JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.197.81.20

138.197.81.20 was found in our database!

This IP was reported 2,640 times. Confidence of Abuse is 100%: ?

100%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Clifton, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.197.81.20

Whois 138.197.81.20

IP Abuse Reports for 138.197.81.20:

This IP address has been reported a total of 2,640 times from 380 distinct sources. 138.197.81.20 was first reported on March 10th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇳 evicky2002	2026-05-30 08:05:12 (4 days ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇷🇺 Agrohim	2026-05-21 01:25:30 (2 weeks ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
🇧🇷 ICS Labs	2026-05-20 12:35:01 (2 weeks ago)	ICS Labs identified 138.197.81.20 as a malicious indicator from threat intelligence.	Hacking
🇦🇺 MAGIC	2026-05-15 04:07:52 (2 weeks ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 chronos	2026-05-04 07:03:32 (4 weeks ago)	[AUTORAVALT][[04/05/2026 - 04:03:31 -03:00 UTC] Attack from [DigitalOcean, LLC] [138.197.81.20] Acti ... show more [AUTORAVALT][[04/05/2026 - 04:03:31 -03:00 UTC] Attack from [DigitalOcean, LLC] [138.197.81.20] Action: BLocKed FTP Brute-Force -> Running brute force credentials on the FTP server. Brute-Force -> Credential brute-force attacks on webpage logins and services like SSH, FTP, SIP, SMTP, RDP, etc. ] ... show less	FTP Brute-Force Brute-Force
🇺🇸 chronos	2026-05-04 06:17:25 (1 month ago)	[AUTORAVALT][[04/05/2026 - 03:17:24 -03:00 UTC] Attack from [DigitalOcean, LLC] [138.197.81.20] Acti ... show more [AUTORAVALT][[04/05/2026 - 03:17:24 -03:00 UTC] Attack from [DigitalOcean, LLC] [138.197.81.20] Action: BLocKed FTP Brute-Force -> Running brute force credentials on the FTP server. Brute-Force -> Credential brute-force attacks on webpage logins and services like SSH, FTP, SIP, SMTP, RDP, etc. ] ... show less	FTP Brute-Force Brute-Force
🇨🇳 ThreatBook.io	2026-05-01 23:39:03 (1 month ago)	ThreatBook Intelligence: Zombie,Scanner more details on https://threatbook.io/ip/138.197.81.20	Brute-Force
🇨🇦 Dmitry Shesterin	2026-05-01 14:43:28 (1 month ago)	May 1 10:42:54 pvr sshd[46343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 ... show more May 1 10:42:54 pvr sshd[46343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.81.20 May 1 10:42:56 pvr sshd[46343]: Failed password for invalid user admin from 138.197.81.20 port 41908 ssh2 May 1 10:43:28 pvr sshd[46349]: Invalid user orangepi from 138.197.81.20 port 45052 ... show less	Brute-Force SSH
🇨🇦 senkodev	2026-05-01 13:28:24 (1 month ago)	2026-05-01T13:27:52.841200Z [cowrie.ssh.factory.CowrieSSHFactory] New connection: 138.197.81.20:5126 ... show more 2026-05-01T13:27:52.841200Z [cowrie.ssh.factory.CowrieSSHFactory] New connection: 138.197.81.20:51264 (158.69.22.11:2222) [session: 7586c3544708] 2026-05-01T13:28:24.206024Z [cowrie.ssh.factory.CowrieSSHFactory] New connection: 138.197.81.20:36164 (158.69.22.11:2222) [session: 3b70951b866b] ... show less	Brute-Force SSH
🇧🇾 stroytrest	2026-05-01 13:12:08 (1 month ago)	2026-05-01T16:12:03.617038+03:00 gate kernel: [887960.428637] nftables: JAIL-TELNET IN=wan OUT= MAC= ... show more 2026-05-01T16:12:03.617038+03:00 gate kernel: [887960.428637] nftables: JAIL-TELNET IN=wan OUT= MAC= SRC=138.197.81.20 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=39870 PROTO=TCP SPT=36025 DPT=23 WINDOW=65535 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇩🇪 mxpgmbh	2026-05-01 13:09:59 (1 month ago)	2026-05-01T15:09:20.604795+02:00 ** sshd-session[13850]: pam_unix(sshd:auth): authentication failu ... show more 2026-05-01T15:09:20.604795+02:00 sshd-session[13850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.81.20 user=root 2026-05-01T15:09:23.194723+02:00 sshd-session[13850]: Failed password for root from 138.197.81.20 port 40380 ssh2 2026-05-01T15:09:56.266470+02:00 sshd-session[14388]: Invalid user from 138.197.81.20 port 35118 2026-05-01T15:09:56.268159+02:00 sshd-session[14388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.81.20 2026-05-01T15:09:58.464129+02:00 sshd-session[14388]: Failed password for invalid user ** from 138.197.81.20 port 35118 ssh2 show less	Brute-Force SSH
🇺🇸 RAP	2026-05-01 12:19:29 (1 month ago)	2026-05-01 12:19:29 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
🇪🇸 el-brujo	2026-05-01 10:47:57 (1 month ago)	2026-05-01T12:47:25.455174 ns2.elhacker.net proftpd[1541024]: session[1541024] 0.0.0.0 (138.197.81.2 ... show more 2026-05-01T12:47:25.455174 ns2.elhacker.net proftpd[1541024]: session[1541024] 0.0.0.0 (138.197.81.20[138.197.81.20]): USER admin: no such user found from 138.197.81.20 [138.197.81.20] to ::ffff:192.168.0.3:2222 2026-05-01T12:47:56.504921 ns2.elhacker.net proftpd[1541125]: session[1541125] 0.0.0.0 (138.197.81.20[138.197.81.20]): USER orangepi: no such user found from 138.197.81.20 [138.197.81.20] to ::ffff:192.168.0.3:2222 ... show less	FTP Brute-Force
🇺🇸 RAP	2026-05-01 08:28:02 (1 month ago)	2026-05-01 08:28:02 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
Anonymous	2026-05-01 08:19:25 (1 month ago)	2026-05-01T10:18:49.295341+02:00 vm635618.cloud.nuxt.network sshd-session[7087]: pam_unix(sshd:auth) ... show more 2026-05-01T10:18:49.295341+02:00 vm635618.cloud.nuxt.network sshd-session[7087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.81.20 2026-05-01T10:18:51.978518+02:00 vm635618.cloud.nuxt.network sshd-session[7087]: Failed password for invalid user admin from 138.197.81.20 port 47754 ssh2 2026-05-01T10:19:25.086014+02:00 vm635618.cloud.nuxt.network sshd-session[7089]: Invalid user orangepi from 138.197.81.20 port 51496 ... show less	Brute-Force SSH

Showing 1 to 15 of 2640 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 220.200.148.66

🇮🇳 103.206.97.154

🇧🇷 69.6.220.104

🇸🇬 47.128.111.243

🇺🇸 2001:470:1:c84::2bc

🇭🇰 218.190.8.165

🇩🇪 217.234.86.143

🇮🇷 217.114.40.16

🇩🇪 178.128.205.136

🇳🇿 121.73.169.160

🇸🇬 104.238.15.83

🇺🇸 104.234.53.26

🇭🇰 103.210.238.204

🇱🇹 81.30.98.49

🇺🇸 76.184.109.186

🇸🇬 47.128.111.241

🇳🇱 45.156.128.132

🇦🇿 37.114.150.13

🇹🇭 223.205.222.153

🇨🇿 217.198.121.75