JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 161.97.124.242

161.97.124.242 was found in our database!

This IP was reported 48 times. Confidence of Abuse is 47%: ?

47%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3278914.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 161.97.124.242

Whois 161.97.124.242

IP Abuse Reports for 161.97.124.242:

This IP address has been reported a total of 48 times from 30 distinct sources. 161.97.124.242 was first reported on May 16th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇹 Evag Touf	2026-05-20 12:56:01 (1 month ago)	(mod_security) mod_security triggered on hostname [redacted] 161.97.124.242 (FR/France/-)	SQL Injection
🇺🇸 MPL	2026-05-20 12:13:31 (1 month ago)	tcp/443 (6 or more attempts)	Port Scan
🇳🇱 donarev419	2026-05-20 06:48:56 (1 month ago)	Connection to port 443 with data transfer. Data preview: �	Port Scan Hacking
🇺🇸 MPL	2026-05-20 04:50:29 (1 month ago)	tcp/443 (3 or more attempts)	Port Scan
Anonymous	2026-05-20 03:52:04 (1 month ago)	Reported from Nginx log analysis 16. Log: 161.97.124.242 - - [20/May/2026:xx:xx:xx 0200] "GET / HTT ... show more Reported from Nginx log analysis 16. Log: 161.97.124.242 - - [20/May/2026:xx:xx:xx 0200] "GET / HTTP/1.1" xxx xxx "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36" "-" "FR France Lauterbourg" "AS51167" "Contabo GmbH" show less	Port Scan Brute-Force SSH
🇧🇷 diego	2026-05-20 03:25:41 (1 month ago)	[probe-44-49] 2026-05-20 03:08:13, Client: 161.97.124.242, Protocol: 6, Unauthorized activity to HTT ... show more [probe-44-49] 2026-05-20 03:08:13, Client: 161.97.124.242, Protocol: 6, Unauthorized activity to HTTP: GET / show less	Web App Attack
🇺🇸 Cyber Crusader	2026-05-20 02:06:37 (1 month ago)	Hundreds of Attempts (at least) to Connect to and Access Firewall Ports	Port Scan Hacking Brute-Force
🇺🇸 xmission.com	2026-05-20 00:10:08 (1 month ago)	Blocked by UFW (TCP on 443) Source port: 38230 TTL: 58 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 443) Source port: 38230 TTL: 58 Packet length: 60 TOS: 0x00 This report (for 161.97.124.242) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 ne1for23	2026-05-19 20:00:17 (1 month ago)	Attempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" ... show more Attempt to access invalid virtual host name (###.###.###.###). Typically used to access "internal" resources improperly exposed externally and "protected" only by a lack of external DNS resolution. 161.97.124.242 - - [19/May/2026:20:00:17 +0000] "GET / HTTP/1.1" 403 153 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36" "-" show less	Hacking
Anonymous	2026-05-19 16:19:47 (1 month ago)	Unauthorized access (tcp/443/https)	Port Scan Web App Attack
🇺🇸 cwytech	2026-05-19 14:27:30 (1 month ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/web-asn-lockdown-high.	Port Scan Brute-Force SSH
🇺🇸 xmission.com	2026-05-19 12:40:54 (1 month ago)	Blocked by UFW (TCP on 443) Source port: 38572 TTL: 45 Packet length: 60 TOS: 0x08 This report (for ... show more Blocked by UFW (TCP on 443) Source port: 38572 TTL: 45 Packet length: 60 TOS: 0x08 This report (for 161.97.124.242) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 itsnixk	2026-05-19 07:54:00 (1 month ago)	(mod_security) mod_security (id:920350) triggered by 161.97.124.242 (DE/Germany/vmi3278914.contabose ... show more (mod_security) mod_security (id:920350) triggered by 161.97.124.242 (DE/Germany/vmi3278914.contaboserver.net): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue May 19 03:53:58.080295 2026] [security2:error] [pid 445607:tid 446082] [client 161.97.124.242:45928] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "agwXFuQ3fBJq6IrXDAaqNwAAAE0"] show less	Port Scan
🇩🇪 SkyDancer	2026-05-19 06:01:50 (1 month ago)	Multiple login attempts via RDP and/or SSH using wrong credentials. Attack automatically blocked by ... show more Multiple login attempts via RDP and/or SSH using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-A show less	Hacking Brute-Force SSH
🇺🇸 MPL	2026-05-19 04:16:38 (1 month ago)	tcp/443 (4 or more attempts)	Port Scan

Showing 1 to 15 of 48 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇳 102.152.223.218

🇧🇷 177.174.16.55

🇱🇻 81.30.98.44

🇮🇩 46.16.32.242

🇧🇷 45.225.169.32

🇮🇷 37.75.244.122

🇯🇵 8.216.16.79

🇩🇪 2400:cb00:1041:1000:15b6:4adc:c160:37f8

🇹🇷 188.59.182.213

🇺🇸 185.88.102.14

🇨🇳 180.117.39.151

🇫🇮 178.20.210.208

🇭🇰 162.158.193.223

🇸🇾 109.224.242.209

🇧🇩 103.183.62.3

🇳🇱 103.74.132.125

🇱🇹 45.227.254.170

🇭🇰 45.120.216.232

🇭🇰 162.158.193.162

🇸🇬 118.194.233.253