JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.123.115.113

161.123.115.113 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 3%: ?

ISP	Wirels Connect (PTY) Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS203020
Domain Name	telafrica.net
Country	🇺🇸 United States of America
City	Romulus, Michigan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.123.115.113

Whois 161.123.115.113

IP Abuse Reports for 161.123.115.113:

This IP address has been reported a total of 18 times from 8 distinct sources. 161.123.115.113 was first reported on August 1st 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:42:53 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:42:49.070403 2026] [security2:error] [pid 12707:tid 12720] [client 161.123.115.113:55893] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/admin/logs/errors.log"] [unique_id "ahzxqfr1zQOtbkd9viU0HQAAAAk"], referer: https://www.kettlehill.com/admin/logs/errors.log show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 11:31:27 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:31:22.230116 2026] [security2:error] [pid 16722:tid 16908] [client 161.123.115.113:37609] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.kettlehill.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/new/newhttp:/example.com"] [unique_id "aX85isyMbG6v0xSDvGJb7AAAAtY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 12:42:34 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 07:42:30.786988 2026] [security2:error] [pid 11473:tid 11473] [client 161.123.115.113:36915] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.nbcnewsradio.com"] [uri "/.env.stage"] [unique_id "aWoyNqar6ee2jFS4HDRr8AAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 raspi4	2025-12-31 19:23:45 (5 months ago)	Fail2Ban Ban Triggered	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 05:53:25 (6 months ago)	(mod_security) mod_security (id:212620) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:212620) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:53:11.408479 2025] [security2:error] [pid 26090:tid 26470] [client 161.123.115.113:33457] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /does_not_exist\\x22\\x22><script>alert(document.domain)</script><imgsrc=x"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.net"] [uri "/does_not_exist\\"\\"><script>alert(document.domain)</script><img src=x"] [unique_id "aS0tRwqR0geke5MRGl4JMQAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 Erpelstolz	2025-11-25 14:20:12 (6 months ago)	VM 131: 161.123.115.113 - - [25/Nov/2025:15:20:09 +0100] "GET /cgi-bin/ HTTP/1.1" 404 8451	Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 20:27:39 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 16:27:35.247727 2025] [security2:error] [pid 11685:tid 11685] [client 161.123.115.113:59561] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/error.log"] [unique_id "aQEnN4Jo7z9Ge9Cb-kzqKgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-16 19:08:00 (7 months ago)	ET WEB_SERVER Kubernetes Ingress NGINX Controller auth-url Annotation Injection (CVE-2025-24514)	SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:45:43 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:45:35.653407 2025] [security2:error] [pid 30110:tid 30151] [client 161.123.115.113:55837] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/.env"] [unique_id "aN1Mn8kWrLLgoGKIU58kYgAAAcY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 21:05:54 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 17:05:47.587122 2025] [security2:error] [pid 27693:tid 27693] [client 161.123.115.113:52823] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.deandobkin.com"] [uri "/sample.htaccess"] [unique_id "aNG6KyHHh3NVHpip1heTIAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-08-27 02:23:50 (9 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2025-08-27 02:17:18 (9 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:58:40 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 161.123.115.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:58:33.283049 2025] [security2:error] [pid 3331489:tid 3331579] [client 161.123.115.113:57571] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/log.log"] [unique_id "aIxlmTqSEPOvsBY_LS5b7gAAAMc"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-07-19 05:09:43 (10 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2025-06-22 10:20:02 (11 months ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.223.235.20

🇩🇪 150.241.107.15

🇷🇺 88.205.172.170

🇯🇵 64.176.38.53

🇺🇸 172.217.107.150

🇺🇸 165.154.163.89

🇧🇩 103.118.78.142

🇵🇱 95.214.55.226

🇳🇱 85.147.251.192

🇮🇷 81.12.72.55

🇺🇸 66.132.195.66

🇳🇱 45.148.10.183

🇵🇱 31.179.197.26

🇲🇿 197.219.210.94

🇦🇷 186.57.3.137

🇬🇧 91.230.225.230

🇬🇧 89.37.172.140

🇧🇬 79.124.49.174

🇹🇷 78.167.39.24

🇺🇸 71.6.233.189