JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.118.171.111

161.118.171.111 was found in our database!

This IP was reported 33 times. Confidence of Abuse is 100%: ?

100%

ISP	500 Oracle Parkway
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31898
Domain Name	oracle.com
Country	🇮🇳 India
City	Mumbai, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.118.171.111

Whois 161.118.171.111

IP Abuse Reports for 161.118.171.111:

This IP address has been reported a total of 33 times from 24 distinct sources. 161.118.171.111 was first reported on June 11th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 TheCoon	2026-06-16 20:00:01 (4 days ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇨🇭 4server	2026-06-16 19:23:00 (4 days ago)	[TueJun1621:22:55.9800052026][security2:error][pid1469697:tid1469936][client161.118.171.111:0]ModSec ... show more [TueJun1621:22:55.9800052026][security2:error][pid1469697:tid1469936][client161.118.171.111:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"probuild.ch\"][uri\"/.env\"][unique_id\"ajGij-qVq2Y7RZgOAafs3wAAAQU\"] show less	Hacking Web App Attack
🇧🇷 Halux	2026-06-16 18:06:39 (4 days ago)	161.118.171.111 Probing protected path or service	Web App Attack
🇦🇺 2000cn.com.au	2026-06-16 17:37:56 (4 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
Anonymous	2026-06-16 13:18:40 (5 days ago)		Web App Attack
🇧🇪 voormedia	2026-06-16 12:44:37 (5 days ago)	Accessed trap at '/.env'	Web App Attack
🇦🇺 paulshipley.com.au	2026-06-15 03:43:22 (6 days ago)	[Mon Jun 15 13:43:22.218916 2026] [security2:error] [pid 63255] [client 161.118.171.111:50982] [clie ... show more [Mon Jun 15 13:43:22.218916 2026] [security2:error] [pid 63255] [client 161.118.171.111:50982] [client 161.118.171.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "valueaddedpromotions.com.au"] [uri "/.env"] [unique_id "ai902uB-lxxAWxLvnsSQqgAAABo"] ... show less	Web App Attack
🇫🇷 ✨	2026-06-15 00:09:13 (6 days ago)	Domain : stephenpeek.co.uk Rule : env 2026-06-15 00:07:34 *hidden-privacy* GET /.env - 443 - 161 ... show more Domain : stephenpeek.co.uk Rule : env 2026-06-15 00:07:34 *hidden-privacy* GET /.env - 443 - 161.118.171.111 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0 - www.stephenpeek.co.uk 404 0 2 1525 213 306 - - show less	Hacking SQL Injection
🇧🇪 cmbplf	2026-06-14 20:41:26 (6 days ago)	993 requests with url.path *.env	Brute-Force Bad Web Bot
🇩🇪 sdos.es	2026-06-14 20:12:16 (6 days ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
🇭🇺 bcsaba	2026-06-14 16:58:09 (6 days ago)	Probing for .env file: 161.118.171.111 - - [14/Jun/2026:18:58:06 +0200] "GET /.env HTTP/1.1" 400 632 ... show more Probing for .env file: 161.118.171.111 - - [14/Jun/2026:18:58:06 +0200] "GET /.env HTTP/1.1" 400 632 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0" show less	Web App Attack
🇧🇪 voormedia	2026-06-14 16:52:02 (6 days ago)	Accessed trap at '/.env'	Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 13:39:55 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 161.118.171.111 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.118.171.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 09:39:50.681068 2026] [security2:error] [pid 15834:tid 15834] [client 161.118.171.111:37564] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.montepulciano.org"] [uri "/.env"] [unique_id "ai6vJpgIFhuxeV76gs0rTQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 13:22:53 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 161.118.171.111 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.118.171.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 09:22:45.393961 2026] [security2:error] [pid 5313:tid 5313] [client 161.118.171.111:57848] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.madburylibrary.org"] [uri "/.env"] [unique_id "ai6rJaBSwUaj1mPryykUGQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 13:03:33 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 161.118.171.111 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.118.171.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 09:03:29.291771 2026] [security2:error] [pid 24524:tid 24524] [client 161.118.171.111:56886] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.killarneypool.org"] [uri "/.env"] [unique_id "ai6moR4oxm8yUhXjNud9HgAAACI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 33 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.226.197.69

🇳🇱 91.92.40.233

🇩🇪 84.16.231.135

🇻🇳 2402:800:6127:1008:c4d2:2b2b:cdbd:62db

🇨🇱 170.82.129.8

🇺🇸 134.122.125.153

🇭🇰 123.58.210.86

🇸🇬 111.119.210.146

🇳🇱 89.21.67.136

🇸🇬 47.84.105.205

🇮🇳 43.230.106.51

🇺🇸 35.196.16.197

🇮🇳 202.141.104.175

🇺🇸 167.172.148.132

🇺🇸 165.154.206.71

🇵🇱 91.192.206.188

🇮🇳 42.107.148.189

🇫🇷 2a01:e0a:dac:6e10:211:32ff:fe26:fc5

🇧🇷 185.72.241.224

🇦🇷 181.104.2.87