JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.197.203.142

138.197.203.142 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 3%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Santa Clara, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.197.203.142

Whois 138.197.203.142

IP Abuse Reports for 138.197.203.142:

This IP address has been reported a total of 24 times from 15 distinct sources. 138.197.203.142 was first reported on December 5th 2020, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 Oakley	2026-06-10 05:04:32 (2 days ago)	(confirmed_bot_sig) Confirmed bot	Hacking
🇺🇸 TPI-Abuse	2026-01-10 15:20:21 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 138.197.203.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 138.197.203.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 10 10:20:16.757569 2026] [security2:error] [pid 31337:tid 31337] [client 138.197.203.142:51092] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|laughingthunder.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "laughingthunder.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aWJuMIRd1vFUhX2wHyzkkgAAAAo"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 16:31:58 (6 months ago)	(mod_security) mod_security (id:225170) triggered by 138.197.203.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 138.197.203.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 11:31:52.099871 2025] [security2:error] [pid 20935:tid 20935] [client 138.197.203.142:55244] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|midnightscribe.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "midnightscribe.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aSnOePDrFmv7wvxKevHJNgAAACA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2025-11-02 11:30:06 (7 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇨🇳 ThreatBook.io	2025-02-01 00:57:45 (1 year ago)	ThreatBook Intelligence: vpn_proxy more details on http://threatbook.io/ip/138.197.203.142 2025-01-3 ... show more ThreatBook Intelligence: vpn_proxy more details on http://threatbook.io/ip/138.197.203.142 2025-01-31 03:48:06 //109.236.249.36:18264 2025-01-31 03:48:08 //185.216.102.21:264 2025-01-31 03:48:07 //185.216.102.31:443 2025-01-31 03:48:11 //109.236.249.36:264 2025-01-31 03:48:05 //109.236.241.46:443 show less	Web App Attack
🇧🇷 diego	2024-08-19 00:16:36 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 4 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-08-14 06:10:09 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 4 times in the last 10800 seconds	DDoS Attack
🇧🇷 diego	2024-08-09 04:07:41 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds	DDoS Attack
Anonymous	2024-07-23 01:36:53 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 cusezar.com	2024-07-14 18:00:13 (1 year ago)	138.197.203.142 /xmlrpc.php	Brute-Force
🇧🇷 diego	2024-07-11 04:22:19 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds	DDoS Attack
Anonymous	2024-07-06 04:43:05 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-07-06 03:20:23 (1 year ago)	This IP was involved in an brute force and password spray attack on 2024/07/05 22:18:41	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2024-06-18 03:36:35 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-06-11 00:46:26 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇪 212.129.79.81

🇧🇷 205.210.31.232

🇧🇷 201.55.113.122

🇳🇱 195.178.110.162

🇻🇳 160.25.166.88

🇪🇸 154.70.207.29

🇮🇳 136.232.159.198

🇨🇳 124.31.241.10

🇮🇳 115.96.247.117

🇱🇾 102.211.7.162

🇧🇬 79.124.40.126

🇺🇸 64.62.197.41

🇳🇱 45.198.224.145

🇧🇷 45.164.251.67

🇨🇳 43.240.157.140

🇧🇪 198.235.24.217

🇪🇬 195.43.2.67

🇩🇪 194.88.98.83

🇮🇩 180.247.61.189

🇧🇷 177.92.162.242