JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 130.61.40.167

130.61.40.167 was found in our database!

This IP was reported 40 times. Confidence of Abuse is 90%: ?

90%

ISP	Oracle Public Cloud
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31898
Domain Name	oracleemaildelivery.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 130.61.40.167

Whois 130.61.40.167

IP Abuse Reports for 130.61.40.167:

This IP address has been reported a total of 40 times from 35 distinct sources. 130.61.40.167 was first reported on May 23rd 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 rscott.us	2026-05-23 06:00:10 (3 weeks ago)	Brute force SSH login attempts.	Brute-Force SSH
🇺🇸 yzfdude1	2026-05-23 05:49:01 (3 weeks ago)	May 22 23:48:59 b146-08 sshd[157316]: Invalid user orangepi from 130.61.40.167 port 41968 May 22 23: ... show more May 22 23:48:59 b146-08 sshd[157316]: Invalid user orangepi from 130.61.40.167 port 41968 May 22 23:48:59 b146-08 sshd[157316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.40.167 May 22 23:49:01 b146-08 sshd[157316]: Failed password for invalid user orangepi from 130.61.40.167 port 41968 ssh2 ... show less	Brute-Force SSH
🇬🇧 djboddington	2026-05-23 05:47:54 (3 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-cve-2021-41773	Web App Attack Hacking
🇩🇪 pltcldvlpr	2026-05-23 05:45:58 (3 weeks ago)	CMS/framework probe: 130.61.40.167 - - [23/May/2026:07:45:58 +0200] "POST /cgi-bin/.%2e/.%2e/.%2e/.% ... show more CMS/framework probe: 130.61.40.167 - - [23/May/2026:07:45:58 +0200] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 166 "-" "-" asn=31898 org="Oracle Corporation" country=DE ... show less	Web App Attack
🇺🇸 kipfel★	2026-05-23 05:31:16 (3 weeks ago)	2026-05-23T00:26:56.572394-05:00 nocix-dedi-bf2421-mci sshd-session[564697]: Invalid user admin from ... show more 2026-05-23T00:26:56.572394-05:00 nocix-dedi-bf2421-mci sshd-session[564697]: Invalid user admin from 130.61.40.167 port 40776 2026-05-23T00:27:27.617922-05:00 nocix-dedi-bf2421-mci sshd-session[564739]: Invalid user orangepi from 130.61.40.167 port 50234 2026-05-23T00:31:16.221395-05:00 nocix-dedi-bf2421-mci sshd-session[565064]: Invalid user test from 130.61.40.167 port 33914 ... show less	Brute-Force SSH
🇧🇷 ViniSchneider	2026-05-23 05:27:57 (3 weeks ago)	2026-05-23T02:27:18.172642-03:00 Vini-Server sshd[724201]: Invalid user orangepi from 130.61.40.167 ... show more 2026-05-23T02:27:18.172642-03:00 Vini-Server sshd[724201]: Invalid user orangepi from 130.61.40.167 port 45446 2026-05-23T02:27:18.182187-03:00 Vini-Server sshd[724201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.40.167 2026-05-23T02:27:20.388642-03:00 Vini-Server sshd[724201]: Failed password for invalid user orangepi from 130.61.40.167 port 45446 ssh2 2026-05-23T02:27:54.770188-03:00 Vini-Server sshd[724223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.40.167 user=root 2026-05-23T02:27:57.252559-03:00 Vini-Server sshd[724223]: Failed password for root from 130.61.40.167 port 38514 ssh2 ... show less	Brute-Force SSH
🇹🇷 Threat.live	2026-05-23 05:25:02 (3 weeks ago)	Threat.live: Brute Force	Brute-Force
