JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.248.189.34

161.248.189.34 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 48%: ?

48%

ISP	Ummah Host BD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS153523
Hostname(s)	srv101.servercpanel.com
Domain Name	ummahhostbd.com
Country	🇧🇩 Bangladesh
City	Dhaka, Dhaka Division

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.248.189.34

Whois 161.248.189.34

IP Abuse Reports for 161.248.189.34:

This IP address has been reported a total of 24 times from 10 distinct sources. 161.248.189.34 was first reported on May 10th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇹 Malta	2026-06-10 13:21:17 (1 day ago)	161.248.189.34 - - [10/Jun/2026:15:21:16 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Lin ... show more 161.248.189.34 - - [10/Jun/2026:15:21:16 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-10 08:12:25 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 04:12:18.192200 2026] [security2:error] [pid 14965:tid 14965] [client 161.248.189.34:37756] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|wild-goose.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "wild-goose.net"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aikcYvVcE1YCnPXu7Har7AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 brechtr	2026-06-10 01:16:18 (1 day ago)	[Press84-BanHammer] bad username — Sourced from: www.langsvlaamsewegen.be — Request: POST /wp-login. ... show more [Press84-BanHammer] bad username — Sourced from: www.langsvlaamsewegen.be — Request: POST /wp-login.php show less	Brute-Force
🇩🇪 FeG Deutschland	2026-06-06 12:29:33 (5 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 05:34:08 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:34:03.970309 2026] [security2:error] [pid 11733:tid 11733] [client 161.248.189.34:42732] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jdeloa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jdeloa.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ah-8y1aBmealb0-Wb-hdgwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 01:45:55 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:45:49.699152 2026] [security2:error] [pid 15328:tid 15346] [client 161.248.189.34:48076] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|greaternorthmiami.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "greaternorthmiami.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ah-HTf4CjKzREAGvLKiu6AAAARA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-02 23:14:33 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 octageeks.com	2026-06-02 04:06:06 (1 week ago)	Wordpress malicious attack:[octawp]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 22:43:31 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 18:43:25.057179 2026] [security2:error] [pid 21137:tid 21150] [client 161.248.189.34:35790] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|conservativedemocrat.aafm.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "conservativedemocrat.aafm.us"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ah4LDeUvEeG52QFyGVK0rwAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 tecnicorioja	2026-05-25 22:00:22 (2 weeks ago)	wp-login attack [25/May/2026:15:05:23	Brute-Force Web App Attack
🇲🇹 Malta	2026-05-24 06:15:56 (2 weeks ago)	161.248.189.34 - - [24/May/2026:08:15:56 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Fed ... show more 161.248.189.34 - - [24/May/2026:08:15:56 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇫🇷 masterguru	2026-05-23 10:39:42 (2 weeks ago)	(modsec_5040) ModSec 5040: API Basic Auth blocked from 161.248.189.34 (BD/Bangladesh/srv101.servercp ... show more (modsec_5040) ModSec 5040: API Basic Auth blocked from 161.248.189.34 (BD/Bangladesh/srv101.servercpanel.com): 1 in the last 3600 secs (0-196) show less	Hacking
🇺🇸 TPI-Abuse	2026-05-21 09:13:39 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 161.248.189.34 (srv101.servercpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 05:13:35.510261 2026] [security2:error] [pid 17493:tid 17493] [client 161.248.189.34:42130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|waf.nilestree.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "waf.nilestree.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ag7Mv1r5Pu2P6qnmyJX-swAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-05-20 19:00:42 (3 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 RLDD	2026-05-19 21:42:17 (3 weeks ago)	WP login attempts -nov	Brute-Force

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.4

🇨🇳 125.76.228.194

🇺🇸 113.20.0.58

🇸🇬 47.82.11.51

🇸🇬 47.82.11.50

🇨🇳 175.11.241.148

🇺🇸 138.186.136.202

🇨🇦 85.217.149.6

🇨🇳 60.174.35.18

🇸🇬 47.82.11.5

🇳🇱 45.134.225.230

🇷🇺 37.128.240.47

🇬🇧 35.203.210.16

🇬🇧 13.40.86.108

🇮🇹 2.33.204.219

🇰🇷 222.118.59.16

🇧🇷 200.175.61.207

🇺🇸 162.216.149.46

🇩🇪 161.35.65.86

🇸🇬 47.82.11.49