JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.138.91.204

159.138.91.204 was found in our database!

This IP was reported 149 times. Confidence of Abuse is 100%: ?

100%

ISP	Huawei Singapore Clouds
Usage Type	Data Center/Web Hosting/Transit
ASN	AS136907
Hostname(s)	ecs-159-138-91-204.compute.hwclouds-dns.com
Domain Name	huawei.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.138.91.204

Whois 159.138.91.204

IP Abuse Reports for 159.138.91.204:

This IP address has been reported a total of 149 times from 119 distinct sources. 159.138.91.204 was first reported on June 1st 2026, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-03 05:14:48 (17 hours ago)	1 attack on shell probes: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTT ... show more 1 attack on shell probes: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1 show less	Hacking
🇺🇸 micropedro	2026-06-02 23:50:36 (22 hours ago)	4 incidents: port scanning. First: 2026-06-01 23:52, Last: 2026-06-02 19:50 UTC. Triggers: non-publi ... show more 4 incidents: port scanning. First: 2026-06-01 23:52, Last: 2026-06-02 19:50 UTC. Triggers: non-public-port,firewall-tcp,ufw-repeater,ufw-repeater. show less	Port Scan
🇺🇸 knock	2026-06-02 09:42:18 (1 day ago)	Knock-Knock honeypot brute-force: SSH (155 total hits)	Brute-Force SSH
🇩🇪 ManagedStack	2026-06-02 09:30:01 (1 day ago)	Probing access to unauthorized locations	Hacking Exploited Host Web App Attack
🇩🇪 ghostwarriors	2026-06-02 09:20:10 (1 day ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇨🇭 C.Ferris	2026-06-02 09:05:20 (1 day ago)	Fail2Ban SSHD Brute-force SSH server ...	Brute-Force SSH
🇺🇸 MPL	2026-06-02 08:46:19 (1 day ago)	tcp/80 (2 or more attempts)	Port Scan
🇺🇸 xmission.com	2026-06-02 08:33:33 (1 day ago)	Blocked by UFW (TCP on 80) Source port: 56146 TTL: 41 Packet length: 40 TOS: 0x08 This report (for ... show more Blocked by UFW (TCP on 80) Source port: 56146 TTL: 41 Packet length: 40 TOS: 0x08 This report (for 159.138.91.204) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇻🇳 demonsword	2026-06-02 08:25:33 (1 day ago)	SSH brute-force detected: 30 failed login attempts in the last 1 hour.	Brute-Force SSH
🇫🇷 breubit	2026-06-02 07:33:53 (1 day ago)	159.138.91.204 - - [02/Jun/2026:09:33:53 +0200] "GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval- ... show more 159.138.91.204 - - [02/Jun/2026:09:33:53 +0200] "GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 491 "-" "libredtail-http" ... show less	Web App Attack
🇺🇸 MPL	2026-06-02 07:32:28 (1 day ago)	tcp/443 (2 or more attempts)	Port Scan
Anonymous	2026-06-02 07:27:03 (1 day ago)	Unauthorized SSH login attempts	Brute-Force SSH
🇩🇪 barbarella	2026-06-02 07:23:41 (1 day ago)	Multiple (45) times attack on http port 80: unauthorized access to cgi-bin scripts (POST /cgi-bin/.% ... show more Multiple (45) times attack on http port 80: unauthorized access to cgi-bin scripts (POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh) 09:23:42 unauthorized access to cgi-bin scripts (POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh) 09:23:42 Command Injection for PHP Vulnerablity CVE-2024-4577 (POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input) 09:23:43 Command Injection for PHP Vulnerablity CVE-2024-4577 (POST /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input) 09:23:43 unauthorized access PHPunit framework files (GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php) 09:23:44 unauthorized access PHPunit framework files (GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php) 09:23:44 unauthorized access PHPunit framework files (GET /vendor/phpunit/src/Util/PHP/eval-stdin.php) 09:23:44 unauthorized access PHPunit framework files (GET /ve show less	Hacking Web App Attack
🇺🇸 gu-alvareza	2026-06-02 07:05:23 (1 day ago)	Apache.HTTP.Server.cgi-bin.Path.Traversal	Web App Attack Hacking
🇳🇱 Yachiyo Runami	2026-06-02 07:02:13 (1 day ago)	Port Scan on Honeypot \| Ports: 80/HTTP(2x) \| Proto: TCP(2) \| Flags: all SYN \| TTL: 45 \| Len: 40B(2x) ... show more Port Scan on Honeypot \| Ports: 80/HTTP(2x) \| Proto: TCP(2) \| Flags: all SYN \| TTL: 45 \| Len: 40B(2x) \| Win: 65535(2) \| rDNS: ecs-159-138-91-204.compute.hwclouds-dns.com \| F2B/ufw-honeypot@2026-06-02T07:02:13Z show less	Port Scan Hacking

Showing 1 to 15 of 149 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇿 213.230.78.36

🇪🇹 196.189.237.172

🇺🇸 172.174.250.151

🇮🇳 122.185.146.166

🇺🇸 107.175.156.155

🇮🇹 95.240.192.149

🇷🇴 80.94.92.164

🇮🇹 62.97.44.51

🇱🇹 45.227.254.170

🇺🇸 192.3.145.26

🇩🇪 178.105.241.181

🇺🇸 165.154.162.104

🇩🇪 130.12.181.109

🇮🇳 122.187.230.104

🇨🇳 110.89.121.254

🇮🇩 103.18.133.253

🇪🇸 80.32.30.255

🇺🇸 66.154.107.138

🇪🇸 62.93.179.140

🇩🇪 43.228.157.163