JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.197.103.89

138.197.103.89 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 20%: ?

20%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Clifton, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.197.103.89

Whois 138.197.103.89

IP Abuse Reports for 138.197.103.89:

This IP address has been reported a total of 23 times from 11 distinct sources. 138.197.103.89 was first reported on May 29th 2024, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 VMHeaven.io	2026-06-18 15:06:15 (13 hours ago)	Blocked by UFW [4000/tcp] Source port: 61004 TTL: 240 Packet length: 44	Port Scan
🇳🇵 radheykrishna.com.np	2026-06-18 14:44:38 (13 hours ago)	Jun 18 20:29:36 kernel: [5283717.516867] [UFW BLOCK] IN=ens160 OUT= SRC=138.197.103.89 LEN=44 TOS=0x ... show more Jun 18 20:29:36 kernel: [5283717.516867] [UFW BLOCK] IN=ens160 OUT= SRC=138.197.103.89 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=40267 PROTO=TCP SPT=61000 DPT=8880 WINDOW=1025 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇫🇷 masterguru	2026-05-13 09:49:28 (1 month ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 138.197.103.89 (US/United States/-): ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 138.197.103.89 (US/United States/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇦🇺 MAGIC	2024-06-04 06:04:42 (2 years ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2024-06-04 05:08:39 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇧🇪 taivas.nl	2024-06-04 04:32:32 (2 years ago)	Many_bad_calls	Web App Attack
🇭🇺 DumaNet	2024-06-04 02:57:00 (2 years ago)	WordPress plugin attack attempts. Date: 2024 Jun 03. 13:10:32 Source IP: 138.197.103.89 Portion ... show more WordPress plugin attack attempts. Date: 2024 Jun 03. 13:10:32 Source IP: 138.197.103.89 Portion of the log(s): 138.197.103.89 - [03/Jun/2024:13:10:30 +0200] "GET /author/wpadminne/ HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" 138.197.103.89 - [03/Jun/2024:13:10:30 +0200] "GET /author/w-padmine/ HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0" 138.197.103.89 - [03/Jun/2024:13:10:30 +0200] "GET /author/admim/ HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" 138.197.103.89 - [03/Jun/2024:13:10:29 +0200] "GET /author/superadmin/ HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" 138.197.103.89 - [03/Jun/2024:13:10:29 +0200] "GET /author/wpservices/ HTTP/1.1" 404 555 "-" "Mozilla/5 show less	Hacking Web App Attack
🇭🇺 DumaNet	2024-06-04 02:42:00 (2 years ago)	WordPress plugin attack attempts. Date: 2024 Jun 03. 12:38:06 Source IP: 138.197.103.89 Portion ... show more WordPress plugin attack attempts. Date: 2024 Jun 03. 12:38:06 Source IP: 138.197.103.89 Portion of the log(s): 138.197.103.89 - [03/Jun/2024:12:38:05 +0200] "GET /wp-comments.php HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" 138.197.103.89 - [03/Jun/2024:12:38:05 +0200] "GET /wp-limit-login.php?pw=AsAjfkel!@&path=uforrrep HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/117.0" 138.197.103.89 - [03/Jun/2024:12:38:05 +0200] "GET /wp-limit-login.php HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" 138.197.103.89 - [03/Jun/2024:12:38:04 +0200] "GET /wp-limit-login.php?pw=AsAjfkel!@&path=aqdsboso HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" 138.197.103.89 - [03/Jun/2024:12:38:04 +0200] "GET /wp-limit-login show less	Hacking Web App Attack
🇭🇺 DumaNet	2024-06-04 02:26:00 (2 years ago)	Web app attack attempts, scanning for vulnerability. Date: 2024 Jun 03. 12:27:05 Source IP: 138.19 ... show more Web app attack attempts, scanning for vulnerability. Date: 2024 Jun 03. 12:27:05 Source IP: 138.197.103.89 Portion of the log(s): 138.197.103.89 - [03/Jun/2024:12:27:01 +0200] "GET /comments.php?pw=AsAjfkel!@&path=uikaayui HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0" 138.197.103.89 - [03/Jun/2024:12:27:01 +0200] "GET /comments.php HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" 138.197.103.89 - [03/Jun/2024:12:27:01 +0200] "GET /comments.php?pw=AsAjfkel!@&path=adcwezpg HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15" 138.197.103.89 - [03/Jun/2024:12:27:00 +0200] "GET /comments.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0" 138.197.103.89 - [03/Jun/2024:12:27:00 +0200] "GET /current.php?pw=AsAjfkel!@&path show less	Web App Attack
Anonymous	2024-06-04 02:23:50 (2 years ago)	Ports: *; Direction: 0; Trigger: CT_LIMIT	Brute-Force SSH
🇧🇪 taivas.nl	2024-06-03 16:02:12 (2 years ago)	Bad_requests	Bad Web Bot
Anonymous	2024-06-03 04:31:13 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-06-03 01:24:20 (2 years ago)	Ports: *; Direction: 0; Trigger: CT_LIMIT	Brute-Force SSH
Anonymous	2024-06-02 04:18:17 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇫🇷 tecnicorioja	2024-06-01 22:00:22 (2 years ago)	wp-login attack [01/Jun/2024:18:35:51	Brute-Force Web App Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 220.78.182.74

🇺🇸 172.66.47.195

🇺🇸 165.140.202.17

🇧🇩 103.153.110.189

🇺🇸 99.92.204.98

🇬🇷 87.202.113.240

🇺🇸 71.6.238.178

🇺🇸 18.217.208.51

🇺🇸 3.145.0.129

🇬🇧 2a06:4880:6000::6f

🇰🇷 221.161.235.168

🇺🇸 216.25.89.147

🇹🇭 182.52.205.140

🇬🇦 154.0.185.13

🇩🇪 135.125.152.18

🇺🇸 124.198.131.65

🇻🇳 116.110.212.123

🇨🇳 106.54.53.235

🇷🇴 80.94.92.109

🇯🇵 58.98.197.137