JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.138.189.25

103.138.189.25 was found in our database!

This IP was reported 298 times. Confidence of Abuse is 100%: ?

100%

ISP	WHG Hosting Services Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS204800
Hostname(s)	s4572.sgp1.stableserver.net
Domain Name	hosting.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.138.189.25

Whois 103.138.189.25

IP Abuse Reports for 103.138.189.25:

This IP address has been reported a total of 298 times from 169 distinct sources. 103.138.189.25 was first reported on December 24th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-19 15:00:15 (1 day ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇫🇷 ELYAZ	2026-06-19 14:12:34 (1 day ago)	(y3) Failed access -byebye- from 103.138.189.25 (SG/Singapore/s4572.sgp1.stableserver.net): (CF_ENA ... show more (y3) Failed access -byebye- from 103.138.189.25 (SG/Singapore/s4572.sgp1.stableserver.net): (CF_ENABLE) show less	Hacking
🇵🇱 sefinek.net	2026-06-19 13:34:03 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from SG. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoi ... show more Triggered Cloudflare WAF (firewallCustom) from SG. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoint: /admin/.env \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 ghostwarriors	2026-06-19 12:20:04 (1 day ago)	Attempts against non-existent wp-login	Brute-Force Web App Attack
🇩🇪 gadix	2026-06-19 11:00:48 (1 day ago)	[19/Jun/2026:13:00:46.883099 +0200] ajUhXm0LcNAVjdn2t8K3-AAAAAE 103.138.189.25 35326 127.0.0.1 7081 ... show more [19/Jun/2026:13:00:46.883099 +0200] ajUhXm0LcNAVjdn2t8K3-AAAAAE 103.138.189.25 35326 127.0.0.1 7081 [19/Jun/2026:13:00:46.887071 +0200] ajUhXmSlXrHoxEr74l2OQQAAAAo 103.138.189.25 35342 127.0.0.1 7081 [19/Jun/2026:13:00:46.888884 +0200] ajUhXoJLuNZZqlnSI4Tx8wAAAAc 103.138.189.25 35350 127.0.0.1 7081 ... show less	Web App Attack
Anonymous	2026-06-19 10:17:45 (1 day ago)	103.138.189.25 - - [19/Jun/2026:18:17:45 +0800] "GET /.env.save HTTP/1.1" 200 30686 "-" "Mozilla/5.0 ... show more 103.138.189.25 - - [19/Jun/2026:18:17:45 +0800] "GET /.env.save HTTP/1.1" 200 30686 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇩🇪 Lino Project	2026-06-19 10:04:44 (1 day ago)	CrowdSec abuse IP report (host SRV-2) Scenario: crowdsecurity/http-sensitive-files	Hacking
🇩🇪 DEV-DNS	2026-06-19 06:55:51 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
🇷🇴 SpamStopper	2026-06-19 06:24:27 (1 day ago)	Automated mitigation by Fail2Ban firewall due to persistent security policy violations.	Hacking Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 06:21:29 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 103.138.189.25 (SG/Singapore/s4572.sgp1 ... show more (mod_security) mod_security triggered on hostname [redacted] 103.138.189.25 (SG/Singapore/s4572.sgp1.stableserver.net) show less	SQL Injection
Anonymous	2026-06-19 05:29:53 (1 day ago)	103.138.189.25 detected on srv01	Brute-Force
🇬🇧 consul.to	2026-06-19 05:06:03 (1 day ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 Isha	2026-06-19 04:58:38 (1 day ago)	Shield Guard: Blocklist: IP signalée (blocklist_de) \| Honeypot: /.env.save	Web App Attack
🇺🇸 ipblock.com	2026-06-19 03:42:00 (2 days ago)	IPBlock protected site ID [3390-wh]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-06-19 03:20:03 (2 days ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack

Showing 1 to 15 of 298 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇶🇦 2600:1900:4260:40e::129

🇩🇪 213.209.159.236

🇩🇪 193.124.20.246

🇷🇴 193.32.162.16

🇨🇳 182.43.235.75

🇺🇸 170.187.165.219

🇨🇳 124.134.255.195

🇺🇸 104.243.35.104

🇻🇳 103.189.208.13

🇺🇸 100.50.17.159

🇩🇪 87.106.47.28

🇮🇩 36.64.190.82

🇹🇼 34.81.139.240

🇩🇪 31.70.75.109

🇨🇭 31.7.63.6

🇺🇸 17.246.15.190

🇰🇷 211.238.83.106

🇰🇷 211.228.218.47

🇨🇭 209.99.191.217

🇺🇸 128.203.202.236