JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 128.24.161.43

128.24.161.43 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 128.24.161.43

Whois 128.24.161.43

IP Abuse Reports for 128.24.161.43:

This IP address has been reported a total of 27 times from 23 distinct sources. 128.24.161.43 was first reported on February 19th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 andypiper	2026-06-11 01:00:42 (2 hours ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 MPL	2026-06-11 00:29:22 (3 hours ago)	tcp port scan (12 or more attempts)	Port Scan
🇷🇸 Scan	2026-06-11 00:16:30 (3 hours ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇩🇪 ITSNF	2026-06-10 23:00:02 (4 hours ago)	Blocked by OPNsense firewall; 8 hits, proto=tcp, ports=2077,2095,2096,3000,3001,4000,443,8443	Port Scan Hacking
🇩🇪 london2038.com	2026-06-10 21:57:00 (6 hours ago)	Connection atttempts against closed TCP ports Jun 10 23:56:59 BLOCK SRC=128.24.161.43 LEN=60 TOS=0x0 ... show more Connection atttempts against closed TCP ports Jun 10 23:56:59 BLOCK SRC=128.24.161.43 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=57611 DF PROTO=TCP SPT=50629 DPT=2082 WINDOW=64240 RES=0x00 SYN Jun 10 23:56:59 BLOCK SRC=128.24.161.43 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=59590 DF PROTO=TCP SPT=50643 DPT=2078 WINDOW=64240 RES=0x00 SYN Jun 10 23:56:59 BLOCK SRC=128.24.161.43 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32242 DF PROTO=TCP SPT=50632 DPT=9000 WINDOW=64240 RES=0x00 SYN show less	Port Scan
🇺🇸 xmission.com	2026-06-10 21:24:07 (6 hours ago)	Blocked by UFW (TCP on 8090) Source port: 50325 TTL: 53 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 8090) Source port: 50325 TTL: 53 Packet length: 60 TOS: 0x00 This report (for 128.24.161.43) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇵🇱 sefinek.net	2026-06-10 20:08:03 (7 hours ago)	Honeypot hit: Empty payload (likely service probe); 10000 [1], 3001 [1] TCP Reported by: https://git ... show more Honeypot hit: Empty payload (likely service probe); 10000 [1], 3001 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇩🇪 acadeova	2026-06-10 19:45:57 (8 hours ago)	🚨 Recon detected (nft drop) SRC=128.24.161.43 Observed=TCP dpt=8090 in=enp0s6 ttl=42 Time=recent(jou ... show more 🚨 Recon detected (nft drop) SRC=128.24.161.43 Observed=TCP dpt=8090 in=enp0s6 ttl=42 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
🇯🇵 SentinalX by uzumaru	2026-06-07 03:34:49 (4 days ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: fapi.binance.com:443 show less	Open Proxy Port Scan
🇩🇪 4server	2026-06-04 08:25:12 (6 days ago)	[ThuJun0410:25:09.0317912026][security2:error][pid3071612:tid3071689][client128.24.161.43:0]ModSecur ... show more [ThuJun0410:25:09.0317912026][security2:error][pid3071612:tid3071689][client128.24.161.43:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\(\?i\)\(curl\\|wget\\|python\\|nikto\\|sqlmap\\|acunetix\\|fimap\\|dirbuster\\|cmsmap\)\"atREQUEST_HEADERS:user-agent.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"217\"][id\"990210\"][msg\"Suspicioususer-agentblocked\"][hostname\"ppinvestment.ch\"][uri\"/\"][unique_id\"aiE2ZRYLN-OeEL2FrjACMgAAAI8\"] show less	Port Scan Brute-Force Web App Attack
🇧🇷 somosbr	2026-06-03 10:42:50 (1 week ago)	[2026-06-03T10:42:50Z] Unsolicited scan from 128.24.161.43 to port 80/tcp	Port Scan
🇬🇧 PeravixGroup	2026-06-03 10:42:17 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 RAP	2026-06-03 10:39:10 (1 week ago)	2026-06-03 10:39:10 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 RAP	2026-06-03 09:20:48 (1 week ago)	2026-06-03 09:20:48 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇳 197.5.145.150

🇮🇷 193.151.141.41

🇱🇹 62.60.130.59

🇺🇸 2600:1f18:3120:f504:1780:114e:240:e167

🇱🇻 217.60.3.128

🇩🇪 213.209.159.115

🇺🇸 206.212.244.18

🇺🇸 198.23.172.54

🇺🇸 195.184.76.66

🇻🇳 183.91.186.36

🇬🇧 134.209.25.199

🇯🇵 118.243.65.248

🇨🇳 116.162.216.223

🇻🇳 103.228.36.70

🇫🇷 91.231.89.41

🇪🇸 90.168.109.53

🇧🇬 78.130.147.234

🇧🇬 78.128.113.74

🇺🇸 66.132.195.27

🇺🇸 66.132.186.179