JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.204.79.167

138.204.79.167 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 3%: ?

ISP	NET FIBRA EMPRESAS LTDA
Usage Type	Fixed Line ISP
ASN	AS263879
Domain Name	crnetfibra.com.br
Country	🇧🇷 Brazil
City	Sao Joao de Meriti, Rio de Janeiro

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.204.79.167

Whois 138.204.79.167

IP Abuse Reports for 138.204.79.167:

This IP address has been reported a total of 24 times from 16 distinct sources. 138.204.79.167 was first reported on January 30th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-13 00:54:30 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇩🇪 FeG Deutschland	2026-02-04 15:06:05 (4 months ago)	Mail: - login with unknown user - bruteforce	Brute-Force
🇩🇪 LRob.fr	2025-12-03 01:16:01 (6 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2025-12-03 01:13:30 (6 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 stinpriza	2025-12-02 15:23:23 (6 months ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 10:02:33 (6 months ago)	(mod_security) mod_security (id:225170) triggered by 138.204.79.167 (138-204-79-167.crnetfibra.com.b ... show more (mod_security) mod_security (id:225170) triggered by 138.204.79.167 (138-204-79-167.crnetfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 05:02:28.243816 2025] [security2:error] [pid 16119:tid 16119] [client 138.204.79.167:39097] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jonasrimkunas.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jonasrimkunas.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aS65NIWFZ7GAfHlg1mPJ2wAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-02 03:27:55 (6 months ago)	Blocking for trying to access an exploit file: /xmlrpc.php	Hacking
🇳🇱 i-turnradio.nl	2025-12-02 02:27:37 (6 months ago)	2025-12-02 @ 03:27:37 (CET) ~ Blocked based on risk assessment and prior abuse reports	Web App Attack
🇺🇸 mnsf	2025-12-01 21:05:52 (6 months ago)	Xmlrpc Caught (6)	Brute-Force Web App Attack
Anonymous	2025-12-01 20:14:57 (6 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 stinpriza	2025-12-01 11:18:25 (6 months ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:22:05 (6 months ago)	(mod_security) mod_security (id:225170) triggered by 138.204.79.167 (138-204-79-167.crnetfibra.com.b ... show more (mod_security) mod_security (id:225170) triggered by 138.204.79.167 (138-204-79-167.crnetfibra.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:22:01.873224 2025] [security2:error] [pid 9037:tid 9037] [client 138.204.79.167:38364] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|geriterry.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "geriterry.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aS00CdWKj8NZ6Uxx-akSGQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Rey	2025-12-01 01:49:02 (6 months ago)	WordPress xmlrpc.php attack [kuti13kg]	Web App Attack
Anonymous	2025-11-26 12:33:53 (7 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-21 14:30:50 (7 months ago)	scanning http requests from known botnet	Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 213.126.222.66

🇮🇳 122.187.229.201

🇬🇧 81.19.219.196

🇫🇷 62.210.142.159

🇨🇳 58.220.39.200

🇬🇧 35.203.211.60

🇮🇱 2.55.75.176

🇰🇷 211.223.41.90

🇫🇮 94.156.116.72

🇸🇪 90.230.212.29

🇸🇪 90.230.115.5

🇹🇼 36.230.80.49

🇺🇸 18.217.41.198

🇺🇸 3.142.4.118

🇩🇪 213.209.159.108

🇧🇪 198.235.24.163

🇬🇧 193.176.29.11

🇬🇧 188.240.59.21

🇬🇧 185.216.145.164

🇧🇷 177.125.131.235