JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.199.18.68

138.199.18.68 was found in our database!

This IP was reported 273 times. Confidence of Abuse is 23%: ?

23%

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Hostname(s)	unn-138-199-18-68.datapacket.com
Domain Name	datacamp.co.uk
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.199.18.68

Whois 138.199.18.68

IP Abuse Reports for 138.199.18.68:

This IP address has been reported a total of 273 times from 72 distinct sources. 138.199.18.68 was first reported on January 8th 2021, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 infra-monitor	2026-05-25 06:00:05 (3 weeks ago)	Automated ban via infra-monitor: wp-sensitive-paths, webshell-high-confidence	Hacking Web App Attack
🇫🇮 6kilowatti	2026-05-25 05:53:38 (3 weeks ago)	2026/05/25 08:53:36 [error] 1118#1118: 16192 FastCGI sent in stderr: "Primary script unknown" while ... show more 2026/05/25 08:53:36 [error] 1118#1118: 16192 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 138.199.18.68, server: alma.6kw.fi, request: "GET /wp-content/plugins/fix/up.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/alma.6kw.fi.sock:", host: "alma.6kw.fi" 2026/05/25 08:53:37 [error] 1118#1118: *16194 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 138.199.18.68, server: backup.oh6ah.fi, request: "GET /wp-content/plugins/fix/up.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/backup.oh6ah.fi.sock:", host: "backup.oh6ah.fi" ... show less	Web App Attack
🇩🇪 on-com	2026-05-25 05:16:28 (3 weeks ago)	URL scan	Brute-Force Web App Attack
🇩🇪 webanyone	2026-05-25 04:45:15 (3 weeks ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇨🇿 ddw	2026-05-25 04:39:28 (3 weeks ago)	Access Violation Attempts - Multiple 403 Forbidden responses.	Hacking Bad Web Bot Web App Attack
🇺🇸 xmission.com	2025-12-31 09:55:44 (5 months ago)	Blocked by UFW (TCP on 59280) Source port: 22188 TTL: 47 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 59280) Source port: 22188 TTL: 47 Packet length: 60 TOS: 0x08 This report (for 138.199.18.68) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2025-10-07 12:34:04 (8 months ago)	Blocked by UFW (TCP on 49355) Source port: 34029 TTL: 47 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 49355) Source port: 34029 TTL: 47 Packet length: 60 TOS: 0x08 This report (for 138.199.18.68) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2025-08-29 19:05:18 (9 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2025-08-04 15:35:20 (10 months ago)	Botnet - login attempts with leaked random user/pass lists	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-07-25 06:11:35 (10 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.18.68 (unn-138-199-18-68.datapacket.com ... show more (mod_security) mod_security (id:225170) triggered by 138.199.18.68 (unn-138-199-18-68.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 25 02:11:30.275436 2025] [security2:error] [pid 15757:tid 15757] [client 138.199.18.68:40886] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.d-sinema.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.d-sinema.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIMgEpIQUgEbQ_NiBeS86wAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-25 05:21:53 (10 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.18.68 (unn-138-199-18-68.datapacket.com ... show more (mod_security) mod_security (id:225170) triggered by 138.199.18.68 (unn-138-199-18-68.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 25 01:21:48.405026 2025] [security2:error] [pid 2929:tid 2929] [client 138.199.18.68:37396] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.controvac.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.controvac.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIMUbGslu1SiKEFf-SwHnAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 taivas.nl	2025-07-25 04:32:43 (10 months ago)	Many_bad_calls	Web App Attack
🇺🇸 TPI-Abuse	2025-07-25 04:22:43 (10 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.18.68 (unn-138-199-18-68.datapacket.com ... show more (mod_security) mod_security (id:225170) triggered by 138.199.18.68 (unn-138-199-18-68.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 25 00:22:40.006918 2025] [security2:error] [pid 16368:tid 16368] [client 138.199.18.68:54434] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.circleofsound.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.circleofsound.org"] [uri "/site/wp-json/wp/v2/users/"] [unique_id "aIMGkEovzUs9YYvuVFdX8QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2025-07-25 03:51:38 (10 months ago)	(wordpress-user-enum) Failed wordpress-user-enum trigger from 138.199.18.68 (DE/Germany/unn-138-199- ... show more (wordpress-user-enum) Failed wordpress-user-enum trigger from 138.199.18.68 (DE/Germany/unn-138-199-18-68.datapacket.com): (CF_ENABLE) show less	Brute-Force
🇬🇧 thetomtaylor.co.uk	2025-07-25 03:50:14 (10 months ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa01]	Bad Web Bot Web App Attack

Showing 1 to 15 of 273 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4004:100d::125

🇳🇱 213.177.179.28

🇨🇱 200.89.69.247

🇲🇿 196.3.101.2

🇪🇸 194.147.118.168

🇷🇺 176.210.123.78

🇭🇰 118.193.37.50

🇭🇰 46.247.61.62

🇺🇸 18.218.118.203

🇮🇳 202.53.94.246

🇮🇳 202.21.42.232

🇪🇪 194.76.227.116

🇸🇦 154.205.134.214

🇫🇮 147.185.133.186

🇧🇩 103.163.117.83

🇻🇳 103.118.28.17

🇧🇦 94.250.9.135

🇷🇺 83.171.114.42

🇺🇸 73.66.167.12

🇸🇳 41.214.109.107