🇨🇭 Boxis.net NOC	2026-05-23 05:20:15 (3 weeks ago)	(sshd) Failed SSH login from 130.61.40.167 (DE/Germany/-): 5 in the last 3600 secs; Ports: ; Direct ... show more (sshd) Failed SSH login from 130.61.40.167 (DE/Germany/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_SSHD; Logs: May 23 07:11:36 da057 sshd[1855017]: Invalid user orangepi from 130.61.40.167 port 58522 May 23 07:15:20 da057 sshd[1861268]: Invalid user test from 130.61.40.167 port 36064 May 23 07:15:50 da057 sshd[1861888]: Invalid user user from 130.61.40.167 port 44976 May 23 07:17:27 da057 sshd[1863361]: Invalid user cirros from 130.61.40.167 port 58392 May 23 07:20:07 da057 sshd[1867044]: User rpc from 130.61.40.167 not allowed because not listed in AllowUsers show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-23 05:16:07 (3 weeks ago)	(mod_security) mod_security (id:218420) triggered by 130.61.40.167 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218420) triggered by 130.61.40.167 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 01:16:02.823296 2026] [security2:error] [pid 20204:tid 20204] [client 130.61.40.167:52330] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.4:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.4"] [uri "/hello.world"] [unique_id "ahE4Ej8dVM5GMB4buqDxeAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-23 05:09:29 (3 weeks ago)	Detected by CrowdSec IP: 130.61.40.167 Scenario: crowdsecurity/http-cve-2021-41773 Date: Sat, 23 May ... show more Detected by CrowdSec IP: 130.61.40.167 Scenario: crowdsecurity/http-cve-2021-41773 Date: Sat, 23 May 2026 07:09:29 CEST (GMT +02:00) show less	Web App Attack Exploited Host
Anonymous	2026-05-23 05:08:44 (3 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-cve-2021-41773	Web App Attack Hacking
🇺🇸 yzfdude1	2026-05-23 05:07:58 (3 weeks ago)	May 22 23:07:55 b146-69 sshd[153120]: Invalid user orangepi from 130.61.40.167 port 57872 May 22 23: ... show more May 22 23:07:55 b146-69 sshd[153120]: Invalid user orangepi from 130.61.40.167 port 57872 May 22 23:07:55 b146-69 sshd[153120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.40.167 May 22 23:07:57 b146-69 sshd[153120]: Failed password for invalid user orangepi from 130.61.40.167 port 57872 ssh2 ... show less	Brute-Force SSH
🇩🇪 NetWatch	2026-05-23 05:07:50 (3 weeks ago)	The IP 130.61.40.167 tried multiple SSH_BRUTE_FORCE logins	Brute-Force
🇨🇭 raizhell	2026-05-23 04:40:45 (3 weeks ago)	2026-05-23T06:25:47.325457+02:00 isik-one sshd[1630801]: Invalid user admin from 130.61.40.167 port ... show more 2026-05-23T06:25:47.325457+02:00 isik-one sshd[1630801]: Invalid user admin from 130.61.40.167 port 56632 2026-05-23T06:27:05.791035+02:00 isik-one sshd[1630833]: Invalid user orangepi from 130.61.40.167 port 44552 2026-05-23T06:36:47.646460+02:00 isik-one sshd[1631210]: Invalid user test from 130.61.40.167 port 44940 2026-05-23T06:38:08.777216+02:00 isik-one sshd[1631254]: Invalid user user from 130.61.40.167 port 48650 2026-05-23T06:40:44.582824+02:00 isik-one sshd[1631543]: Invalid user admin from 130.61.40.167 port 47924 ... show less	Brute-Force SSH
🇩🇪 LoNET	2026-05-23 04:37:33 (3 weeks ago)	Report 2394517 with IP 3442085 for SSH brute-force attack by source 3436742 via ssh-honeypot/0.2.0+h ... show more Report 2394517 with IP 3442085 for SSH brute-force attack by source 3436742 via ssh-honeypot/0.2.0+http show less	Brute-Force SSH

Showing 1 to 15 of 40 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.92

🇮🇩 163.7.12.183

🇻🇳 160.191.242.189

🇷🇺 77.66.192.139

🇬🇧 54.38.147.242

🇺🇸 34.29.182.234

🇺🇸 20.168.7.169

🇺🇸 216.158.231.26

🇷🇴 193.46.255.86

🇫🇮 157.180.107.233

🇭🇰 119.246.15.94

🇬🇧 81.19.219.213

🇷🇴 80.94.92.182

🇷🇴 80.94.92.171

🇮🇳 59.145.160.158

🇨🇦 52.139.33.254

🇺🇸 47.251.14.178

🇪🇸 34.175.64.125

🇬🇧 198.244.226.218

🇬🇧 194.50.235.138