JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.199.15.173

138.199.15.173 was found in our database!

This IP was reported 192 times. Confidence of Abuse is 38%: ?

38%

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60068
Hostname(s)	unn-138-199-15-173.datapacket.com
Domain Name	datacamp.co.uk
Country	🇫🇷 France
City	Marseille, Provence-Alpes-Cote d'Azur

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.199.15.173

Whois 138.199.15.173

IP Abuse Reports for 138.199.15.173:

This IP address has been reported a total of 192 times from 87 distinct sources. 138.199.15.173 was first reported on October 17th 2022, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 cpxducky	2026-06-17 17:49:25 (3 days ago)	2026-06-17 17:49:25: Minecraft server scan detected from 138.199.15.173 on port 25565 of mail.cpxduc ... show more 2026-06-17 17:49:25: Minecraft server scan detected from 138.199.15.173 on port 25565 of mail.cpxducky.com show less	Port Scan
🇳🇱 FREAKISH	2026-06-17 17:49:13 (3 days ago)	2026-06-17 19:49:12: Minecraft server scan detected from 138.199.15.173 on port 25565 of 127.0.0.1	Port Scan
🇩🇪 zUnlegit	2026-06-17 17:49:12 (3 days ago)	2026-06-17 17:49:12: Minecraft server scan detected from 138.199.15.173 on port 25565 of mailserver	Port Scan
🇩🇪 int8	2026-06-17 17:48:45 (3 days ago)	2026-06-17T17:48:45.150649485Z Minecraft server scanner: status request	Port Scan
🇺🇸 nyt	2026-05-29 18:44:32 (3 weeks ago)	Unusual query parameters in a 404 request, SQLi (quote probe)	SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-05-23 03:28:16 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 138.199.15.173 (unn-138-199-15-173.datapacket.c ... show more (mod_security) mod_security (id:210831) triggered by 138.199.15.173 (unn-138-199-15-173.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 23:28:10.323150 2026] [security2:error] [pid 27124:tid 27124] [client 138.199.15.173:34301] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|fiyaplatform.com\|F\|4"] [data "EmailWolf"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "fiyaplatform.com"] [uri "/fiyacore/music.php"] [unique_id "ahEeygXt5Y1rieON0ROsoAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nyt	2026-05-19 23:04:12 (1 month ago)	SQLi (quote probe)	SQL Injection Web App Attack
🇩🇪 FeG Deutschland	2026-04-29 11:17:25 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇨🇭 backslash	2026-04-22 19:33:00 (1 month ago)	block ruleset Badbot using very old user-agents 5CF3CDB778C7D82564405B86B9242E612F378C68	Bad Web Bot
🇧🇪 cmbplf	2026-04-20 19:36:37 (2 months ago)	64.787 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇬🇧 cg-design.co.uk	2026-04-15 19:38:38 (2 months ago)	138.199.15.173 (FR/France/unn-138-199-15-173.datapacket.com), 10 distributed imapd attacks on accoun ... show more 138.199.15.173 (FR/France/unn-138-199-15-173.datapacket.com), 10 distributed imapd attacks on account [redacted] show less	Brute-Force
🇩🇪 FeG Deutschland	2026-04-13 05:59:15 (2 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 28	Exploited Host Web App Attack
🇪🇸 librebit	2026-03-25 02:33:54 (2 months ago)	Brute force	Brute-Force
🇯🇵 mkaraki	2026-03-04 12:52:14 (3 months ago)	1772628721 # Service_probe # SIGNATURE_SEND # source_ip:138.199.15.173 # dst_port:3389 ...	Port Scan
🇱🇻 garmtech.com	2026-03-01 05:43:16 (3 months ago)	IM360 WAF: SQLi vulnerability in aWeb Cart Watching System for Virtuemart v1.0.7 for Joomla! (CVE-20 ... show more IM360 WAF: SQLi vulnerability in aWeb Cart Watching System for Virtuemart v1.0.7 for Joomla! (CVE-2016-10114) MV:com_virtuemart' show less	SQL Injection

Showing 1 to 15 of 192 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 184.73.47.24

🇨🇳 183.251.241.153

🇰🇷 61.43.121.132

🇰🇷 222.98.122.37

🇹🇼 198.235.24.105

🇮🇩 163.7.11.155

🇳🇱 89.19.216.194

🇫🇷 85.217.140.13

🇮🇷 80.250.199.105

🇺🇸 44.203.180.92

🇨🇳 36.161.111.143

🇺🇸 216.73.217.68

🇨🇳 171.127.228.12

🇦🇫 149.54.15.126

🇫🇷 91.231.89.253

🇳🇱 91.92.40.4

🇳🇬 62.173.38.229

🇲🇾 202.184.145.225

🇪🇬 197.199.224.52

🇸🇪 195.178.191.5