JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 203.189.154.129

203.189.154.129 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 0%: ?

ISP	Cogetel Ltd, Online ISP, Cambodia
Usage Type	Fixed Line ISP
ASN	AS23673
Hostname(s)	headquarter.online.com.kh
Domain Name	online.com.kh
Country	🇰🇭 Cambodia
City	Phnom Penh, Phnom Penh

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 203.189.154.129

Whois 203.189.154.129

IP Abuse Reports for 203.189.154.129:

This IP address has been reported a total of 42 times from 27 distinct sources. 203.189.154.129 was first reported on December 17th 2023, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 VHosting	2026-03-01 03:11:46 (3 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇮🇳 liveaspankaj	2026-02-14 13:18:45 (3 months ago)	DDoS attack: 184 requests in 5m (GET / or repair.php).	DDoS Attack
Anonymous	2026-02-13 04:30:32 (3 months ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇺🇸 COMPLEX	2026-01-26 01:07:25 (4 months ago)	Triggered Cloudflare WAF (l7ddos) from KH. Action taken: BLOCK ASN: undefined (undefined) Protocol: ... show more Triggered Cloudflare WAF (l7ddos) from KH. Action taken: BLOCK ASN: undefined (undefined) Protocol: HTTP/2 (GET method) Endpoint: / UA: Mozilla/5.0 (Android 12; Mobile; rv:146.0) Gecko/146.0 Firefox/146.0 show less	DDoS Attack Bad Web Bot
Anonymous	2026-01-19 16:36:18 (4 months ago)	203.189.154.129 (KH/Cambodia/Phnom Penh/Phnom Penh/headquarter.online.com.kh/-), 5 distributed imapd ... show more 203.189.154.129 (KH/Cambodia/Phnom Penh/Phnom Penh/headquarter.online.com.kh/-), 5 distributed imapd attacks on account [redacted] show less	Brute-Force
🇪🇸 cuscusero (FlexBacks, FlexChar, FlexAve, FlexCDNM, FlexTudy, ColdHosting SL)	2026-01-15 14:35:28 (4 months ago)	[CPD ESP-BCN02-FW11-394] Suspicious connection detected on port 22. DDoS detected	DDoS Attack Brute-Force SSH
🇳🇱 maxxsense	2026-01-14 03:17:45 (4 months ago)	(postfix-unknown) Failed postfix unknown login with username [redacted] from 203.189.154.129 (KH/Cam ... show more (postfix-unknown) Failed postfix unknown login with username [redacted] from 203.189.154.129 (KH/Cambodia/headquarter.online.com.kh) show less	Hacking
🇮🇹 VHosting	2026-01-13 23:36:59 (4 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇺🇸 Smee	2025-12-29 14:29:37 (5 months ago)	IMAP/SMTP Authentication Failure	Brute-Force
🇨🇭 backslash	2025-12-28 18:09:01 (5 months ago)		Web Spam
🇮🇹 VHosting	2025-11-30 22:13:38 (6 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇺🇸 TPI-Abuse	2025-09-05 18:51:39 (9 months ago)	(mod_security) mod_security (id:225170) triggered by 203.189.154.129 (headquarter.online.com.kh): 1 ... show more (mod_security) mod_security (id:225170) triggered by 203.189.154.129 (headquarter.online.com.kh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 05 14:51:33.251726 2025] [security2:error] [pid 28109:tid 28109] [client 203.189.154.129:48440] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jolankagroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jolankagroup.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aLsxNX8GCmyTO8VtxEeblgAAAAI"], referer: https://jolankagroup.com/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-14 10:14:50 (9 months ago)	(mod_security) mod_security (id:225170) triggered by 203.189.154.129 (headquarter.online.com.kh): 1 ... show more (mod_security) mod_security (id:225170) triggered by 203.189.154.129 (headquarter.online.com.kh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 14 06:14:41.151949 2025] [security2:error] [pid 11933:tid 11933] [client 203.189.154.129:46558] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|barigby.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "barigby.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aJ23EXbeQj8nbBj8KZ4_XwAAAAo"], referer: https://barigby.com/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-13 12:33:59 (9 months ago)	(mod_security) mod_security (id:225170) triggered by 203.189.154.129 (headquarter.online.com.kh): 1 ... show more (mod_security) mod_security (id:225170) triggered by 203.189.154.129 (headquarter.online.com.kh): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 13 08:33:52.303989 2025] [security2:error] [pid 3861:tid 3869] [client 203.189.154.129:43734] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|nimbll.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "nimbll.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aJyGMON1Bi85X-AXIhWcvwAAAEY"], referer: https://nimbll.com/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 updown.io	2025-08-08 05:18:16 (10 months ago)	Malicious traffic/Automated form submission	Web Spam Bad Web Bot Exploited Host

Showing 1 to 15 of 42 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.253.31.30

🇧🇩 45.251.228.101

🇳🇵 2404:7c00:49:44ab:69c4:8f4c:8d6f:add3

🇲🇽 187.140.196.75

🇩🇪 176.65.132.17

🇺🇸 149.19.106.43

🇨🇳 117.157.135.186

🇲🇲 103.154.241.42

🇨🇳 101.34.82.220

🇺🇸 91.230.168.126

🇧🇬 91.92.40.151

🇩🇪 84.150.143.15

🇧🇬 78.128.114.102

🇻🇳 27.79.7.142

🇺🇸 2607:f8b0:4001:c18::12e

🇺🇸 216.151.165.166

🇭🇰 185.239.85.154

🇹🇷 185.169.54.62

🇳🇱 185.93.89.132

🇮🇳 147.79.70.64