JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.199.18.136

138.199.18.136 was found in our database!

This IP was reported 71 times. Confidence of Abuse is 0%: ?

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Hostname(s)	unn-138-199-18-136.datapacket.com
Domain Name	datacamp.co.uk
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.199.18.136

Whois 138.199.18.136

IP Abuse Reports for 138.199.18.136:

This IP address has been reported a total of 71 times from 45 distinct sources. 138.199.18.136 was first reported on April 29th 2021, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Kimax	2026-01-10 19:11:33 (5 months ago)	RdpGuard detected brute-force attempt on RDP	Brute-Force
🇫🇮 cbo	2025-12-02 11:51:21 (6 months ago)	RDP brute-force tespit edildi: 5 başarısız giriş.	Brute-Force
🇩🇪 Freenex1911	2025-12-02 11:47:26 (6 months ago)	2025-12-02T11:47:24Z - RDP login from 138.199.18.136 failed multiple times.	Brute-Force
🇷🇴 hostar	2025-11-15 09:07:50 (7 months ago)	(smtpauth) Failed SMTP AUTH login from 138.199.18.136 (DE/Germany/unn-138-199-18-136.datapacket.com) ... show more (smtpauth) Failed SMTP AUTH login from 138.199.18.136 (DE/Germany/unn-138-199-18-136.datapacket.com): 5 in the last 43200 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: Nov 15 01:13:21 srv2 postfix/smtpd[1248660]: warning: unknown[138.199.18.136]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 15 06:30:57 srv2 postfix/smtpd[1393877]: warning: unknown[138.199.18.136]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 15 06:47:11 srv2 postfix/smtpd[1396503]: warning: unknown[138.199.18.136]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 15 10:00:31 srv2 postfix/smtpd[1428635]: warning: unknown[138.199.18.136]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 15 11:07:47 srv2 postfix/smtpd[1439796]: warning: unknown[138.199.18.136]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 show less	Port Scan
🇺🇸 TPI-Abuse	2025-11-09 05:02:03 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.18.136 (unn-138-199-18-136.datapacket.c ... show more (mod_security) mod_security (id:225170) triggered by 138.199.18.136 (unn-138-199-18-136.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 09 00:01:59.203414 2025] [security2:error] [pid 7470:tid 7470] [client 138.199.18.136:27735] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|odessatexas.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "odessatexas.us"] [uri "/wp-json/wp/v2/users"] [unique_id "aRAgR4dUl1us7mPiewuDiwAAAAI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Freenex1911	2025-11-08 20:46:37 (7 months ago)	2025-11-08T20:46:36Z - RDP login from 138.199.18.136 failed multiple times.	Brute-Force
🇺🇸 TPI-Abuse	2025-11-08 19:14:07 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.18.136 (unn-138-199-18-136.datapacket.c ... show more (mod_security) mod_security (id:225170) triggered by 138.199.18.136 (unn-138-199-18-136.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 14:14:00.886537 2025] [security2:error] [pid 20389:tid 20424] [client 138.199.18.136:30326] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|pixelpushersdesign.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pixelpushersdesign.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ-WeOFB4xxsWWa-NOj1CAAAANI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2025-11-08 12:10:03 (7 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-08 00:39:37 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.18.136 (unn-138-199-18-136.datapacket.c ... show more (mod_security) mod_security (id:225170) triggered by 138.199.18.136 (unn-138-199-18-136.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 07 19:39:32.664483 2025] [security2:error] [pid 1699:tid 1699] [client 138.199.18.136:12881] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lingafelt.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lingafelt.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ6RROlyYoYgbRqn0nQEmgAAABk"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2025-11-07 20:27:44 (7 months ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇬🇧 SilverZippo	2025-11-07 19:45:08 (7 months ago)	Web App Attack	Web App Attack
🇩🇪 Freenex1911	2025-10-25 07:44:34 (7 months ago)	2025-10-25T07:44:34Z - RDP login from 138.199.18.136 failed multiple times.	Brute-Force
🇩🇪 DerDoktor	2025-10-14 00:10:06 (8 months ago)	I1013 23:13:57.08525 fail2ban action triggered	Port Scan Brute-Force SSH
🇰🇷 winter	2025-10-13 23:15:54 (8 months ago)	Connection attemp from 138.199.18.136 to port 22	Brute-Force SSH
🇩🇪 DoSammy	2025-10-11 19:41:27 (8 months ago)	neu-RDP-Brute-Force	Brute-Force

Showing 1 to 15 of 71 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 211.75.252.252

🇬🇧 193.163.125.213

🇺🇸 147.185.132.240

🇺🇸 147.185.132.90

🇨🇦 20.104.203.253

🇩🇪 213.209.159.228

🇺🇸 207.246.106.68

🇺🇸 162.216.149.17

🇸🇬 114.119.146.55

🇧🇷 45.180.146.17

🇧🇬 5.188.206.34

🇩🇪 2a0b:f4c2:4::102

🇨🇳 220.197.14.60

🇩🇪 213.209.159.56

🇭🇰 199.45.154.115

🇧🇪 198.235.24.198

🇲🇦 196.117.162.137

🇳🇱 176.65.139.114

🇭🇰 152.32.128.85

🇺🇸 142.4.31.180