JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.204.79.172

138.204.79.172 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 43%: ?

43%

ISP	NET FIBRA EMPRESAS LTDA
Usage Type	Fixed Line ISP
ASN	AS263879
Domain Name	crnetfibra.com.br
Country	🇧🇷 Brazil
City	Sao Joao de Meriti, Rio de Janeiro

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.204.79.172

Whois 138.204.79.172

IP Abuse Reports for 138.204.79.172:

This IP address has been reported a total of 23 times from 10 distinct sources. 138.204.79.172 was first reported on June 2nd 2022, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 BIV	2026-06-18 06:02:12 (1 day ago)	Honeypot multi-source hit. Sources: tpot:Suricata. Ports: 8660. Automated tiered (T-Pot+DShield).	Port Scan Hacking
🇮🇩 hermawan	2026-06-18 03:21:51 (1 day ago)	06/18/2026-10:21:44.515288 [Drop] [] [1:920621:1] Suricata Local: Ubiquiti Discovery (5678) [] ... show more 06/18/2026-10:21:44.515288 [Drop] [] [1:920621:1] Suricata Local: Ubiquiti Discovery (5678) [] [Classification: (null)] [Priority: 3] {UDP} 138.204.79.172:20172 -> 103.166.156.58:62157 ... show less	Email Spam Hacking
🇳🇵 radheykrishna.com.np	2026-06-18 00:33:31 (1 day ago)	Jun 18 06:18:31 kernel: [5232650.731376] [UFW BLOCK] IN=ens160 OUT= SRC=138.204.79.172 LEN=540 TOS=0 ... show more Jun 18 06:18:31 kernel: [5232650.731376] [UFW BLOCK] IN=ens160 OUT= SRC=138.204.79.172 LEN=540 TOS=0x00 PREC=0x00 TTL=55 ID=45132 DF PROTO=UDP SPT=20148 DPT=43099 LEN=520 ... show less	Port Scan
🇺🇸 Cyber Crusader	2026-06-17 23:45:19 (1 day ago)	Hundreds of Attempts (at least) to Connect to and Access Firewall Ports	Port Scan Hacking Brute-Force
Anonymous	2026-06-16 17:53:50 (3 days ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 anon333	2026-06-15 22:33:28 (3 days ago)	Hacker syslog review 1781562807	Hacking
🇮🇩 hermawan	2026-05-29 10:53:15 (3 weeks ago)	[Fri May 29 17:53:12.761313 2026] [authz_core:error] [pid 1528236:tid 139851945932480] [client 138.2 ... show more [Fri May 29 17:53:12.761313 2026] [authz_core:error] [pid 1528236:tid 139851945932480] [client 138.204.79.172:17483] AH01630: client denied by server configuration: /var/www/index.php, referer https://staklim-jatim.bmkg.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1528252] [3FmnpjIcyeg] [ahlwGK82g7SyRykiKvaFawAAxQ8] keep_alive=[1] [2026-05-29 17:53:12.761316] [R:ahlwGK82g7SyRykiKvaFawAAxQ8] UA:'Mozilla/5.0 (Linux; Android 13; SM-S901B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Mobile Safari/537.36' Host:'staklim-jatim.bmkg.go.id:443' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7' Referer:'https://staklim-jatim.bmkg.go.id/ Accept-Encoding:'gzip, deflate, br Accept-Language:'en-US,en;q=0.8 Upgrade-Insecure-Requests:'1 ... show less	Email Spam Hacking
Anonymous	2026-04-29 11:49:14 (1 month ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2026-01-25 17:45:46 (4 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-25 13:23:17 (6 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-21 10:34:40 (6 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-14 20:17:34 (7 months ago)	scanning http requests from known botnet	Web App Attack
🇮🇩 hermawan	2025-10-14 04:44:12 (8 months ago)	[Tue Oct 14 11:40:07.932811 2025] [security2:error] [pid 1852330:tid 140350334060224] [client 138.20 ... show more [Tue Oct 14 11:40:07.932811 2025] [security2:error] [pid 1852330:tid 140350334060224] [client 138.204.79.172:31489] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "WOW64" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "228"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: WOW64 found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 request_line = GET /index.php/buku/4128-buku-edisi-setiap-1-bulan-sekali/buku-analisis-dan-prakiraan-bulanan-jawa-timur/buletin-bulanan-analisis-dan-prakiraan-hujan-di-provinsi-jawa-timur-tahun-2022/555559387-buletin-bulanan-analisis-hujan-bulan-maret-tahun-2022-dan-prakiraan-hujan-bulan-mei-juni-juli-tahun-2022-provinsi-jawa-timur HTTP/..."] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/index.php/buku/4128-buku-edisi-setiap-1-b ... show less	Hacking Web App Attack
🇳🇱 exxos	2025-08-31 10:03:01 (9 months ago)	Attacks with Bad user agents	Hacking
🇳🇱 exxos	2025-07-31 03:17:50 (10 months ago)	http-no-verb	Hacking

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.181

🇺🇸 209.141.41.212

🇬🇧 193.163.125.98

🇦🇷 170.210.136.58

🇺🇸 165.154.182.179

🇨🇱 149.88.104.35

🇩🇪 104.28.163.93

🇧🇬 79.124.58.138

🇹🇼 61.220.235.10

🇰🇷 59.12.63.70

🇩🇪 44.152.192.192

🇺🇸 44.138.170.118

🇭🇰 43.155.72.127

🇳🇱 5.187.35.26

🇧🇷 205.210.31.215

🇭🇰 185.216.250.201

🇫🇷 164.68.127.128

🇩🇪 104.28.25.3

🇫🇷 91.196.152.217

🇨🇦 85.217.149.7