JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.123.93.131

161.123.93.131 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 2%: ?

ISP	Wirels Connect (PTY) Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS203020
Domain Name	telafrica.net
Country	🇺🇸 United States of America
City	Romulus, Michigan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.123.93.131

Whois 161.123.93.131

IP Abuse Reports for 161.123.93.131:

This IP address has been reported a total of 11 times from 5 distinct sources. 161.123.93.131 was first reported on May 17th 2023, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 01:57:19 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 21:54:11.746171 2026] [security2:error] [pid 15557:tid 15582] [client 161.123.93.131:41239] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.kettlehill.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/login.php.bak"] [unique_id "ahzmQ35hzq3cB4Zb4JrKDwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 13:07:50 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 08:07:44.523224 2026] [security2:error] [pid 483:tid 652] [client 161.123.93.131:39467] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.kettlehill.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/config.php.bak"] [unique_id "aX9QIAMxl-cQ0UzvOvSnXwAAAEY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 05:41:12 (5 months ago)	(mod_security) mod_security (id:221260) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 00:41:04.016687 2026] [security2:error] [pid 14929:tid 14929] [client 161.123.93.131:36681] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|192.64.150.63:443\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.63"] [uri "/cgi-bin/stats"] [unique_id "aWnPcMnXWgx_05RS88e7FwAAAAM"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-03 00:04:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 19:04:36.141354 2025] [security2:error] [pid 30763:tid 30763] [client 161.123.93.131:53079] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.farmers123.com"] [uri "/.env.prod.local"] [unique_id "aS9-lFgEAN0KjCy3vttLSwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-01 14:30:18 (6 months ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 16:45:25 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 12:45:17.887844 2025] [security2:error] [pid 17898:tid 17915] [client 161.123.93.131:58739] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/.env.www"] [unique_id "aQY5HW6zjN623qo2nfaSvAAAAE0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 00:54:26 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 20:54:19.429680 2025] [security2:error] [pid 25062:tid 25062] [client 161.123.93.131:44851] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.nbcnewsradio.com"] [uri "/.svn/wc.db"] [unique_id "aQFlu7JbRtAKRGW1xZLvKwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-09-02 23:30:15 (9 months ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-01 01:14:39 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 161.123.93.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 31 21:14:32.619679 2025] [security2:error] [pid 4167008:tid 4167045] [client 161.123.93.131:35109] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/db_backup.sql"] [unique_id "aLTzeA6DfZQKU24eXUwaVwAAAEQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2025-08-18 09:40:17 (9 months ago)	WP probing for vulnerabilities	Hacking Exploited Host
🇿🇦 Birdflew	2023-05-17 07:43:16 (3 years ago)	Wordpress attack	Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇬 102.88.55.120

🇺🇸 76.102.126.23

🇺🇸 209.38.145.0

🇧🇾 178.120.8.99

🇻🇪 170.81.145.238

🇭🇰 154.221.25.72

🇬🇧 146.199.142.186

🇫🇷 82.64.38.234

🇮🇶 65.20.237.175

🇳🇱 45.148.10.157

🇧🇷 45.140.193.156

🇺🇸 44.216.172.204

🇬🇧 35.203.211.183

🇺🇸 3.132.214.67

🇺🇸 205.210.31.3

🇻🇪 190.89.30.204

🇺🇸 181.215.65.166

🇳🇱 176.65.139.250

🇮🇩 103.247.14.169

🇻🇳 103.200.22.154