JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.201.32.25

138.201.32.25 was found in our database!

This IP was reported 194 times. Confidence of Abuse is 100%: ?

100%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.25.32.201.138.clients.your-server.de
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.201.32.25

Whois 138.201.32.25

IP Abuse Reports for 138.201.32.25:

This IP address has been reported a total of 194 times from 122 distinct sources. 138.201.32.25 was first reported on May 23rd 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 thetomtaylor.co.uk	2026-06-07 08:08:01 (1 day ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice02]	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-07 07:07:01 (1 day ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,mx02,wa01,wa02]	Bad Web Bot Web App Attack
🇩🇪 phil2k	2026-06-06 11:50:47 (2 days ago)	portscan on multiple TCP ports : Firewall: Within 2026-06-04 08:35:58 - 2026-06-06 04:51:00 CEST(+02 ... show more portscan on multiple TCP ports : Firewall: Within 2026-06-04 08:35:58 - 2026-06-06 04:51:00 CEST(+0200) identified: unallowed access from 138.201.32.25/32 on uncommon port/s: 2087(tcp:2087),2086(gnunet) (2 trials) Fail2ban: Within 2026-06-04 08:35:58 - 2026-06-06 04:51:01 CEST(+0200) banned: 8 times by fail2ban[firewall]; 8 times by fail2ban[recidive] show less	Port Scan
🇩🇪 iNetWorker	2026-06-05 18:04:29 (2 days ago)	trying to access non-authorized port	Port Scan
Anonymous	2026-06-05 16:22:39 (3 days ago)	Unauthorized access (tcp/8080 - Scan for open web proxy)	Port Scan
🇸🇬 drewf.ink	2026-06-04 09:01:06 (4 days ago)	[09:01] Port scanning. Port(s) scanned: TCP/8080, TCP/8443	Port Scan
Anonymous	2026-06-04 07:52:58 (4 days ago)	138.201.32.25 - - [04/Jun/2026:07:52:58 +0000] "GET /.env.backup HTTP/1.1" 404 400 "-" "Mozilla/5.0 ... show more 138.201.32.25 - - [04/Jun/2026:07:52:58 +0000] "GET /.env.backup HTTP/1.1" 404 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇸🇬 drewf.ink	2026-06-04 07:25:41 (4 days ago)	[07:25] Port scanning. Port(s) scanned: TCP/2086, TCP/2087	Port Scan
🇩🇪 Mykola Spesivtsev	2026-06-04 06:38:26 (4 days ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/.git/config, Method:GET, UA:Mozilla/5.0 (Wind ... show more HTTP Tarpit detected bot activity:TargetPort:80, Path:/.git/config, Method:GET, UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Sa show less	Port Scan Web App Attack Bad Web Bot
🇺🇸 LotPhantom	2026-06-04 06:36:11 (4 days ago)	2026-06-04T06:36:10.159616+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1 ... show more 2026-06-04T06:36:10.159616+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=138.201.32.25 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=59812 DF PROTO=TCP SPT=59554 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-04T06:36:10.917306+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=138.201.32.25 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=38732 DF PROTO=TCP SPT=50386 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan Hacking
🇩🇪 phil2k	2026-06-04 06:35:59 (4 days ago)	fail2ban:firewall:2026-06-04T08:35:58.227204+02:00 <SRV> firewall: filter IN=<ANONYMIZED_INTERFACE> ... show more fail2ban:firewall:2026-06-04T08:35:58.227204+02:00 <SRV> firewall: filter IN=<ANONYMIZED_INTERFACE> OUT= MAC=<ANONYMIZED_MAC> SRC=138.201.32.25 DST=<ANONYMIZED_IP> LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=51659 DF PROTO=TCP SPT=53866 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-04T08:35:58.247436+02:00 <SRV> firewall: filter IN=<ANONYMIZED_INTERFACE> OUT= MAC=<ANONYMIZED_MAC> SRC=138.201.32.25 DST=<ANONYMIZED_IP> LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=33551 DF PROTO=TCP SPT=51692 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 show less	DDoS Attack Port Scan
🇺🇸 drewf.ink	2026-06-04 06:17:21 (4 days ago)	[06:17] Port scanning. Port(s) scanned: TCP/2086, TCP/2087	Port Scan
🇦🇺 drdave	2026-06-04 05:47:57 (4 days ago)	138.201.32.25 - - [04/Jun/2026:05:20:31 +0000] "GET /.env.backup HTTP/1.1" 404 3760 "-" "Mozilla/5.0 ... show more 138.201.32.25 - - [04/Jun/2026:05:20:31 +0000] "GET /.env.backup HTTP/1.1" 404 3760 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" show less	Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-04 05:08:02 (4 days ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice02,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇩🇪 psauxit	2026-06-04 04:52:27 (4 days ago)	Fail2Ban - UFW port probing on unauthorized port	Port Scan

Showing 1 to 15 of 194 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 180.76.143.203

🇫🇷 172.71.232.61

🇮🇹 151.60.73.23

🇻🇳 113.161.230.217

🇷🇺 80.69.186.68

🇩🇪 69.5.169.61

🇳🇱 64.89.162.78

🇺🇸 34.75.215.75

🇮🇳 2409:40d6:115d:4cbd:b5ee:7b1d:2a7a:e4c1

🇺🇸 216.132.133.26

🇺🇸 216.25.89.89

🇺🇸 205.210.31.66

🇰🇷 110.35.12.7

🇩🇪 69.5.169.6

🇺🇸 45.84.120.3

🇺🇸 205.210.31.76

🇬🇧 193.163.125.175

🇨🇳 180.212.94.107

🇧🇷 138.255.157.62

🇺🇸 107.173.182.172