JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.199.54.52

138.199.54.52 was found in our database!

This IP was reported 85 times. Confidence of Abuse is 0%: ?

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	datacamp.co.uk
Country	🇮🇹 Italy
City	Milan, Lombardy

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.199.54.52

Whois 138.199.54.52

IP Abuse Reports for 138.199.54.52:

This IP address has been reported a total of 85 times from 40 distinct sources. 138.199.54.52 was first reported on October 9th 2023, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-04-01 07:26:53 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.52 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 01 03:26:48.541964 2026] [security2:error] [pid 19786:tid 19786] [client 138.199.54.52:49152] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|theyoungstrategist.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "theyoungstrategist.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aczIuJlMDtsvbrxvEC_xAAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-01 05:43:42 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.52 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 01 01:43:35.709150 2026] [security2:error] [pid 8753:tid 8753] [client 138.199.54.52:11096] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|sliconswamp.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sliconswamp.com"] [uri "/wp-json/wp/v2/users"] [unique_id "acywh3cP9STlhAu1f2nyKQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-01 05:00:09 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.52 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 01 01:00:04.112824 2026] [security2:error] [pid 16969:tid 16969] [client 138.199.54.52:36506] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|seahattravel.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "seahattravel.com"] [uri "/wp-json/wp/v2/users"] [unique_id "acymVEj8k4O3UjvtinFjqAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Jason Howell	2026-04-01 04:23:57 (2 months ago)	138.199.54.52 - - [01/Apr/2026:04:18:17 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2960 "-" "Mozilla/5.0 ... show more 138.199.54.52 - - [01/Apr/2026:04:18:17 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2960 "-" "Mozilla/5.0 (Linux; Android 10; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/10.0.0.0 Safari/537.36" 138.199.54.52 - - [01/Apr/2026:04:19:44 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2960 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/82.0.0.0 Safari/537.36" 138.199.54.52 - - [01/Apr/2026:04:21:09 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2960 "-" "Mozilla/5.0 (Windows NT 6.3; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/75.0.0.0 Safari/537.36" 138.199.54.52 - - [01/Apr/2026:04:22:32 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2960 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/13.0.0.0 Safari/537.36" 138.199.54.52 - - [01/Apr/2026:04:23:56 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2961 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/70.0.0.0 Safari/537.36" ... show less	Web App Attack
🇩🇪 konseptit	2026-03-31 22:55:16 (2 months ago)	(wordpress) Failed wordpress login from 138.199.54.52 (IT/Italy/-)	Brute-Force
🇬🇧 consul.to	2026-03-16 17:32:54 (2 months ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇭 backslash	2026-03-03 07:48:00 (3 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇨🇿 SeMPaI	2026-02-17 18:51:17 (3 months ago)	Suspicious activity on Minecraft server - server is not publicly advertised. Additional information ... show more Suspicious activity on Minecraft server - server is not publicly advertised. Additional information clientIp=138.199.54.52, clientPort=25565, clientProtocol=765 Generated DontListMyServer by https://github.com/S-MpAI show less	Port Scan
🇨🇿 HM	2026-02-17 18:51:17 (3 months ago)	Suspicious activity on Minecraft server - server is not publicly advertised. Additional information ... show more Suspicious activity on Minecraft server - server is not publicly advertised. Additional information clientIp=138.199.54.52, clientPort=25565, clientProtocol=765 Generated DontListMyServer by https://github.com/S-MpAI show less	Port Scan
🇩🇪 int8	2026-02-17 18:49:53 (3 months ago)	2026-02-17T18:49:52.899110179Z Minecraft server scanner: status request	Port Scan
🇳🇱 FREAKISH	2026-02-17 18:48:58 (3 months ago)	2026-02-17 19:48:58: Minecraft server scan detected from 138.199.54.52 on port 25565 of 127.0.0.1	Port Scan
🇹🇷 rtbh.com.tr	2026-02-11 20:11:31 (4 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇺🇸 TPI-Abuse	2026-02-11 04:10:05 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.52 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 23:09:59.540306 2026] [security2:error] [pid 3531:tid 3531] [client 138.199.54.52:26871] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|4115thewestford.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "4115thewestford.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aYwBF9wYsY8rp4y5ZEjDrQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-02-10 20:14:30 (4 months ago)	Blocked by CSF 13 firewall - Rule: XMLRPC -	Web App Attack
🇹🇷 rtbh.com.tr	2026-02-10 20:11:30 (4 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force

Showing 1 to 15 of 85 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 152.32.252.65

🇭🇰 103.210.21.178

🇫🇷 85.217.140.10

🇺🇸 54.235.125.129

🇬🇧 193.163.125.89

🇺🇸 162.216.150.189

🇰🇷 114.108.165.18

🇵🇰 103.86.52.211

🇦🇴 102.218.148.132

🇨🇦 85.217.149.34

🇲🇦 81.192.138.65

🇩🇪 64.89.163.131

🇨🇳 59.110.214.242

🇨🇦 4.206.92.183

🇺🇸 2600:1702:81f1:84e0:29fd:9682:851b:ee35

🇹🇼 198.235.24.98

🇬🇧 195.140.214.19

🇭🇰 165.154.224.19

🇺🇸 162.216.149.27

🇳🇱 144.31.54.15