JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.246.127.80

161.246.127.80 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 0%: ?

ISP	King Mongkut's Institute of Technology Ladkrabang
Usage Type	University/College/School
ASN	AS9486
Domain Name	kmitl.ac.th
Country	🇹🇭 Thailand
City	Bangkok, Bangkok

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.246.127.80

Whois 161.246.127.80

IP Abuse Reports for 161.246.127.80:

This IP address has been reported a total of 21 times from 14 distinct sources. 161.246.127.80 was first reported on August 2nd 2021, and the most recent report was 2 years ago.

Old Reports: The most recent abuse report for this IP address is from 2 years ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 tg_de	2023-12-24 20:35:18 (2 years ago)	10 attempts since 24.12.2023 20:35:14 UTC - last search for: /wp-login.php	Web App Attack
🇫🇷 geot	2023-12-24 13:50:52 (2 years ago)	GET /?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=<<rem ... show more GET /?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=<<removed>> HTTP/1.1 POST /_ignition/execute-solution HTTP/1.1 POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 GET /wp-login.php HTTP/1.1 GET /script HTTP/1.1 GET /manager/html HTTP/1.1 GET /users/sign_in HTTP/1.1 GET /invoker/readonly HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 MPL	2023-12-23 16:05:36 (2 years ago)	tcp/80 (2 or more attempts)	Port Scan
Anonymous	2023-12-07 17:17:53 (2 years ago)	Bruteforce attempts to restricted/protected services	Brute-Force Exploited Host
🇺🇸 gu-alvareza	2023-11-30 07:05:15 (2 years ago)	PHPUnit.Eval-stdin.PHP.Remote.Code.Execution	Hacking Web App Attack
🇦🇺 ozisp.com.au	2023-11-28 15:50:39 (2 years ago)	TH_Asia_<33>1701186638 [1:2024044:2] ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Inj ... show more TH_Asia_<33>1701186638 [1:2024044:2] ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2 [Classification: Web Application Attack] [Priority: 1] {TCP} 161.246.127.80:47798 show less	Web App Attack
🇹🇭 cyfence007	2023-11-28 01:25:43 (2 years ago)	PHPUnit.Eval-stdin.PHP.Remote.Code.Execution	Web App Attack
Anonymous	2023-11-28 00:05:33 (2 years ago)	Fail2Ban triggered	Web App Attack
🇷🇸 Smel	2023-11-27 17:30:21 (2 years ago)	MH/MP Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2023-11-27 11:10:50 (2 years ago)	(mod_security) mod_security (id:210350) triggered by 161.246.127.80 (www.savingcoop.kmitl.ac.th): 1 ... show more (mod_security) mod_security (id:210350) triggered by 161.246.127.80 (www.savingcoop.kmitl.ac.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 27 06:10:43.506891 2023] [security2:error] [pid 3622:tid 47589258585856] [client 161.246.127.80:50624] [client 161.246.127.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|192.64.150.44:80\|F\|4"] [data "close, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "192.64.150.44"] [uri "/invoker/readonly"] [unique_id "ZWR5M9KdTiCR1s4oEJNj0wAAAQE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2023-11-27 01:55:36 (2 years ago)	(mod_security) mod_security (id:210350) triggered by 161.246.127.80 (www.savingcoop.kmitl.ac.th): 1 ... show more (mod_security) mod_security (id:210350) triggered by 161.246.127.80 (www.savingcoop.kmitl.ac.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 26 20:55:31.282939 2023] [security2:error] [pid 348496] [client 161.246.127.80:59716] [client 161.246.127.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|192.64.151.12:443\|F\|4"] [data "close, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "192.64.151.12"] [uri "/script"] [unique_id "ZWP3E3sSlsIfEdwvd4x8ewAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2023-11-25 09:02:49 (2 years ago)	(mod_security) mod_security (id:210350) triggered by 161.246.127.80 (www.savingcoop.kmitl.ac.th): 1 ... show more (mod_security) mod_security (id:210350) triggered by 161.246.127.80 (www.savingcoop.kmitl.ac.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 25 04:02:42.443794 2023] [security2:error] [pid 4015] [client 161.246.127.80:41990] [client 161.246.127.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|192.64.150.104:443\|F\|4"] [data "close, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "192.64.150.104"] [uri "/script"] [unique_id "ZWG4MvxazlqVUMdx6SLxywAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 gu-alvareza	2023-11-25 07:05:10 (2 years ago)	PHPUnit.Eval-stdin.PHP.Remote.Code.Execution	Hacking Web App Attack
🇺🇸 TPI-Abuse	2023-11-22 22:55:11 (2 years ago)	(mod_security) mod_security (id:210350) triggered by 161.246.127.80 (www.savingcoop.kmitl.ac.th): 1 ... show more (mod_security) mod_security (id:210350) triggered by 161.246.127.80 (www.savingcoop.kmitl.ac.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 22 17:55:07.213942 2023] [security2:error] [pid 9641] [client 161.246.127.80:50370] [client 161.246.127.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|192.64.150.151:80\|F\|4"] [data "close, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "192.64.150.151"] [uri "/invoker/readonly"] [unique_id "ZV6Gy1Mo73wmilmy5jO1rwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2023-11-22 11:43:14 (2 years ago)		DNS Compromise DDoS Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a06:98c0:3600::103

🇬🇧 193.163.125.151

🇬🇧 193.163.125.53

🇷🇺 165.154.179.204

🇧🇬 79.124.40.86

🇸🇦 51.211.169.87

🇺🇸 173.72.196.39

🇺🇸 152.32.206.87

🇺🇸 141.11.88.4

🇹🇼 128.14.229.76

🇮🇩 125.167.22.177

🇭🇰 103.103.245.61

🇳🇱 89.21.67.174

🇳🇱 45.153.34.71

🇫🇷 37.65.127.109

🇬🇧 35.203.210.238

🇷🇴 2.57.121.25

🇻🇳 222.254.201.71

🇬🇧 193.163.125.27

🇸🇬 143.198.195.150