JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.138.9.84

159.138.9.84 was found in our database!

This IP was reported 286 times. Confidence of Abuse is 54%: ?

54%

ISP	Huawei HongKong Clouds
Usage Type	Data Center/Web Hosting/Transit
ASN	AS136907
Hostname(s)	ecs-159-138-9-84.compute.hwclouds-dns.com
Domain Name	huawei.com
Country	🇭🇰 Hong Kong
City	Hong Kong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.138.9.84

Whois 159.138.9.84

IP Abuse Reports for 159.138.9.84:

This IP address has been reported a total of 286 times from 46 distinct sources. 159.138.9.84 was first reported on August 28th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-12 13:37:25 (3 days ago)	Web App Attack	Web App Attack
🇧🇷 Sipo Chutão	2026-06-09 03:00:01 (1 week ago)	/Web-Attack	Hacking
🇦🇺 afleventoffice.com.au	2026-06-06 06:28:09 (1 week ago)	GET /ip HTTP/1.1	Web App Attack
🇺🇸 omc	2026-06-05 20:04:24 (1 week ago)	GET /ip [Q4]. Botnet endpoint attack [QS].	Bad Web Bot DDoS Attack
🇫🇷 Sklurk	2026-06-05 09:34:15 (1 week ago)	Web App Attack	Web App Attack
🇵🇱 sefinek.net	2026-06-02 17:58:06 (1 week ago)	Triggered Cloudflare WAF (firewallCustom) from HK. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (G ... show more Triggered Cloudflare WAF (firewallCustom) from HK. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (GET) \| Endpoint: /ip \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇦 1gz	2026-06-01 03:20:49 (2 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from HK. Action taken: BLOCK Protocol: HTTP/2 (GET method) ... show more Triggered Cloudflare WAF (firewallCustom) from HK. Action taken: BLOCK Protocol: HTTP/2 (GET method) Endpoint: /author/ebodini/page/1698/ UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Edg/101.0.1210.47 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇯🇵 Short-legs-Spider	2026-05-31 08:16:33 (2 weeks ago)	Disregard of robots.txt -- [31/May/2026:17:16:33 +0900] "GET /ip HTTP/1.1" 403 76 "-" "Mozilla/5.0 ... show more Disregard of robots.txt -- [31/May/2026:17:16:33 +0900] "GET /ip HTTP/1.1" 403 76 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-22 22:12:48 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 159.138.9.84 (ecs-159-138-9-84.compute.hwclouds ... show more (mod_security) mod_security (id:210730) triggered by 159.138.9.84 (ecs-159-138-9-84.compute.hwclouds-dns.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 18:12:41.202693 2026] [security2:error] [pid 1467:tid 1467] [client 159.138.9.84:41496] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|enespiral.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "enespiral.net"] [uri "/etapa1/ant02/espirals/WS_FTP.LOG"] [unique_id "ahDU2SMnVcBNPmMOQ5ZzogAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-05-21 18:16:41 (3 weeks ago)	paulshipley.com.au:443 159.138.9.84 - - [22/May/2026:04:16:37 +1000] "GET /ip HTTP/1.1" 404 73532 "- ... show more paulshipley.com.au:443 159.138.9.84 - - [22/May/2026:04:16:37 +1000] "GET /ip HTTP/1.1" 404 73532 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" ... show less	Web App Attack
🇦🇺 paulshipley.com.au	2026-05-21 11:27:27 (3 weeks ago)	dlcarterauthor.com:443 159.138.9.84 - - [21/May/2026:21:27:25 +1000] "GET /ip HTTP/1.1" 404 70427 "- ... show more dlcarterauthor.com:443 159.138.9.84 - - [21/May/2026:21:27:25 +1000] "GET /ip HTTP/1.1" 404 70427 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" ... show less	Web App Attack
🇮🇪 Coolnagour	2026-05-15 19:59:25 (1 month ago)	httpprobe: banned during check /ip	Web App Attack
Anonymous	2026-05-10 08:25:02 (1 month ago)	Malicious activity detected	Hacking Web App Attack
🇮🇹 Progetto1	2026-05-10 05:40:03 (1 month ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 nodepile	2026-05-09 15:59:32 (1 month ago)	Requests denied due to active blacklist hits (tenant=82 method=GET path=/static/version1775170088/fr ... show more Requests denied due to active blacklist hits (tenant=82 method=GET path=/static/version1775170088/frontend/Smartwave/porto/en_US/js-translation.json ua='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36') show less	Web App Attack Exploited Host

Showing 1 to 15 of 286 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 8.140.27.254

🇬🇧 195.224.191.196

🇺🇸 184.57.39.170

🇲🇾 180.74.84.64

🇺🇸 172.253.214.113

🇺🇸 167.234.221.222

🇺🇸 162.233.145.223

🇺🇸 147.185.132.185

🇵🇰 103.167.159.250

🇱🇻 94.158.20.248

🇫🇷 88.187.249.197

🇳🇱 77.83.39.42

🇺🇸 68.235.62.179

🇳🇱 45.148.10.152

🇳🇱 45.142.193.223

🇲🇱 217.64.98.169

🇪🇬 196.218.83.9

🇨🇴 186.118.223.61

🇩🇪 185.220.101.11

🇵🇹 176.78.203.57