JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 128.90.161.1

128.90.161.1 was found in our database!

This IP was reported 59 times. Confidence of Abuse is 100%: ?

100%

ISP	Unus, Inc.
Usage Type	Fixed Line ISP
ASN	AS22363
Hostname(s)	undefined.hostname.localhost
Domain Name	unusid.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 128.90.161.1

Whois 128.90.161.1

IP Abuse Reports for 128.90.161.1:

This IP address has been reported a total of 59 times from 48 distinct sources. 128.90.161.1 was first reported on March 3rd 2024, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-27 18:00:10 (5 hours ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇫🇮 Yachiyo Runami	2026-06-27 16:52:19 (6 hours ago)	Port Scan on Honeypot \| Ports: 80/HTTP \| Proto: TCP(1) \| Flags: all SYN \| TTL: 53 \| Len: 60B \| Win: ... show more Port Scan on Honeypot \| Ports: 80/HTTP \| Proto: TCP(1) \| Flags: all SYN \| TTL: 53 \| Len: 60B \| Win: 64240(1) \| rDNS: undefined.hostname.localhost \| F2B/ufw-honeypot@2026-06-27T16:52:19Z show less	Port Scan Hacking
🇺🇸 Rip	2026-06-27 16:00:59 (7 hours ago)	WordPress fingerprinting and attack surface probing	Port Scan Web App Attack
🇺🇸 wordpresshosting.solutions	2026-06-27 14:21:23 (9 hours ago)	WordPress login/xmlrpc abuse or user enumeration detected. Evidence: 128.90.161.1 - - [27/Jun/2026:1 ... show more WordPress login/xmlrpc abuse or user enumeration detected. Evidence: 128.90.161.1 - - [27/Jun/2026:14:21:23 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" 404 6451 "http://arkapi.dev/wp-admin/setup-config.php?step=1&language=en_GB" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Mobile/15E148 Safari/604.1" 128.90.161.1 - - [27/Jun/2026:14:21:23 +0000] "GET /wp-admin/install.php?step=1&language=en_GB HTTP/1.1" 404 6451 "http://arkapi.dev/wp-admin/install.php?step=1&language=en_GB" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Mobile/15E148 Safari/604.1" show less	Brute-Force Web App Attack
Anonymous	2026-06-27 12:31:10 (10 hours ago)	(caddyscan) Scanner path probe from 128.90.161.1 (IT/Italy/undefined.hostname.localhost): 5 in the l ... show more (caddyscan) Scanner path probe from 128.90.161.1 (IT/Italy/undefined.hostname.localhost): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:11:52:23 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:11:52:23 +0000] "GET /wp-admin/install.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:12:19:59 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:12:20:00 +0000] "GET /wp-admin/install.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:12:31:06 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" show less	Port Scan
🇫🇮 as211431.net	2026-06-27 11:29:12 (11 hours ago)	Triggered Cloudflare WAF (firewallCustom) from NL. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from NL. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 ph	2026-06-27 09:14:10 (14 hours ago)	Bad web bot attempting to run wp-admin on non-WP site	Hacking Bad Web Bot Web App Attack
Anonymous	2026-06-27 08:03:38 (15 hours ago)	(caddyscan) Scanner path probe from 128.90.161.1 (IT/Italy/undefined.hostname.localhost): 5 in the l ... show more (caddyscan) Scanner path probe from 128.90.161.1 (IT/Italy/undefined.hostname.localhost): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:07:31:31 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:07:31:31 +0000] "GET /wp-admin/install.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:07:35:35 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:07:35:36 +0000] "GET /wp-admin/install.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [27/Jun/2026:08:03:33 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" show less	Port Scan
🇺🇸 mnsf	2026-06-27 06:05:56 (17 hours ago)	Abuse Detected (2)	Brute-Force Web App Attack
Anonymous	2026-06-27 00:54:02 (22 hours ago)	Unauthorized SSH login attempts	Brute-Force SSH
🇺🇸 etu brutus	2026-06-27 00:05:00 (23 hours ago)	128.90.161.1 has been banned for [WebApp Attack] ...	Hacking Bad Web Bot Web App Attack
🇫🇷 tecnoacquisti.com	2026-06-26 20:55:37 (1 day ago)	PrestaShop Security Module: AbuseIPDB high confidence score AND local web-app-attack detected (Abuse ... show more PrestaShop Security Module: AbuseIPDB high confidence score AND local web-app-attack detected (AbuseIPDB score: 89% (cached)) show less	Web App Attack
🇦🇹 René Hickersberger	2026-06-26 18:08:56 (1 day ago)	malicious bot detected: violations="hit-honeypot"; user_agent="Mozilla/5.0 (compatible; Yahoo! Slurp ... show more malicious bot detected: violations="hit-honeypot"; user_agent="Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)" show less	Web App Attack
Anonymous	2026-06-26 17:27:54 (1 day ago)	(caddyscan) Scanner path probe from 128.90.161.1 (IT/Italy/undefined.hostname.localhost): 5 in the l ... show more (caddyscan) Scanner path probe from 128.90.161.1 (IT/Italy/undefined.hostname.localhost): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 404 277 128.90.161.1 - - [26/Jun/2026:16:52:41 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 404 272 128.90.161.1 - - [26/Jun/2026:16:52:41 +0000] "GET /wp-admin/install.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [26/Jun/2026:17:22:38 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [26/Jun/2026:17:22:38 +0000] "GET /wp-admin/install.php?step=1&language=en_GB HTTP/1.1" [REDACTED] 200 2627 128.90.161.1 - - [26/Jun/2026:17:27:51 +0000] "GET /wp-admin/setup-config.php?step=1&language=en_GB HTTP/1.1" show less	Port Scan
🇫🇷 Thaliruth	2026-06-26 16:55:11 (1 day ago)	[26/Jun/2026:18:55:10.540219 +0200] aj6u7ahIwbpRjyQjJJ6SjwAAAAw 128.90.161.1 52784 127.0.0.1 7081 .. ... show more [26/Jun/2026:18:55:10.540219 +0200] aj6u7ahIwbpRjyQjJJ6SjwAAAAw 128.90.161.1 52784 127.0.0.1 7081 ... show less	Hacking

Showing 1 to 15 of 59 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇹 45.227.254.170

🇨🇳 221.235.197.195

🇷🇺 195.161.41.115

🇺🇸 72.167.48.122

🇩🇪 45.90.99.124

🇳🇱 103.74.134.180

🇧🇷 45.238.203.120

🇨🇦 24.212.56.34

🇺🇸 216.25.89.131

🇭🇰 172.253.5.16

🇵🇰 154.208.34.84

🇭🇰 123.58.213.117

🇳🇱 80.82.77.202

🇨🇳 27.128.171.39

🇹🇭 223.204.247.33

🇩🇪 167.94.145.26

🇮🇳 157.85.18.98

🇬🇪 2.57.217.229

🇨🇳 223.199.184.146

🇵🇰 103.117.160.173