JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.197.159.2

138.197.159.2 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 17%: ?

17%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.197.159.2

Whois 138.197.159.2

IP Abuse Reports for 138.197.159.2:

This IP address has been reported a total of 47 times from 37 distinct sources. 138.197.159.2 was first reported on July 11th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-05-22 01:14:07 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇳 ThreatBook.io	2026-05-12 22:29:47 (1 month ago)	ThreatBook Intelligence: Dynamic IP more details on http://threatbook.io/ip/138.197.159.2 2026-05-12 ... show more ThreatBook Intelligence: Dynamic IP more details on http://threatbook.io/ip/138.197.159.2 2026-05-12 21:09:55 / show less	Web App Attack
🇺🇸 MPL	2026-05-12 12:44:10 (1 month ago)	tcp/8084 (2 or more attempts)	Port Scan
🇺🇸 RAP	2026-05-12 12:24:17 (1 month ago)	2026-05-12 12:24:17 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇿🇦 agentics	2026-04-01 02:16:06 (2 months ago)	138.197.159.2 report :	DDoS Attack FTP Brute-Force Port Scan Hacking Spoofing Brute-Force Exploited Host
🇺🇸 MPL	2026-03-04 05:19:51 (3 months ago)	tcp/8888 (2 or more attempts)	Port Scan
🇫🇷 masterguru	2026-03-04 00:33:29 (3 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 138.197.159.2 (CA/Canada/-): 1 in the ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 138.197.159.2 (CA/Canada/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇨🇳 kipfel★	2026-03-03 11:18:41 (3 months ago)	2026-03-03T19:17:44.886236+08:00 self-dedi-wyse-5070-tna sshd-session[2523927]: Invalid user admin f ... show more 2026-03-03T19:17:44.886236+08:00 self-dedi-wyse-5070-tna sshd-session[2523927]: Invalid user admin from 138.197.159.2 port 37118 2026-03-03T19:18:12.709491+08:00 self-dedi-wyse-5070-tna sshd-session[2523973]: Invalid user admin from 138.197.159.2 port 38550 2026-03-03T19:18:40.220912+08:00 self-dedi-wyse-5070-tna sshd-session[2524018]: Invalid user admin from 138.197.159.2 port 60506 ... show less	Brute-Force SSH
🇩🇪 tuxcloud.net	2026-03-03 11:18:25 (3 months ago)	2026-03-03T12:17:28.041209+01:00 bender.tuxcloud.net sshd-session[548603]: Invalid user admin from 1 ... show more 2026-03-03T12:17:28.041209+01:00 bender.tuxcloud.net sshd-session[548603]: Invalid user admin from 138.197.159.2 port 45256 2026-03-03T12:17:56.568851+01:00 bender.tuxcloud.net sshd-session[548671]: Invalid user admin from 138.197.159.2 port 58534 2026-03-03T12:18:24.782892+01:00 bender.tuxcloud.net sshd-session[548742]: Invalid user admin from 138.197.159.2 port 45722 ... show less	Brute-Force SSH
🇺🇸 dchu096	2026-03-03 11:06:57 (3 months ago)	2026-03-04T00:06:18.387075+13:00 VM-0-4-ubuntu sshd[3998849]: Failed password for root from 138.197. ... show more 2026-03-04T00:06:18.387075+13:00 VM-0-4-ubuntu sshd[3998849]: Failed password for root from 138.197.159.2 port 58172 ssh2 2026-03-04T00:06:54.729850+13:00 VM-0-4-ubuntu sshd[3998998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.159.2 user=root 2026-03-04T00:06:56.772772+13:00 VM-0-4-ubuntu sshd[3998998]: Failed password for root from 138.197.159.2 port 40068 ssh2 ... show less	Brute-Force SSH
🇳🇿 TazzNZ	2026-03-03 11:06:56 (3 months ago)	2026-03-04T00:05:19.749580+13:00 eragon sshd[1968087]: Failed password for root from 138.197.159.2 p ... show more 2026-03-04T00:05:19.749580+13:00 eragon sshd[1968087]: Failed password for root from 138.197.159.2 port 56156 ssh2 2026-03-04T00:06:06.398316+13:00 eragon sshd[1968399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.159.2 user=root 2026-03-04T00:06:08.187567+13:00 eragon sshd[1968399]: Failed password for root from 138.197.159.2 port 49914 ssh2 2026-03-04T00:06:46.069233+13:00 eragon sshd[1968696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.159.2 user=root 2026-03-04T00:06:48.544331+13:00 eragon sshd[1968696]: Failed password for root from 138.197.159.2 port 58162 ssh2 ... show less	Brute-Force SSH
🇭🇰 dd dd	2026-03-03 11:06:04 (3 months ago)	2026-03-03T19:06:01.967417+08:00 VM-0-3-ubuntu sshd[3495690]: pam_unix(sshd:auth): authentication fa ... show more 2026-03-03T19:06:01.967417+08:00 VM-0-3-ubuntu sshd[3495690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.159.2 user=root 2026-03-03T19:06:03.734043+08:00 VM-0-3-ubuntu sshd[3495690]: Failed password for root from 138.197.159.2 port 49182 ssh2 ... show less	Brute-Force Web App Attack SSH
🇫🇷 aza SilaS	2026-03-03 11:05:50 (3 months ago)	Mar 3 12:05:47 vmi1858823 sshd[4142375]: pam_unix(sshd:auth): authentication failure; logname= uid= ... show more Mar 3 12:05:47 vmi1858823 sshd[4142375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.159.2 user=root Mar 3 12:05:49 vmi1858823 sshd[4142375]: Failed password for root from 138.197.159.2 port 50810 ssh2 ... show less	Brute-Force SSH
🇨🇭 master.arknet.ch	2026-03-03 11:05:44 (3 months ago)	2026-03-03T13:03:52.835597+02:00 wels sshd[1220584]: Connection closed by 138.197.159.2 port 47286 2 ... show more 2026-03-03T13:03:52.835597+02:00 wels sshd[1220584]: Connection closed by 138.197.159.2 port 47286 2026-03-03T13:04:48.528507+02:00 wels sshd[1220586]: Connection closed by authenticating user root 138.197.159.2 port 33926 [preauth] 2026-03-03T13:05:43.097843+02:00 wels sshd[1220589]: Connection closed by authenticating user root 138.197.159.2 port 33052 [preauth] ... show less	Brute-Force SSH
🇩🇪 ISPLtd	2026-03-03 11:00:07 (3 months ago)	Mar 3 07:00:06 138.197.159.2 TCP SPT=55525 DPT=22 SYN ...	Port Scan SSH

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇴 190.14.230.59

🇧🇷 177.174.125.183

🇪🇸 158.158.104.28

🇰🇷 112.216.129.27

🇺🇸 91.230.168.187

🇺🇸 64.62.156.132

🇺🇸 20.64.104.235

🇮🇳 223.233.84.80

🇬🇧 217.154.45.93

🇰🇷 211.253.10.61

🇺🇸 184.105.247.247

🇹🇼 172.217.43.217

🇺🇦 159.224.132.77

🇧🇬 79.124.58.142

🇺🇸 71.6.147.254

🇺🇸 45.79.153.51

🇷🇴 2.57.122.177

🇺🇸 208.84.100.238

🇵🇹 188.250.55.67

🇧🇷 168.196.129.77