JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.123.115.249

161.123.115.249 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 0%: ?

ISP	Wirels Connect (PTY) Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS203020
Domain Name	telafrica.net
Country	🇺🇸 United States of America
City	Romulus, Michigan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.123.115.249

Whois 161.123.115.249

IP Abuse Reports for 161.123.115.249:

This IP address has been reported a total of 21 times from 8 distinct sources. 161.123.115.249 was first reported on October 30th 2023, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 13:35:23 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 08:35:15.046303 2026] [security2:error] [pid 30214:tid 30214] [client 161.123.115.249:53589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php.swp"] [unique_id "aWuQEx-NyvAXFEw5ZRZOHQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:03:32 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:211190) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:03:25.434280 2025] [security2:error] [pid 22840:tid 22954] [client 161.123.115.249:38839] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /images/index.html?id=%24%7B%40print_r%28%40system%28%22cat+/etc/passwd%22%29%29%7D"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/images/index.html"] [unique_id "aVLQffUSdzJ-gbjPWKhMtAAAAJQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 11:55:22 (7 months ago)	(mod_security) mod_security (id:212750) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:212750) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 06:55:16.747432 2025] [security2:error] [pid 18393:tid 18393] [client 161.123.115.249:56673] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: onerror= found within REQUEST_URI: /keepalive.php?caller=\\x22><img src=1 onerror=alert(document.domain) />&uq_mt=1664137650.085"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/keepalive.php"] [unique_id "aRXHJESh6uwKX6JlqyWbHwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-11-26 23:25:51 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:211190) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 18:25:37.987045 2024] [security2:error] [pid 14708:tid 14886] [client 161.123.115.249:41099] [client 161.123.115.249] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /catalog.php?filename=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.kettlehill.com"] [uri "/catalog.php"] [unique_id "Z0ZY8bZ-yNDsuHkwIgxzXwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-26 18:57:52 (1 year ago)		Web App Attack
🇺🇸 TPI-Abuse	2024-09-04 03:58:37 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:211190) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 23:58:30.971389 2024] [security2:error] [pid 17893:tid 17893] [client 161.123.115.249:57233] [client 161.123.115.249] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.stdavids-media.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stdavids-media.com"] [uri "/index.php"] [unique_id "Ztfa5ucVqjqGWm5ItP62awAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-01 01:51:03 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 31 21:50:54.288108 2024] [security2:error] [pid 3087873:tid 3087896] [client 161.123.115.249:39673] [client 161.123.115.249] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.net\|F\|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/CookieAuth.dll"] [unique_id "ZtPIflZVdRO6ImKeyeuNgwAAAFU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-08-19 04:14:04 (1 year ago)	Malicious activity detected	Hacking Web App Attack
🇩🇪 ps-center	2024-07-15 18:05:38 (1 year ago)	SS1: Web Attack GET /wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-27 07:10:41 (1 year ago)	(mod_security) mod_security (id:210381) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210381) triggered by 161.123.115.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 27 03:10:34.444919 2024] [security2:error] [pid 31360:tid 47386388883200] [client 161.123.115.249:49013] [client 161.123.115.249] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt\|\|www.staging.kettlehill.com\|F\|4"] [data "REQUEST_URI=/assets/built%2F..%2F..%2F%E0%A4%A/package.json"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.staging.kettlehill.com"] [uri "/assets/built%2F..%2F..%2F%E0%A4%A/package.json"] [unique_id "Zn0QalyO989uQdQJj5NXVwAAARU"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 ScanHostHunter	2024-05-22 01:20:24 (2 years ago)	XSS attempts and WordPress attacks observed from this host.	Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:28:28 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack
🇪🇸 10dencehispahard SL	2024-03-27 07:00:25 (2 years ago)	Unauthorized login attempts [ BI-16635]	Brute-Force
🇪🇸 10dencehispahard SL	2024-03-27 06:52:00 (2 years ago)	WP scan	Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.128

🇸🇬 194.164.107.5

🇺🇸 162.216.150.123

🇺🇸 159.89.50.251

🇨🇳 124.88.113.5

🇭🇰 94.190.218.25

🇺🇸 67.207.85.198

🇺🇸 20.168.120.227

🇧🇷 201.24.149.215

🇭🇰 199.45.154.184

🇺🇸 195.184.76.132

🇱🇧 185.72.218.212

🇺🇸 172.234.218.210

🇩🇪 165.22.72.144

🇮🇩 160.187.174.22

🇮🇳 154.84.242.115

🇮🇩 139.255.254.163

🇻🇳 103.75.183.177

🇮🇳 103.19.136.6

🇸🇪 95.203.1.49