AbuseIPDB » 138.201.205.160

138.201.205.160 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 40%: ?

40%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.160.205.201.138.clients.your-server.de
Domain Name	hetzner.com
Country	Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 138.201.205.160

Whois 138.201.205.160

IP Abuse Reports for 138.201.205.160:

This IP address has been reported a total of 18 times from 12 distinct sources. 138.201.205.160 was first reported on June 5th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
VXG-NET	2025-06-16 13:35:13 (3 weeks ago)	port=80, indicator_type=info-leak	Hacking
Sklurk	2025-06-16 13:31:37 (3 weeks ago)	Web App Attack	Web App Attack
rdpguard.com	2025-06-16 13:27:47 (3 weeks ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
VHosting	2025-06-16 13:20:08 (3 weeks ago)	Detected attack by Imunify360	Brute-Force Web App Attack
chr70	2025-06-15 07:39:00 (3 weeks ago)	Scanning for vulnerabilities	Web App Attack
fortypoundhead	2025-06-14 23:01:22 (3 weeks ago)	SQL Injection Attempt	SQL Injection Web App Attack
TheMadBeaker	2025-06-14 22:59:12 (3 weeks ago)	Fail2Ban Ban Triggered HTTP SQL Injection Attempt	Hacking SQL Injection
rdpguard.com	2025-06-14 22:55:25 (3 weeks ago)	RdpGuard detected brute-force attempt on ASP.NET Web Forms	Brute-Force
Johan Finn	2025-06-14 22:50:19 (3 weeks ago)	malicious activity, botnet	Web App Attack
FeG Deutschland	2025-06-14 22:48:03 (3 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
Anonymous	2025-06-14 22:44:46 (3 weeks ago)	(mod_security) mod_security triggered on hostname [redacted] 138.201.205.160 (DE/Germany/static.160. ... show more(mod_security) mod_security triggered on hostname [redacted] 138.201.205.160 (DE/Germany/static.160.205.201.138.clients.your-server.de) show less	SQL Injection
TPI-Abuse	2025-06-14 22:44:06 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 138.201.205.160 (static.160.205.201.138.clients ... show more(mod_security) mod_security (id:210492) triggered by 138.201.205.160 (static.160.205.201.138.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 14 18:44:00.441114 2025] [security2:error] [pid 1826135:tid 1826202] [client 138.201.205.160:55135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "americanacademyofprojectmanagement.com"] [uri "/.env"] [unique_id "aE37MNbrMOAHvq0a_Ws7egAAAJQ"] show less	Brute-Force Bad Web Bot Web App Attack
SilverZippo	2025-06-05 08:11:20 (1 month ago)	Web App Attack	Web App Attack
TPI-Abuse	2025-06-05 08:07:42 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 138.201.205.160 (static.160.205.201.138.clients ... show more(mod_security) mod_security (id:210492) triggered by 138.201.205.160 (static.160.205.201.138.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 05 04:07:39.397938 2025] [security2:error] [pid 3506606:tid 3506606] [client 138.201.205.160:57646] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mathewsdental.com"] [uri "/.env"] [unique_id "aEFQS5DMPsWJrstvUForlgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
FeG Deutschland	2025-06-05 07:49:53 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack

Showing 1 to 15 of 18 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

88.218.193.160

47.128.17.240

149.36.50.142

117.209.57.235

37.186.147.79

138.91.49.60

216.144.248.27

216.144.248.19

114.244.68.111

47.128.56.10

47.128.115.53

216.144.248.30

93.124.116.166

69.162.124.238

216.144.248.28

193.84.71.244

172.215.144.32

198.235.24.5

114.129.234.33

170.233.151.14