JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.123.115.4

161.123.115.4 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 0%: ?

ISP	Wirels Connect (PTY) Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS203020
Domain Name	telafrica.net
Country	🇺🇸 United States of America
City	Romulus, Michigan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.123.115.4

Whois 161.123.115.4

IP Abuse Reports for 161.123.115.4:

This IP address has been reported a total of 24 times from 10 distinct sources. 161.123.115.4 was first reported on October 20th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 03:46:31 (4 months ago)	(mod_security) mod_security (id:210350) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 22:46:24.443432 2026] [security2:error] [pid 8340:tid 8433] [client 161.123.115.4:54631] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|ftp.kettlehill.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "ftp.kettlehill.net"] [uri "/"] [unique_id "aXg1EJdz8F31Nrc2UVQ0MQAAAoE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 15:03:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 10:03:10.168925 2025] [security2:error] [pid 13936:tid 13936] [client 161.123.115.4:33499] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/wp-config.php.orig"] [unique_id "aRXzLvd8rz6ne_gnzqoDhgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dayda.net	2025-10-13 03:23:24 (7 months ago)	SPAI_VJS=%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert(document.domain)%3E	Bad Web Bot
🇺🇸 TPI-Abuse	2025-07-26 23:56:25 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:55:41.487557 2025] [security2:error] [pid 24712:tid 24857] [client 161.123.115.4:43953] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\$\\\$\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|webdisk.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.net"] [uri "/"] [unique_id "aIVq_bzNFJM38bDc9XmjNgAAAQY"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 PulseServers	2025-06-03 10:18:57 (1 year ago)	Probing a honeypot for vulnerabilities. Ignored robots.txt - UK10 Honeypot ...	Hacking Web App Attack
🇺🇸 PulseServers	2025-06-03 09:17:48 (1 year ago)	Probing a honeypot for vulnerabilities. Ignored robots.txt - US10 Honeypot ...	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 18:49:30 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 14:47:32.537503 2025] [security2:error] [pid 3183715:tid 3183715] [client 161.123.115.4:43131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.farmers123.com"] [uri "/.env"] [unique_id "aDirxHBlKETc7VdHbIiNVgAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-04 08:56:47 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 161.123.115.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 04 04:56:42.345435 2025] [security2:error] [pid 3779185:tid 3779185] [client 161.123.115.4:51411] [client 161.123.115.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.nbcnewsradio.com"] [uri "/api/.env"] [unique_id "aBcryj-0alG-Y58BYxc5LQAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-15 12:40:49 (1 year ago)	\| Suspicious URL access.	Hacking SQL Injection Web App Attack
🇦🇺 oncord	2024-06-09 20:38:00 (1 year ago)	Form spam	Web Spam
Anonymous	2024-06-05 20:06:20 (1 year ago)		Web Spam
🇦🇺 oncord	2024-06-04 00:51:57 (2 years ago)	Form spam	Web Spam
🇦🇺 oncord	2024-05-31 19:25:27 (2 years ago)	Form spam	Web Spam
🇦🇺 oncord	2024-05-28 01:31:00 (2 years ago)	Form spam	Web Spam
🇺🇸 nowyouknow	2024-05-27 10:38:44 (2 years ago)	(From [email protected]) Would you like to boost your business growth? Our company provides c ... show more (From [email protected]) Would you like to boost your business growth? Our company provides customized financing options meant to help businesses that have: * Minimum credit score: 450 * 6+ months in business * Monthly revenue of $35k+ Whether you need capital for scaling up, new tools, or working capital, our flexible loan plans can offer the aid you need. Ready to look into your funding options? Apply now: https://bit.ly/4bKqJJb Please contact us if you have any inquiries. We're here to help your business thrive! Funding Officer [email protected] Unsubscribe here if you don't want to get these awesome newsletters: https://bit.ly/cflunsubs Rue Du Monument 10, Gloversville, New York, USA, 5500 show less	Phishing Web Spam

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇷 176.88.84.123

🇺🇸 172.190.89.127

🇬🇧 167.71.132.111

🇨🇦 85.217.149.1

🇹🇭 58.11.120.150

🇮🇳 38.183.54.49

🇷🇺 37.77.150.67

🇷🇴 2.57.122.177

🇨🇳 223.199.189.218

🇺🇸 162.216.149.49

🇨🇳 124.174.129.198

🇰🇿 92.47.62.130

🇫🇷 82.67.205.182

🇰🇷 58.226.230.112

🇴🇲 37.40.91.83

🇺🇸 2607:f8b0:4001:c18::12e

🇺🇸 2600:3c03::2000:7eff:febd:cfb1

🇩🇪 213.209.159.241

🇳🇵 202.70.78.237

🇫🇷 172.71.118.189