JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 122.8.46.201

122.8.46.201 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 29%: ?

29%

ISP	Beijing CNISP Technology Co., Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	cnisp.org.cn
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 122.8.46.201

Whois 122.8.46.201

IP Abuse Reports for 122.8.46.201:

This IP address has been reported a total of 15 times from 10 distinct sources. 122.8.46.201 was first reported on April 17th 2023, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tilellit.pro	2026-06-27 09:15:21 (10 hours ago)	Fail2Ban banned 122.8.46.201 for security violations in jail wp-armour. Log: 2026/06/27 09:15:20 [er ... show more Fail2Ban banned 122.8.46.201 for security violations in jail wp-armour. Log: 2026/06/27 09:15:20 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 122.8.46.201 \| Target: wplogin" , client: 122.8.46.201, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇩🇪 webanyone	2026-06-09 12:45:26 (2 weeks ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-23 22:03:01 (1 month ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-22. show less	Web App Attack SSH Hacking
🇳🇱 homeshowdomain.nl	2026-05-22 22:00:05 (1 month ago)	Auto-ban: >3000 req/min op 2026-05-22	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-22 20:40:09 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 122.8.46.201 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 122.8.46.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 16:40:06.962818 2026] [security2:error] [pid 11461:tid 11461] [client 122.8.46.201:13785] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|savingspools.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "savingspools.com"] [uri "/s3cmd.ini"] [unique_id "ahC_Jm5VJy1RdhKOUlNcdwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-22 19:33:54 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 122.8.46.201 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 122.8.46.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 15:33:50.696946 2026] [security2:error] [pid 5599:tid 5599] [client 122.8.46.201:52173] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.wsspy.bamedica.com"] [uri "/.env"] [unique_id "ahCvniumTurPlG5BRK2bjQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-22 19:30:28 (1 month ago)	122.8.46.201 - - [22/May/2026:22:30:27 +0300] "GET /.env HTTP/1.1" 404 3309 "-" "Mozilla/5.0 (Macint ... show more 122.8.46.201 - - [22/May/2026:22:30:27 +0300] "GET /.env HTTP/1.1" 404 3309 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36" 122.8.46.201 - - [22/May/2026:22:30:27 +0300] "GET /.env HTTP/1.1" 404 3307 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko/20061024 Firefox/2.0 (Swiftfox)" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-22 18:55:06 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 122.8.46.201 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 122.8.46.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 14:54:58.932890 2026] [security2:error] [pid 19961:tid 19961] [client 122.8.46.201:30291] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "krugmans.com"] [uri "/.git/config"] [unique_id "ahCmgmQH9YHtcJ0if_BdcgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-05-22 18:54:59 (1 month ago)	Try to access /.git/config	Web App Attack
🇳🇿 Antinson	2026-05-22 14:50:15 (1 month ago)	Scraping with a high error ratio and request rate Requests to unauthorized or suspicious endpoints ( ... show more Scraping with a high error ratio and request rate Requests to unauthorized or suspicious endpoints (.git, .well-known, .php, etc.) show less	Bad Web Bot
🇫🇷 tilellit.pro	2026-05-21 14:55:03 (1 month ago)	Fail2Ban banned 122.8.46.201 for security violations in jail wp-armour. Log: 2026/05/21 14:55:02 [er ... show more Fail2Ban banned 122.8.46.201 for security violations in jail wp-armour. Log: 2026/05/21 14:55:02 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 122.8.46.201 \| Target: wplogin" , client: 122.8.46.201, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 TPI-Abuse	2026-05-07 21:26:40 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 122.8.46.201 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 122.8.46.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 17:26:34.452691 2026] [security2:error] [pid 12458:tid 12458] [client 122.8.46.201:46781] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|sahinozalit.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sahinozalit.com"] [uri "/wp-json/wp/v2/users"] [unique_id "af0DivsnsPGdI-knMozBkQAAAAc"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ambor	2026-04-27 15:30:46 (2 months ago)	Honeypot access: WordPress admin access attempt. Path: /wp-login.php	Brute-Force Web App Attack
🇧🇪 voormedia	2026-03-17 18:45:29 (3 months ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇩🇪 Fusl	2023-04-17 11:20:17 (3 years ago)	received unsolicited smtp data stream: Date: Mon, 17 Apr 2023 07:08:03 -0400 From: postmaster@hbvify ... show more received unsolicited smtp data stream: Date: Mon, 17 Apr 2023 07:08:03 -0400 From: [email protected] Subject: Delivery report To: [email protected] MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="[email protected]" [email protected] Content-Type: text/plain Hello, this is the mail server on hbvifyopfwwm.com. I am sending you this message to inform you on the delivery status of a message you previously sent. Immediately below you will find a list of the affected recipients; also attached is a Delivery Status Notification (DSN) report in standard format, as well as the headers of the original message. <[email protected]> delivery failed; will not continue trying [email protected] Content-Type: message/delivery-status Original-Envelope-Id: 383;639855;0000007010;pawan1 Reporting-MTA: dns;hbvifyopfwwm.com X-PowerMTA-VirtualMTA: nvmta_0692 Received-From-MTA: dns;localhost (127.0.0.1) Arrival-Dat show less	Email Spam

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.106

🇿🇲 165.57.81.74

🇺🇸 66.132.195.111

🇳🇱 64.225.74.178

🇭🇰 45.142.154.10

🇬🇧 45.82.76.125

🇨🇦 20.220.148.251

🇺🇸 205.210.31.105

🇦🇷 191.80.192.35

🇩🇪 185.30.32.214

🇺🇸 135.237.125.27

🇨🇳 124.193.81.23

🇭🇰 116.48.39.16

🇷🇺 109.173.38.135

🇬🇧 87.236.176.14

🇷🇺 85.95.166.40

🇺🇸 64.227.0.95

🇺🇸 54.198.45.128

🇬🇧 35.203.210.40

🇺🇸 20.118.241.35