JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.118.252.15

103.118.252.15 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 25%: ?

25%

ISP	Sakura Network Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS55933
Hostname(s)	unknown.itsidc.com
Domain Name	sakura.as
Country	🇭🇰 Hong Kong
City	Hong Kong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.118.252.15

Whois 103.118.252.15

IP Abuse Reports for 103.118.252.15:

This IP address has been reported a total of 12 times from 4 distinct sources. 103.118.252.15 was first reported on June 4th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-09 01:44:35 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 21:44:32.730712 2026] [security2:error] [pid 17921:tid 17962] [client 103.118.252.15:54744] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|okorganicgardening.org\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "okorganicgardening.org"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aidwAGrOLJLrTm_5SSZgcgAAANI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 22:49:07 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 18:49:01.778012 2026] [security2:error] [pid 9660:tid 9660] [client 103.118.252.15:33446] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|compassionfatigue.org\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "compassionfatigue.org"] [uri "/php-cgi/php.exe"] [unique_id "aidG3UH05mjVXEN2WfJyZwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 22:25:22 (1 week ago)	(mod_security) mod_security (id:218420) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the l ... show more (mod_security) mod_security (id:218420) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 18:25:16.429629 2026] [security2:error] [pid 3475:tid 3475] [client 103.118.252.15:51934] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "38"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|rocketbattle.org\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "rocketbattle.org"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aidBTDra7BCuswtBnwpfNAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 22:09:47 (1 week ago)	(mod_security) mod_security (id:218420) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the l ... show more (mod_security) mod_security (id:218420) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 18:09:41.495617 2026] [security2:error] [pid 26171:tid 26171] [client 103.118.252.15:41322] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|kathyquan.com\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "kathyquan.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aic9pZAS7rTSo3v8B_GklAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 21:51:35 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 17:51:31.812192 2026] [security2:error] [pid 7461:tid 7461] [client 103.118.252.15:39956] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|CustomHumanRobots.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "customhumanrobots.com"] [uri "/php-cgi/php.exe"] [unique_id "aic5YyArzMs8gBSFUb4Q1QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 16:32:39 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 12:32:31.743015 2026] [security2:error] [pid 1514:tid 1514] [client 103.118.252.15:44012] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|tulsatvmemories.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "tulsatvmemories.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aibun6o-htCY8ZoWsWpenwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 RoboSOC	2026-06-08 15:16:00 (1 week ago)	PHP CGI Argument Injection Vulnerability, PTR: unknown.itsidc.com.	Hacking
🇺🇸 TPI-Abuse	2026-06-08 13:08:24 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 09:08:20.809295 2026] [security2:error] [pid 16413:tid 16413] [client 103.118.252.15:50042] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|independentmusicconference.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "independentmusicconference.com"] [uri "/cgi-bin/php.exe"] [unique_id "aia-xLIy7YzbemF9oXSozAAAAHA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 12:43:48 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 08:43:44.237898 2026] [security2:error] [pid 23469:tid 23469] [client 103.118.252.15:33914] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|herreria.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "herreria.com"] [uri "/cgi-bin/php-cgi.exe"] [unique_id "aia5AMQBuyJJGzN_cVaAgwAAAII"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 12:12:56 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the l ... show more (mod_security) mod_security (id:210350) triggered by 103.118.252.15 (unknown.itsidc.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 08:12:48.815302 2026] [security2:error] [pid 7938:tid 7938] [client 103.118.252.15:37964] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|furfriend-z.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "furfriend-z.com"] [uri "/index.php"] [unique_id "aiaxwLEZAK0ns9Db2HQ_ngAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇼 kk_it_man	2026-06-06 12:33:01 (1 week ago)	ET WEB_SERVER Generic PHP Remote File Include ET WEB_SERVER PHP tags in HTTP POST ET WEB_SERVER ... show more ET WEB_SERVER Generic PHP Remote File Include ET WEB_SERVER PHP tags in HTTP POST ET WEB_SERVER PHP.//Input in HTTP POST ET WEB_SERVER allow_url_include PHP config option in uri ET WEB_SERVER auto_prepend_file PHP config option in uri ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) show less	Port Scan
🇺🇸 Bankbook8585	2026-06-04 17:47:28 (2 weeks ago)	T-Pot honeypot \| elasticpot honeypot	Hacking Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.108.100.117

🇺🇸 129.210.115.104

🇧🇬 79.124.56.210

🇩🇪 43.228.157.8

🇲🇦 41.140.99.8

🇬🇧 35.203.210.70

🇷🇴 2.57.121.112

🇳🇱 204.76.203.49

🇲🇽 187.190.202.56

🇦🇷 181.46.57.232

🇳🇱 178.16.54.237

🇦🇲 176.32.193.16

🇺🇸 170.106.11.6

🇸🇻 168.227.21.141

🇫🇷 154.17.176.62

🇰🇷 124.153.187.49

🇮🇳 103.91.246.101

🇮🇳 103.30.81.178

🇧🇩 103.29.181.2

🇫🇷 91.231.89.75