JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 38.47.37.203

38.47.37.203 was found in our database!

This IP was reported 108 times. Confidence of Abuse is 29%: ?

29%

ISP	ANGKOR DATA COMMUNICATION
Usage Type	Fixed Line ISP
ASN	AS38235
Domain Name	mekongnet.com.kh
Country	🇰🇭 Cambodia
City	Phnom Penh, Phnom Penh

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 38.47.37.203

Whois 38.47.37.203

IP Abuse Reports for 38.47.37.203:

This IP address has been reported a total of 108 times from 63 distinct sources. 38.47.37.203 was first reported on September 30th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 ICS Labs	2026-06-22 15:37:33 (1 day ago)	ICS Labs identified 38.47.37.203 as a malicious indicator from threat intelligence.	DDoS Attack Port Scan Hacking Brute-Force Exploited Host
🇮🇳 evicky2002	2026-05-02 06:00:00 (1 month ago)	Confirmed malicious by STILWaters CTI platform (score=89, sources=1)	Hacking Brute-Force SSH
🇩🇪 grassau.com	2026-05-01 08:25:46 (1 month ago)	(wordpress) Failed wordpress login from 38.47.37.203 (KH/Cambodia/Phnom Penh/Phnom Penh/-)	Brute-Force
🇩🇪 rh24	2026-05-01 08:06:15 (1 month ago)	(wordpress) Failed wordpress login from 38.47.37.203 (KH/Cambodia/-): (CF_ENABLE)	Brute-Force
🇪🇸 robotstxt	2026-05-01 06:07:27 (1 month ago)	38.47.37.203 - - [01/May/2026:05:30:06 +0000] "GET /cgi-bin/php-cgi.exe?-d+allow_url_include%3DOn+-d ... show more 38.47.37.203 - - [01/May/2026:05:30:06 +0000] "GET /cgi-bin/php-cgi.exe?-d+allow_url_include%3DOn+-d+safe_mode%3DOff+-d+suhosin.simulation%3DOn HTTP/1.1" 404 44763 "-" rt="0.552" "python-requests/2.32.5" "-" h="economipedia.com" sn="economipedia.com" ru="/cgi-bin/php-cgi.exe?-d+allow_url_include%3DOn+-d+safe_mode%3DOff+-d+suhosin.simulation%3DOn" u="/index.php" ucs="-" ua="unix:/var/run/php/economipedia83.sock" us="404" uct="0.000" urt="0.552" 38.47.37.203 - - [01/May/2026:05:30:06 +0000] "GET /cgi-bin/php-cgi.exe?-d+allow_url_include%3DOn+-d+safe_mode%3DOff+-d+suhosin.simulation%3DOn HTTP/1.1" 404 44763 "-" "python-requests/2.32.5" "-" 38.47.37.203 - - [01/May/2026:05:30:12 +0000] "GET /cgi-bin/php.exe?-d+allow_url_include%3DOn+-d+safe_mode%3DOff+-d+suhosin.simulation%3DOn HTTP/1.1" 404 44762 "-" "python-requests/2.32.5" "-" 38.47.37.203 - - [01/May/2026:05:30:12 +0000] "GET /cgi-bin/php.exe?-d+allow_url_include%3DOn+-d+safe_mode%3DOff+-d+suhosin.simulation%3DOn HTTP/1.1" 404 44762 "- ... show less	Bad Web Bot
🇺🇸 ipblock.com	2026-04-27 08:52:00 (1 month ago)	IPBlock protected site ID [3192-af][s=02]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇨🇿 ptlab	2026-04-26 16:45:41 (1 month ago)	Detected wp_admin attack from WP-host.	Hacking Web App Attack
🇮🇩 Burayot	2026-04-26 15:07:20 (1 month ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 38.47.37.203 (KH/Cambodia/-): 2 in t ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 38.47.37.203 (KH/Cambodia/-): 2 in the last 3600 secs show less	Web App Attack
🇩🇪 london2038.com	2026-04-26 13:34:33 (1 month ago)	Probing for exploits 38.47.37.203 - - [26/Apr/2026:15:34:23 +0200] "GET /sftp-config.json HTTP/1.1" ... show more Probing for exploits 38.47.37.203 - - [26/Apr/2026:15:34:23 +0200] "GET /sftp-config.json HTTP/1.1" 422 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 38.47.37.203 - - [26/Apr/2026:15:34:24 +0200] "GET /.vscode/sftp.json HTTP/1.1" 422 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇬🇧 CrystalMaker	2026-04-26 11:12:53 (1 month ago)	Vulnerability scan - GET /sftp-config.json; GET /.vscode/sftp.json	Hacking
Anonymous	2026-04-26 11:01:04 (1 month ago)	[Drupal AbuseIPDB module] Request path is blacklisted. /wp-admin/admin-ajax.php	Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 10:15:42 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 38.47.37.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 38.47.37.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 06:15:38.400154 2026] [security2:error] [pid 30974:tid 30974] [client 38.47.37.203:64315] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "businessvaluationapp.com"] [uri "/sftp-config.json"] [unique_id "ae3lyojuo__JwewF8VQnsAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 09:55:43 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 38.47.37.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 38.47.37.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 05:55:38.565234 2026] [security2:error] [pid 14329:tid 14329] [client 38.47.37.203:63320] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "slimlaw.com"] [uri "/sftp-config.json"] [unique_id "ae3hGpAqOLeMEVKMq6WD0gAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-22 00:22:55 (2 months ago)	"GET /sftp-config.json HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-04-21 11:36:50 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 38.47.37.203 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 38.47.37.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 07:36:47.189123 2026] [security2:error] [pid 11305:tid 11305] [client 38.47.37.203:61375] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alexgitlin.com"] [uri "/sftp-config.json"] [unique_id "aedhT9nnkJ5YkPzFj9k4KwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 108 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 146.190.149.252

🇩🇪 69.5.169.2

🇸🇬 2a09:bac5:55f8:18be::277:b1

🇸🇬 202.70.133.97

🇭🇰 199.45.155.97

🇹🇷 194.62.118.170

🇨🇭 185.125.27.12

🇮🇩 182.253.234.19

🇳🇱 176.65.139.217

🇺🇸 173.239.240.215

🇧🇷 168.228.157.75

🇨🇳 122.194.13.179

🇸🇬 114.119.131.232

🇺🇸 104.164.173.84

🇺🇸 103.196.9.41

🇮🇳 103.176.160.146

🇰🇿 95.58.255.251

🇨🇦 85.217.149.67

🇩🇪 69.5.169.57

🇸🇨 45.194.67.27