JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.199.18.86

138.199.18.86 was found in our database!

This IP was reported 308 times. Confidence of Abuse is 1%: ?

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Hostname(s)	unn-138-199-18-86.datapacket.com
Domain Name	datacamp.co.uk
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.199.18.86

Whois 138.199.18.86

IP Abuse Reports for 138.199.18.86:

This IP address has been reported a total of 308 times from 48 distinct sources. 138.199.18.86 was first reported on December 21st 2020, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 as211431.net	2026-05-29 14:09:24 (3 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇭 backslash	2026-01-09 16:35:05 (5 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇦🇺 AWW-Admin	2025-11-11 19:16:39 (7 months ago)	(pop3d) Failed POP3 login from 138.199.18.86 (DE/Germany/unn-138-199-18-86.datapacket.com)	Brute-Force
🇩🇪 london2038.com	2024-12-16 07:21:54 (1 year ago)	Probing for exploits 138.199.18.86 - - [16/Dec/2024:08:21:50 +0100] "GET /.env HTTP/1.1" 422 0 "-" " ... show more Probing for exploits 138.199.18.86 - - [16/Dec/2024:08:21:50 +0100] "GET /.env HTTP/1.1" 422 0 "-" "python-requests/2.32.3" 138.199.18.86 - - [16/Dec/2024:08:21:52 +0100] "GET /.env.example HTTP/1.1" 422 0 "-" "python-requests/2.32.3" show less	Hacking Web App Attack
Anonymous	2024-12-16 06:50:12 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇮🇩 penjaga BRIN	2024-12-16 06:10:24 (1 year ago)	nginx-alfa-95	Web App Attack
🇮🇩 Burayot	2024-12-16 05:52:43 (1 year ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 138.199.18.86 (DE/Germany/unn-138-19 ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 138.199.18.86 (DE/Germany/unn-138-199-18-86.datapacket.com): 1 in the last 3600 secs show less	Web App Attack
🇧🇷 diego	2024-06-13 10:45:43 (2 years ago)	Events: TCP SYN Discovery or Flooding, Seen 5 times in the last 10800 seconds	DDoS Attack
🇧🇪 cmbplf	2024-06-10 06:30:58 (2 years ago)	209 requests to *.env	Brute-Force Bad Web Bot
Anonymous	2024-06-10 05:00:05 (2 years ago)	Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2024-06-09 02:29:36 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 138.199.18.86 (unn-138-199-18-86.datapacket.com ... show more (mod_security) mod_security (id:210492) triggered by 138.199.18.86 (unn-138-199-18-86.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 08 22:29:29.472611 2024] [security2:error] [pid 23101] [client 138.199.18.86:39578] [client 138.199.18.86] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "guldunyayayinlari.com"] [uri "/.env"] [unique_id "ZmUTiSZugns08TfnLhNP6QAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2024-06-09 01:59:03 (2 years ago)	Looking for CMS/PHP/SQL vulnerablilities - 13	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2024-06-08 23:50:23 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 138.199.18.86 (unn-138-199-18-86.datapacket.com ... show more (mod_security) mod_security (id:210492) triggered by 138.199.18.86 (unn-138-199-18-86.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 08 19:50:17.655720 2024] [security2:error] [pid 18599] [client 138.199.18.86:49068] [client 138.199.18.86] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lifestyledreamvacation.com"] [uri "/.env"] [unique_id "ZmTuOQBLepzg0yP9PIibJgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Mr-Money	2024-06-08 15:53:10 (2 years ago)	138.199.18.86 - - [08/Jun/2024:17:53:09 +0200] "GET /.vscode/sftp.json HTTP/1.1" 404 425 "-" "Go-htt ... show more 138.199.18.86 - - [08/Jun/2024:17:53:09 +0200] "GET /.vscode/sftp.json HTTP/1.1" 404 425 "-" "Go-http-client/1.1" ... show less	Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack
🇬🇧 mangomad	2024-06-08 15:13:09 (2 years ago)	Repeated Apache mod_security rule triggers	Brute-Force Web App Attack

Showing 1 to 15 of 308 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.0.10.128

🇧🇪 198.235.24.211

🇺🇸 178.156.172.64

🇨🇳 124.88.113.158

🇪🇸 46.6.57.137

🇱🇹 45.227.254.170

🇨🇳 223.199.161.248

🇹🇼 198.235.24.70

🇬🇧 185.157.233.106

🇨🇴 181.205.1.90

🇳🇱 176.65.148.252

🇺🇸 172.98.33.66

🇨🇳 117.43.120.144

🇭🇰 103.243.24.124

🇳🇱 89.21.67.169

🇫🇷 80.241.222.32

🇩🇪 69.5.169.45

🇺🇸 66.132.172.178

🇺🇸 65.49.1.232

🇺🇸 64.62.156.24