JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.94.164.39

138.94.164.39 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 11%: ?

11%

ISP	Fernando Net e Telecomunicações Ltda
Usage Type	Fixed Line ISP
ASN	AS264180
Hostname(s)	39-164-94-138.fernandonet.net.br
Domain Name	fernandonet.net.br
Country	🇧🇷 Brazil
City	Valparaiso de Goias, Goias

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.94.164.39

Whois 138.94.164.39

IP Abuse Reports for 138.94.164.39:

This IP address has been reported a total of 21 times from 15 distinct sources. 138.94.164.39 was first reported on June 10th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 DRI	2026-06-08 08:59:20 (2 weeks ago)	Unsolicited UDP traffic on Honeypot, srcport=24719 dstport=54441	Port Scan Hacking
Anonymous	2026-06-08 08:01:16 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2026-03-31 11:56:07 (2 months ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇺🇸 brantknudson.org	2026-03-29 12:08:39 (2 months ago)	Request path 'POST /xmlrpc.php HTTP/1.1'	Web App Attack Hacking
🇺🇸 OceanTreasure	2026-03-29 09:15:05 (2 months ago)	tcp/443; WordPress XML-RPC brute force attempt: "POST /xmlrpc.php" @ 2026-03-29T09:07:22Z [proxy]	Brute-Force
🇳🇱 wlt-blocker	2026-03-29 06:27:03 (2 months ago)	Unauthorized access to webpage admin	Web App Attack
Anonymous	2026-03-29 03:34:07 (2 months ago)	(wordpress) Failed wordpress login from 138.94.164.39 (BR/Brazil/39-164-94-138.fernandonet.net.br)	Brute-Force
🇮🇹 BioHesh	2026-03-29 01:13:09 (2 months ago)	Automated report from OBSERVIUM IDS — malicious activity detected (honeypot trigger / attack pattern ... show more Automated report from OBSERVIUM IDS — malicious activity detected (honeypot trigger / attack pattern) show less	Port Scan Web App Attack
🇫🇷 Eldeberen	2026-03-29 00:03:46 (2 months ago)	Vulnerability scan attempt through HTTP protocol	Web App Attack
🇦🇺 screwlooseit.com.au	2026-03-27 13:54:57 (2 months ago)	Blocked by CSF 13 firewall - Rule: XMLRPC BR/Brazil/39-164-94-138.fernandonet.net.br	Web App Attack
🇺🇸 OceanTreasure	2026-03-27 02:35:17 (2 months ago)	tcp/443; WordPress XML-RPC brute force attempt: "POST /xmlrpc.php" @ 2026-03-27T02:27:51Z [proxy]	Brute-Force
🇷🇴 INTEQ	2026-03-27 00:57:38 (2 months ago)	Web attack from 138.94.164.39	Web App Attack
🇳🇱 wlt-blocker	2026-03-26 23:11:35 (2 months ago)	Unauthorized access to webpage admin	Web App Attack
Anonymous	2026-03-25 10:51:46 (2 months ago)	138.94.164.39 - - [25/Mar/2026:12:48:56 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Mozilla/5.0 ... show more 138.94.164.39 - - [25/Mar/2026:12:48:56 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36" 138.94.164.39 - - [25/Mar/2026:12:48:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36" 138.94.164.39 - - [25/Mar/2026:12:50:26 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.0.0 Safari/537.36" 138.94.164.39 - - [25/Mar/2026:12:50:27 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.0.0 Safari/537.36" 138.94.164.39 - - [25/Mar/2026:12:51:45 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Mozilla/5.0 (Linux; Android 10; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/15.0.0.0 Safari/537.36" ... show less	Brute-Force Web App Attack
🇳🇱 MM-bot	2026-03-24 19:24:58 (2 months ago)	URL-probe: HTTP/1.1 POST request on /xmlrpc.php (2026-03-24 20:24:58 UTC+1)	Web App Attack Hacking

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.169.196.142

🇺🇸 165.154.206.250

🇺🇸 154.16.115.17

🇺🇸 152.32.205.206

🇧🇷 45.205.1.243

🇺🇸 45.156.129.142

🇧🇷 205.210.31.236

🇺🇸 173.255.225.25

🇺🇸 172.253.240.52

🇨🇳 119.51.242.13

🇳🇱 91.92.40.4

🇫🇷 85.69.240.210

🇺🇸 20.127.208.220

🇭🇰 199.45.155.106

🇧🇴 190.129.122.185

🇺🇸 172.70.94.153

🇩🇪 167.94.145.17

🇱🇾 154.127.69.1

🇺🇸 91.230.168.139

🇺🇸 74.235.79.32