JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.201.38.133

138.201.38.133 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 100%: ?

100%

ISP	Stranica d.o.o
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	bucko-old.nula.hr
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.201.38.133

Whois 138.201.38.133

IP Abuse Reports for 138.201.38.133:

This IP address has been reported a total of 42 times from 34 distinct sources. 138.201.38.133 was first reported on June 16th 2026, and the most recent report was 3 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-16 18:08:46 (3 minutes ago)	Brute forcing Wordpress login	Hacking Web App Attack
🇳🇱 maxxsense	2026-06-16 18:02:18 (10 minutes ago)	(wordpress) Failed wordpress login from 138.201.38.133 (DE/Germany/bucko-old.nula.hr)	Brute-Force
🇺🇸 xxkodedxx	2026-06-16 17:56:57 (15 minutes ago)	[Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. ... show more [Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. Active: 17:56:34→17:56:35 UTC Volume: 2 honeypot probe(s) Bait taken: /wp-login.php Vhost fishing: cards.zvxlabs.com UA: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 17:55:37 (16 minutes ago)	(mod_security) mod_security (id:225170) triggered by 138.201.38.133 (bucko-old.nula.hr): 1 in the la ... show more (mod_security) mod_security (id:225170) triggered by 138.201.38.133 (bucko-old.nula.hr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 13:55:31.417535 2026] [security2:error] [pid 20226:tid 20226] [client 138.201.38.133:46049] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|kontikimotorcycles.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kontikimotorcycles.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajGOE8znxvSv2z0kSFtiPwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-06-16 17:54:55 (17 minutes ago)	(PERMBLOCK) 138.201.38.133 (DE/Germany/bucko-old.nula.hr) has had more than 4 temp blocks	Hacking
🇨🇦 polycoda	2026-06-16 17:51:18 (21 minutes ago)	📄 Probes for wp-login.php and other inexistent URLs	Hacking Web App Attack
🇫🇷 Yepngo	2026-06-16 17:38:10 (34 minutes ago)	138.201.38.133 - - [16/Jun/2026:19:25:47 +0200] "POST /wp-login.php HTTP/2.0" 200 12100 "https://yep ... show more 138.201.38.133 - - [16/Jun/2026:19:25:47 +0200] "POST /wp-login.php HTTP/2.0" 200 12100 "https://yepngo.com/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0" 138.201.38.133 - - [16/Jun/2026:19:38:10 +0200] "POST /wp-login.php HTTP/2.0" 200 12100 "https://dev.yepngo.com/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" ... show less	Brute-Force Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-16 17:37:09 (35 minutes ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 17:36:29 (36 minutes ago)	(mod_security) mod_security (id:225170) triggered by 138.201.38.133 (bucko-old.nula.hr): 1 in the la ... show more (mod_security) mod_security (id:225170) triggered by 138.201.38.133 (bucko-old.nula.hr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 13:36:26.769990 2026] [security2:error] [pid 29581:tid 29581] [client 138.201.38.133:59368] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|copanmaya.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "copanmaya.org"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajGJmmTemtG0j5ExaUB55AAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-16 17:30:09 (42 minutes ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇩🇪 FeG Deutschland	2026-06-16 17:28:14 (44 minutes ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 257	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 17:05:41 (1 hour ago)	(mod_security) mod_security (id:225170) triggered by 138.201.38.133 (bucko-old.nula.hr): 1 in the la ... show more (mod_security) mod_security (id:225170) triggered by 138.201.38.133 (bucko-old.nula.hr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 13:05:36.521062 2026] [security2:error] [pid 6308:tid 6308] [client 138.201.38.133:49752] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|iee-usa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "iee-usa.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajGCYMqBEvFvmR-9ZEtYtwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 KIsmay	2026-06-16 17:03:16 (1 hour ago)	Jun 16 11:45:44 www4 WPAudit[2160063]: 138.201.38.133 www.lemoncreekcampground.ca "Mozilla/5.0 (X11; ... show more Jun 16 11:45:44 www4 WPAudit[2160063]: 138.201.38.133 www.lemoncreekcampground.ca "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" lemoncreek:Lemoncreek. FAIL Jun 16 11:53:51 www4 WPAudit[2160559]: 138.201.38.133 imaginesalmon.com "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" imagine:Imagine20 FAIL Jun 16 12:39:13 www4 WPAudit[2164398]: 138.201.38.133 amandasrestaurant.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0" sbd-admin:Sbd-admin99 FAIL Jun 16 12:40:13 www4 WPAudit[2164784]: 138.201.38.133 www.goldislandforestproducts.ca "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" gifp:gifp786 FAIL Jun 16 13:03:15 www4 WPAudit[2164327]: 138.201.38.133 www.servicesfyi.ca "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Apple ... show less	Brute-Force Web App Attack
🇫🇷 solution.it	2026-06-16 17:00:56 (1 hour ago)	[Tue Jun 16 19:00:55.986191 2026] [php7:error] [pid 262246:tid 262246] [client 138.201.38.133:50449] ... show more [Tue Jun 16 19:00:55.986191 2026] [php7:error] [pid 262246:tid 262246] [client 138.201.38.133:50449] script '/var/www/html/blog.solution.it/wp-login.php' not found or unable to stat show less	Web App Attack
🇮🇩 xveil	2026-06-16 16:52:43 (1 hour ago)	2026-06-16T23:52:40.106103 mail-honeypot postfix/submission/smtpd[958]: warning: bucko-old.nula.hr[1 ... show more 2026-06-16T23:52:40.106103 mail-honeypot postfix/submission/smtpd[958]: warning: bucko-old.nula.hr[138.201.38.133]: SASL PLAIN authentication failed: authentication failure ... show less	Brute-Force

Showing 1 to 15 of 42 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.4.156.254

🇧🇪 198.235.24.223

🇲🇾 195.86.192.66

🇰🇷 146.56.158.198

🇺🇸 174.138.35.202

🇺🇸 147.185.132.189

🇮🇳 122.187.227.145

🇰🇷 121.189.103.212

🇨🇳 117.48.216.110

🇮🇳 103.69.216.25

🇳🇱 45.142.193.223

🇮🇷 5.112.161.53

🇺🇸 3.141.168.126

🇧🇪 198.235.24.254

🇲🇽 189.229.161.121

🇧🇷 187.50.194.182

🇨🇳 117.62.22.127

🇨🇳 112.86.146.178

🇷🇺 109.195.29.57

🇿🇦 102.64.45.253