JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.123.154.230

161.123.154.230 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 2%: ?

ISP	Verizon Internet Services
Usage Type	Data Center/Web Hosting/Transit
ASN	AS203020
Domain Name	telafricamobile.com
Country	🇺🇸 United States of America
City	Romulus, Michigan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.123.154.230

Whois 161.123.154.230

IP Abuse Reports for 161.123.154.230:

This IP address has been reported a total of 8 times from 3 distinct sources. 161.123.154.230 was first reported on October 1st 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:27:30 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:27:25.319118 2026] [security2:error] [pid 7732:tid 7752] [client 161.123.154.230:39043] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/example.htaccess"] [unique_id "ahzuDSKq_i-FrRbJEDIEzAAAAUY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-01 20:35:51 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 15:35:46.370402 2026] [security2:error] [pid 32106:tid 32127] [client 161.123.154.230:39385] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/wp-config.php.orig"] [unique_id "aaSjIsyHAVRioPijSO-GTQAAANA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-07 14:48:35 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 09:48:28.267635 2026] [security2:error] [pid 20186:tid 20186] [client 161.123.154.230:55679] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/nbcnewsradio.db"] [unique_id "aYdQvEAmpQGaXd-guxof-gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-17 04:10:02 (4 months ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 Kurtbaby	2025-12-30 15:42:00 (5 months ago)	Part of a coordinated attack from many different source IPs that targeted our company's VPN Christma ... show more Part of a coordinated attack from many different source IPs that targeted our company's VPN Christmas Eve through the end of the 26th. show less	Hacking
🇺🇸 TPI-Abuse	2025-12-02 23:39:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 18:39:31.370473 2025] [security2:error] [pid 3600:tid 3600] [client 161.123.154.230:40681] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/.env.dev"] [unique_id "aS94sxJ_CM7oCcq9xDdnSgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 19:42:32 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 15:42:22.484606 2025] [security2:error] [pid 23979:tid 23979] [client 161.123.154.230:48411] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/wp-login.php.bak"] [unique_id "aQEcnhkc6SXOWcn8n4vBoAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 18:09:32 (8 months ago)	(mod_security) mod_security (id:210350) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210350) triggered by 161.123.154.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 14:09:25.132849 2025] [security2:error] [pid 30036:tid 30081] [client 161.123.154.230:58435] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.staging.kettlehill.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "staging.kettlehill.com"] [uri "/mcp"] [unique_id "aN1uVZ4Gg6n9TdaAp9iIXAAAAI4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.242.3.195

🇯🇵 172.253.198.209

🇺🇸 143.42.0.20

🇬🇧 82.20.97.160

🇳🇱 77.83.39.185

🇩🇪 69.5.169.87

🇺🇸 64.62.156.15

🇧🇩 45.120.115.150

🇺🇸 195.184.76.214

🇨🇳 120.52.12.202

🇵🇰 119.156.28.157

🇮🇳 103.116.137.166

🇺🇸 91.193.232.80

🇫🇮 89.167.70.88

🇸🇬 47.128.123.242

🇭🇰 47.76.100.148

🇺🇸 45.79.104.47

🇺🇸 45.33.89.53

🇸🇳 41.208.147.131

🇺🇸 34.168.176.181