Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk-login jail show less	Brute-Force Web App Attack
Anonymous	2026-05-25 11:07:19 (1 week ago)	Banned by SPAMHAUS ASN-DROP list (ASN: 211619)	DDoS Attack Hacking Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-05-17 05:13:37 (2 weeks ago)	Attempts to login to mail server with wrong username and/or password	Brute-Force
🇧🇷 ICS Labs	2026-05-12 13:45:49 (3 weeks ago)	ICS Labs identified 45.9.156.22 as a malicious indicator from threat intelligence.	Hacking
🇪🇸 gnom4ik	2026-05-06 11:28:26 (4 weeks ago)	ban-reviewer auto report; ip=45.9.156.22; scenario=http:scan; verdict=valid_ban; confidence=0.92; ca ... show more ban-reviewer auto report; ip=45.9.156.22; scenario=http:scan; verdict=valid_ban; confidence=0.92; categories=14,15,18,22; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=ip_decision_count_high show less	Port Scan Hacking Brute-Force SSH
🇺🇸 xmission.com	2026-05-04 15:30:14 (1 month ago)	Blocked by UFW (TCP on 54154) Source port: 9001 TTL: 44 Packet length: 52 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 54154) Source port: 9001 TTL: 44 Packet length: 52 TOS: 0x08 This report (for 45.9.156.22) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-01 17:41:09 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 01 13:41:01.745944 2026] [security2:error] [pid 771:tid 771] [client 45.9.156.22:54892] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.43cambridge.com"] [uri "/.git/config"] [unique_id "afTlrTsLRghWLcMRaVNASgAAACg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 06:12:36 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 45.9.156.22 (vps19823.maxko-hosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 02:12:30.463075 2026] [security2:error] [pid 31749:tid 31749] [client 45.9.156.22:37924] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.journ-e.sabri.es"] [uri "/.git/config"] [unique_id "ae7-TtfMoeCjtjEVn5iS7wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 129 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 60.16.209.137

🇬🇧 45.43.86.210

🇧🇬 5.188.206.34

🇺🇸 192.178.115.215

🇶🇦 176.202.206.50

🇳🇱 176.65.139.11

🇨🇳 117.72.213.162

🇮🇳 103.76.208.113

🇳🇴 95.173.205.152

🇫🇷 91.196.152.97

🇸🇪 78.66.44.23

🇲🇾 47.250.39.4

🇺🇸 45.79.207.209

🇰🇷 211.223.107.86

🇲🇽 189.169.19.33

🇺🇸 184.105.139.112

🇺🇸 172.67.70.74

🇰🇷 112.121.24.152

🇨🇳 106.13.64.124

🇮🇩 103.199.117.168