JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 105.164.128.173

105.164.128.173 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 37%: ?

37%

ISP	Safaricom Limited
Usage Type	Fixed Line ISP
ASN	AS37061
Domain Name	safaricom.co.ke
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 105.164.128.173

Whois 105.164.128.173

IP Abuse Reports for 105.164.128.173:

This IP address has been reported a total of 9 times from 7 distinct sources. 105.164.128.173 was first reported on April 24th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 kosada.com	2026-06-25 19:49:59 (1 day ago)	Web bot: denial-of-service flood	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-25 14:52:52 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 105.164.128.173 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 105.164.128.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 10:52:47.290453 2026] [security2:error] [pid 22190:tid 22190] [client 105.164.128.173:40654] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.164.128.173 (+1 hits since last alert)\|mkdesignndetailing.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mkdesignndetailing.com"] [uri "/xmlrpc.php"] [unique_id "aj1AvzE6UUvgIyc5weN6XwAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 13:50:46 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 105.164.128.173 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 105.164.128.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 09:50:40.740652 2026] [security2:error] [pid 21945:tid 21945] [client 105.164.128.173:45742] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.164.128.173 (+1 hits since last alert)\|the-it-man.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "the-it-man.com"] [uri "/xmlrpc.php"] [unique_id "aj0yMALQbvh-sk6G6AvrxgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-25 08:04:48 (1 day ago)	[server.tmg.gr] httpd-xmlrpc-post: sites=crisis-management2019.eu; logs=/var/log/httpd/domains/crisi ... show more [server.tmg.gr] httpd-xmlrpc-post: sites=crisis-management2019.eu; logs=/var/log/httpd/domains/crisis-management2019.eu.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-25 08:03:07 (1 day ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 06:34:12 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 105.164.128.173 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 105.164.128.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 02:34:04.787552 2026] [security2:error] [pid 4516:tid 4527] [client 105.164.128.173:40476] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.164.128.173 (+1 hits since last alert)\|metalartgate.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "metalartgate.com"] [uri "/xmlrpc.php"] [unique_id "ajzL3GNHcE0cBHr29zzBmQAAAEg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Vegascosmetics	2026-06-16 05:10:53 (1 week ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security	DDoS Attack Hacking Exploited Host
Anonymous	2026-05-13 05:00:18 (1 month ago)	Attack Signature Blocked: /wishlist/index/add/product/1428/form_key/BRpWVUBb2r6aFQuc/ (Magento Site) ... show more Attack Signature Blocked: /wishlist/index/add/product/1428/form_key/BRpWVUBb2r6aFQuc/ (Magento Site) (Botnet activity attributed to: Angara Technologies Group / mikhail-smirnov-79830322) show less	Web App Attack Bad Web Bot
Anonymous	2026-04-24 04:28:34 (2 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇬 176.118.188.15

🇬🇧 31.14.254.6

🇭🇰 152.32.212.224

🇷🇴 151.242.191.232

🇺🇸 148.153.32.33

🇨🇳 117.189.25.245

🇧🇩 103.60.175.56

🇺🇸 98.243.53.112

🇩🇪 89.245.29.208

🇱🇻 81.30.98.158

🇧🇬 79.124.62.230

🇧🇬 79.124.56.250

🇺🇸 71.6.134.229

🇺🇦 195.135.196.186

🇨🇳 183.252.146.220

🇬🇧 146.90.220.132

🇺🇸 138.197.16.14

🇻🇳 116.99.168.247

🇳🇱 89.21.67.150

🇳🇱 45.148.10.200