JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.197.143.25

138.197.143.25 was found in our database!

This IP was reported 40 times. Confidence of Abuse is 100%: ?

100%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.197.143.25

Whois 138.197.143.25

IP Abuse Reports for 138.197.143.25:

This IP address has been reported a total of 40 times from 35 distinct sources. 138.197.143.25 was first reported on September 12th 2021, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 wolfemium	2026-06-17 09:25:46 (6 days ago)	138.197.143.25 - - [17/Jun/2026:12:25:14 +0300] "GET /wp-config.php.bak HTTP/1.1" 302 138 "-" "Mozil ... show more 138.197.143.25 - - [17/Jun/2026:12:25:14 +0300] "GET /wp-config.php.bak HTTP/1.1" 302 138 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" 138.197.143.25 - - [17/Jun/2026:12:25:21 +0300] "GET /phpinfo.php HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 138.197.143.25 - - [17/Jun/2026:12:25:27 +0300] "GET /info.php HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" 138.197.143.25 - - [17/Jun/2026:12:25:40 +0300] "GET /config/config.php HTTP/1.1" 404 118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 138.197.143.25 - - [17/Jun/2026:12:25:43 +0300] "GET /includes/config.php HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124. ... show less	DDoS Attack
🇺🇸 MPL	2026-06-17 08:41:52 (6 days ago)	tcp port scan (20 or more attempts)	Port Scan
🇳🇱 GabrielJST	2026-06-17 08:25:32 (6 days ago)	Port Scan detected from 138.197.143.25 (CA/Canada/-).	Port Scan
🇺🇸 xmission.com	2026-06-17 08:24:57 (6 days ago)	Blocked by UFW (TCP on 2078) Source port: 60970 TTL: 50 Packet length: 60 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 2078) Source port: 60970 TTL: 50 Packet length: 60 TOS: 0x08 This report (for 138.197.143.25) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-17 07:21:23 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 138.197.143.25 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 138.197.143.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 03:21:15.922161 2026] [security2:error] [pid 17729:tid 17729] [client 138.197.143.25:54620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.58"] [uri "/.git/logs/HEAD"] [unique_id "ajJK66KWwlEcN6BKiacQGQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Roper123	2026-06-17 07:07:25 (6 days ago)	Web exploits	Web App Attack
Anonymous	2026-06-17 06:57:34 (6 days ago)	138.197.143.25 - - [17/Jun/2026:08:57:28 +0200] "GET /config/config.php HTTP/1.1" 301 162 "-" "Mozil ... show more 138.197.143.25 - - [17/Jun/2026:08:57:28 +0200] "GET /config/config.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
Anonymous	2026-06-17 06:30:11 (6 days ago)	Triggered: repeated knocking on closed ports.	Port Scan
🇩🇪 EGP Abuse Dept	2026-06-17 04:45:29 (6 days ago)	Scanning for port/service exploits on tpc-052.mach3builders.nl	Port Scan Hacking
Anonymous	2026-06-17 03:56:08 (6 days ago)	fail2ban:mail3:14,18	Port Scan Brute-Force
Anonymous	2026-06-17 03:53:40 (6 days ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇺🇸 MPL	2026-06-17 02:53:52 (1 week ago)	tcp port scan (10 or more attempts)	Port Scan
🇬🇧 Smish	2026-06-17 02:12:27 (1 week ago)	HONEYPOT HIT --> Fail2ban time=1781662346 log=2026-06-17T03:12:26+01:00 ip=138.197.143.25 host=89.39 ... show more HONEYPOT HIT --> Fail2ban time=1781662346 log=2026-06-17T03:12:26+01:00 ip=138.197.143.25 host=89.39.211.6 method=GET uri="/.env" status=404 ua="Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" ref="-" rid=01887d0e17e810b8cfec748cdcabe068 show less	Web App Attack
🇺🇸 Axel	2026-06-17 01:41:32 (1 week ago)	Blocked by UFW on MVI [2078/tcp] \| SPT: 41760 \| TTL: 50 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2078/tcp] \| SPT: 41760 \| TTL: 50 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 Starburst SysOp Team	2026-06-17 00:55:38 (1 week ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-14)	Hacking Bad Web Bot

Showing 1 to 15 of 40 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 194.50.235.147

🇫🇷 91.231.89.73

🇬🇧 87.236.176.11

🇫🇮 85.192.31.14

🇺🇸 199.189.224.30

🇹🇼 198.235.24.76

🇧🇷 191.17.140.155

🇨🇳 106.75.189.53

🇨🇳 61.129.70.208

🇳🇱 45.153.34.112

🇺🇸 20.169.49.44

🇩🇪 213.209.159.231

🇯🇴 213.186.166.154

🇺🇸 162.216.150.78

🇵🇰 103.164.9.74

🇲🇦 81.192.46.36

🇹🇷 78.186.26.5

🇺🇸 47.85.8.171

🇳🇱 45.148.10.141

🇮🇳 45.40.57.23