JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.123.130.171

161.123.130.171 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 0%: ?

ISP	Wirels Connect (PTY) Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS203020
Domain Name	telafrica.net
Country	🇺🇸 United States of America
City	Romulus, Michigan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.123.130.171

Whois 161.123.130.171

IP Abuse Reports for 161.123.130.171:

This IP address has been reported a total of 21 times from 7 distinct sources. 161.123.130.171 was first reported on October 30th 2023, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 02:52:41 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 21:52:33.234822 2026] [security2:error] [pid 16656:tid 16667] [client 161.123.130.171:35485] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/database.sql"] [unique_id "aXgocD4D1upuVdMC6K4FwQAAAEg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 00:13:27 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 19:13:17.539088 2026] [security2:error] [pid 25141:tid 25141] [client 161.123.130.171:40275] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/\\\\windows/win.ini"] [unique_id "aWrUHS9fQsgmGSkiHQtg3QAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ps-center	2024-11-27 08:06:01 (1 year ago)	SS1: Web Attack GET //VtrIcJry%22%3E%3Cimg%20src=a%20onerror=alert%28document.domain%29%3E/..CFIDE/a ... show more SS1: Web Attack GET //VtrIcJry%22%3E%3Cimg%20src=a%20onerror=alert%28document.domain%29%3E/..CFIDE/administrator/index.cfm show less	Web Spam Hacking Bad Web Bot Web App Attack
🇩🇪 ps-center	2024-11-27 02:49:22 (1 year ago)	SS1: Web Attack GET /base_import/static/etc/passwd	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-11-26 23:31:09 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:221260) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 18:31:04.381820 2024] [security2:error] [pid 14708:tid 14892] [client 161.123.130.171:44843] [client 161.123.130.171] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|kettlehill.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/debug.cgi"] [unique_id "Z0ZaOLZ-yNDsuHkwIgx2vgAAAAo"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-26 18:52:50 (1 year ago)		Web App Attack
🇺🇸 TPI-Abuse	2024-09-03 18:48:43 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:48:40.434224 2024] [security2:error] [pid 32209:tid 32209] [client 161.123.130.171:55797] [client 161.123.130.171] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.stdavids-media.com"] [uri "/.env.bak"] [unique_id "ZtdaCPg2GqZ1ukGwRtW--gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-01 01:54:14 (1 year ago)	(mod_security) mod_security (id:226830) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:226830) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 31 21:52:02.999343 2024] [security2:error] [pid 3087700:tid 3087743] [client 161.123.130.171:45787] [client 161.123.130.171] ModSecurity: Access denied with code 403 (phase 1). Operator GE matched 1 at ARGS_GET. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6392"] [id "226830"] [rev "2"] [msg "COMODO WAF: Open redirect vulnerability in the Redirect function in the StageShow plugin before 5.0.9 for WordPress (CVE-2015-5461)\|\|autodiscover.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "autodiscover.kettlehill.net"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZtPIwtyH84duF-C5mXVH5wAAAY0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-07-24 02:19:50 (1 year ago)	Common attack or app scan event detected and blocked	Port Scan Hacking Web App Attack
🇩🇪 ps-center	2024-07-16 00:50:06 (1 year ago)	SS1: Web Attack GET /magmi/web/info.php	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-27 07:10:31 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.123.130.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 27 03:10:23.181876 2024] [security2:error] [pid 31347:tid 47386382579456] [client 161.123.130.171:54023] [client 161.123.130.171] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.kettlehill.net"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Zn0QX4VrTcN0CWUgIqHuXAAAAFI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-05-15 01:04:07 (2 years ago)	Common attack or app scan event detected and blocked	Port Scan Hacking Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:28:40 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack
Anonymous	2024-03-29 10:35:19 (2 years ago)	\| XSS (Cross Site Scripting) attempt.	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.73.216.223

🇹🇼 198.235.24.59

🇧🇷 102.211.152.138

🇮🇷 94.183.59.33

🇲🇦 81.192.46.32

🇺🇸 47.77.229.36

🇨🇳 36.212.31.122

🇺🇸 20.168.7.106

🇨🇦 15.235.98.79

🇨🇦 15.235.98.3

🇨🇦 4.239.243.30

🇨🇳 180.76.202.69

🇺🇸 172.212.200.29

🇨🇳 103.236.79.61

🇮🇷 78.109.200.147

🇺🇸 35.87.64.250

🇺🇸 216.25.89.71

🇺🇸 107.175.66.41

🇲🇦 105.77.201.248

🇦🇱 84.20.67.98