JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.199.18.85

138.199.18.85 was found in our database!

This IP was reported 118 times. Confidence of Abuse is 47%: ?

47%

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Hostname(s)	unn-138-199-18-85.datapacket.com
Domain Name	datacamp.co.uk
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.199.18.85

Whois 138.199.18.85

IP Abuse Reports for 138.199.18.85:

This IP address has been reported a total of 118 times from 51 distinct sources. 138.199.18.85 was first reported on September 19th 2021, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇪 McHoneypot	2026-06-08 10:15:44 (5 days ago)	Minecraft server scanning dectected on port 25565	Port Scan
🇩🇪 int8	2026-06-08 10:10:01 (5 days ago)	2026-06-08T10:10:01.277242096Z Minecraft server scanner: status request	Port Scan
🇺🇸 bigscoots.com	2026-05-29 09:37:35 (2 weeks ago)	(smtpauth) Failed SMTP AUTH login from 138.199.18.85 (DE/Germany/unn-138-199-18-85.datapacket.com): ... show more (smtpauth) Failed SMTP AUTH login from 138.199.18.85 (DE/Germany/unn-138-199-18-85.datapacket.com): 5 in the last 3600 secs; Ports: 25,465,587; Direction: 0; Trigger: LF_SMTPAUTH; Logs: 2026-05-29 05:36:30 dovecot_login authenticator failed for H=(Epk1H0wPr) [138.199.18.85]:44738: 535 Incorrect authentication data ([email protected]) 2026-05-29 05:36:39 dovecot_login authenticator failed for H=(OYpSoiXNF) [138.199.18.85]:60172: 535 Incorrect authentication data ([email protected]) 2026-05-29 05:36:52 dovecot_login authenticator failed for H=(GvnWtsy4DB) [138.199.18.85]:45599: 535 Incorrect authentication data ([email protected]) 2026-05-29 05:37:12 dovecot_login authenticator failed for H=(WDLhjbj8d) [138.199.18.85]:19010: 535 Incorrect authentication data ([email protected]) 2026-05-29 05:37:32 dovecot_login authenticator failed for H=(euLGRXdu) [138.199.18.85]:8207: 535 Incorrect authentication data ([email protected]) show less	Brute-Force SSH
🇧🇷 Peregrine	2026-05-27 03:11:56 (2 weeks ago)	Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: 138.199.18.85 172.70.251.133 - - [23/May/2026:18:18 ... show more Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: 138.199.18.85 172.70.251.133 - - [23/May/2026:18:18:23 -0300] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 18193 show less	Bad Web Bot
🇧🇷 Peregrine	2026-05-25 03:12:03 (2 weeks ago)	Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: 138.199.18.85 172.70.251.133 - - [23/May/2026:18:18 ... show more Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: 138.199.18.85 172.70.251.133 - - [23/May/2026:18:18:23 -0300] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 18193 show less	Bad Web Bot
🇬🇧 thetomtaylor.co.uk	2026-05-24 00:06:02 (2 weeks ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice01,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-05-23 22:05:03 (2 weeks ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [wa01]	Hacking Brute-Force Bad Web Bot Web App Attack
🇬🇧 Mendip_Defender	2026-05-23 21:19:23 (2 weeks ago)	138.199.18.85 - - [23/May/2026:22:19:18 +0100] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 301 162 ... show more 138.199.18.85 - - [23/May/2026:22:19:18 +0100] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 138.199.18.85 - - [23/May/2026:22:19:19 +0100] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 301 4203 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 138.199.18.85 - - [23/May/2026:22:19:20 +0100] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 51294 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" ... show less	Hacking Web App Attack
🇧🇷 Peregrine	2026-05-23 21:18:28 (2 weeks ago)	Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: 138.199.18.85 172.70.251.133 - - [23/May/2026:18:18 ... show more Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: 138.199.18.85 172.70.251.133 - - [23/May/2026:18:18:23 -0300] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 18193 show less	Bad Web Bot
🇺🇸 nationaleventpros.com	2026-05-23 21:12:08 (2 weeks ago)	vulnerability scan	Web App Attack
🇫🇷 dynamix	2026-05-23 09:43:16 (3 weeks ago)	Multiple WAF Violations	Web App Attack
🇺🇸 mnsf	2026-05-23 09:05:55 (3 weeks ago)	Too many Status 40X (22)	Brute-Force Web App Attack
🇷🇺 DZBOT	2026-05-23 08:48:12 (3 weeks ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇬🇧 consul.to	2026-05-09 18:05:57 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 Kimax	2025-11-24 15:23:16 (6 months ago)	RdpGuard detected brute-force attempt on RDP	Brute-Force

Showing 1 to 15 of 118 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇦 160.179.177.104

🇨🇳 123.129.245.249

🇷🇴 80.94.92.168

🇨🇳 59.52.103.169

🇺🇸 34.208.194.230

🇸🇬 193.37.32.110

🇺🇸 147.185.132.161

🇺🇸 107.172.88.206

🇮🇩 103.191.14.210

🇮🇩 202.145.0.61

🇳🇱 185.136.15.10

🇩🇪 167.94.146.53

🇨🇳 116.167.93.149

🇷🇴 92.118.39.225

🇨🇳 39.163.17.178

🇮🇳 34.93.241.217

🇮🇳 27.123.114.190

🇺🇸 209.87.149.26

🇩🇪 185.220.101.139

🇨🇳 115.231.78.11