JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.118.163.22

161.118.163.22 was found in our database!

This IP was reported 71 times. Confidence of Abuse is 100%: ?

100%

ISP	500 Oracle Parkway
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31898
Domain Name	oracle.com
Country	🇮🇳 India
City	Mumbai, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.118.163.22

Whois 161.118.163.22

IP Abuse Reports for 161.118.163.22:

This IP address has been reported a total of 71 times from 37 distinct sources. 161.118.163.22 was first reported on May 25th 2026, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 floreriaexpress	2026-06-20 17:01:31 (22 hours ago)	FakeADS-Anti: country:IN \| https://floreriaexpresschile.cl/	Bad Web Bot
🇳🇴 Bots.go.to.hell	2026-06-20 13:23:50 (1 day ago)	This IP was detected by CrowdSec triggering custom/http-bad-crawler-ban	Web App Attack Bad Web Bot
🇫🇷 mrcrassi	2026-06-20 09:35:36 (1 day ago)	Triggered Cloudflare WAF (firewallManaged) from IN. Action taken: BLOCK Protocol: HTTP/1.1 (POST met ... show more Triggered Cloudflare WAF (firewallManaged) from IN. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 ValtonTahiri	2026-06-20 09:15:11 (1 day ago)	UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly as ... show more UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly associated with port scanning, service discovery, or automated internet probing. Technical: source_ip=161.118.163.22; proto=TCP; source_port=39904; target_port=3000; flags=SYN show less	Port Scan
🇦🇺 paulshipley.com.au	2026-06-19 16:29:09 (1 day ago)	[Sat Jun 20 02:29:08.336510 2026] [security2:error] [pid 683749] [client 161.118.163.22:45258] [clie ... show more [Sat Jun 20 02:29:08.336510 2026] [security2:error] [pid 683749] [client 161.118.163.22:45258] [client 161.118.163.22] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "underconstruction.paulshipley.info"] [uri "/"] [unique_id "ajVuVDOEoo9mf24wu0h7IgAAAAc"] ... show less	Web App Attack
🇨🇭 4server	2026-06-19 12:53:48 (2 days ago)	[FriJun1914:53:41.9092052026][security2:error][pid3154615:tid3154848][client161.118.163.22:0]ModSecu ... show more [FriJun1914:53:41.9092052026][security2:error][pid3154615:tid3154848][client161.118.163.22:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\$$\(41\271$\)\)foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync$echo\$\(\(41\271$\)\).tostring.trimthrowobject.assign$newerror\(next_redirect${digest:\`next_redirectpush/login\?a=\${res}307\`}\)_chunks:\$q2_formdata:{get:\$3:\$\$:constructor:constructor}}}\"][tag\"attack-rce\"][hostname\"hosting-ticino-svizzera-ch.ticino-hosting.ch\"][uri\"/\"][unique_id\"ajU71V6QL3k2j3X-EDL9ggAAAQc show less	Hacking Web App Attack
🇩🇪 4server	2026-06-18 21:42:10 (2 days ago)	[ThuJun1823:42:08.4172102026][security2:error][pid1125557:tid1125561][client161.118.163.22:0]ModSecu ... show more [ThuJun1823:42:08.4172102026][security2:error][pid1125557:tid1125561][client161.118.163.22:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$curl\\|wget\\|python\\|nikto\\|sqlmap\\|acunetix\\|fimap\\|dirbuster\\|cmsmap$\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"217\"][id\"990210\"][msg\"Suspicioususer-agentblocked\"][hostname\"worldgoldfundltd.com.136-243-54-122.cpanel.site\"][uri\"/\"][unique_id\"ajRmMMCs16GXG3uO4B2FrgAAAIA\"] show less	Port Scan Brute-Force Web App Attack
🇳🇴 Bots.go.to.hell	2026-06-18 20:53:54 (2 days ago)	This IP was detected by CrowdSec triggering custom/http-bad-crawler-ban	Web App Attack Bad Web Bot
🇬🇧 pinguin	2026-06-18 19:22:02 (2 days ago)	Triggered Cloudflare WAF (firewallManaged) from IN. Action taken: LOG Protocol: HTTP/1.1 (HEAD metho ... show more Triggered Cloudflare WAF (firewallManaged) from IN. Action taken: LOG Protocol: HTTP/1.1 (HEAD method) Endpoint: / UA: python-requests/2.31.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇵🇱 Roper123	2026-06-18 17:42:17 (2 days ago)	Web app exploits	Web App Attack
🇧🇷 ludarkstar99	2026-06-18 09:15:06 (3 days ago)	Blocked by os-abuseipdb; 9 hits, proto=tcp, ports=443	Port Scan Hacking
🇩🇪 BlueWire Hosting	2026-06-18 05:11:20 (3 days ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇺🇸 Rip	2026-06-17 00:36:39 (4 days ago)	Remote Command Execution - Unix Shell Expression Found in URI	Web App Attack
🇮🇹 Progetto1	2026-06-16 16:25:02 (4 days ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇫🇷 mrcrassi	2026-06-16 13:01:30 (5 days ago)	Triggered Cloudflare WAF (firewallManaged) from IN. Action taken: BLOCK Protocol: HTTP/1.1 (POST met ... show more Triggered Cloudflare WAF (firewallManaged) from IN. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 71 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇹 81.30.98.158

🇺🇸 66.132.186.200

🇺🇸 34.60.196.5

🇨🇭 179.43.150.26

🇺🇸 172.208.49.189

🇯🇵 160.251.169.213

🇨🇳 118.212.120.69

🇷🇴 80.94.92.178

🇩🇪 69.5.169.203

🇩🇪 69.5.169.103

🇺🇸 66.132.195.114

🇺🇸 66.132.172.192

🇯🇵 47.245.30.73

🇷🇺 5.255.231.201

🇺🇸 2600:3c00::2000:6aff:fe34:40f4

🇰🇷 221.157.77.61

🇳🇱 176.65.139.181

🇰🇷 112.216.129.27

🇺🇸 107.175.156.160

🇳🇱 91.92.40.6