JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.199.54.61

138.199.54.61 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 0%: ?

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	datacamp.co.uk
Country	🇮🇹 Italy
City	Milan, Lombardy

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.199.54.61

Whois 138.199.54.61

IP Abuse Reports for 138.199.54.61:

This IP address has been reported a total of 49 times from 29 distinct sources. 138.199.54.61 was first reported on October 18th 2023, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 bitblockit	2026-04-14 16:49:47 (2 months ago)	Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. D ... show more Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. Decoy listen port: 51411/tcp. Observed event time: 2026-04-14 16:49:47 UTC. Report from passive honeypot only; no payload or credentials included. show less	Port Scan
🇷🇺 Agrohim	2026-03-27 14:34:22 (2 months ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
🇺🇸 xmission.com	2026-03-24 21:19:48 (2 months ago)	Blocked by UFW (TCP on 9150) Source port: 1449 TTL: 47 Packet length: 60 TOS: 0x08 This report (for ... show more Blocked by UFW (TCP on 9150) Source port: 1449 TTL: 47 Packet length: 60 TOS: 0x08 This report (for 138.199.54.61) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇷🇺 Agrohim	2026-03-22 08:57:46 (2 months ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
🇷🇺 Agrohim	2026-03-14 01:11:51 (3 months ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
🇹🇷 rtbh.com.tr	2026-03-11 20:12:00 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇩🇪 Marc	2026-03-11 04:51:23 (3 months ago)		Brute-Force Web App Attack
Anonymous	2026-03-10 22:27:48 (3 months ago)	(wordpress) Failed wordpress login from 138.199.54.61 (IT/Italy/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-03-10 21:51:54 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.61 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 17:51:47.421854 2026] [security2:error] [pid 8505:tid 8505] [client 138.199.54.61:48123] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|blindshine.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "blindshine.com"] [uri "/wp-json/wp/v2/users"] [unique_id "abCSczwJqr3EqJ9lMpaf1gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 rtbh.com.tr	2026-03-10 20:11:59 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
Anonymous	2026-03-10 10:29:34 (3 months ago)	[redacted] 138.199.54.61 - - [10/Mar/2026:11:29:31 +0100] "POST /xmlrpc.php HTTP/1.1" 403 239 "-" "M ... show more [redacted] 138.199.54.61 - - [10/Mar/2026:11:29:31 +0100] "POST /xmlrpc.php HTTP/1.1" 403 239 "-" "Mozilla/5.0 (Linux; Android 10; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/74.0.0.0 Safari/537.36" [redacted] 138.199.54.61 - - [10/Mar/2026:11:29:33 +0100] "POST /xmlrpc.php HTTP/1.1" 403 239 "-" "Mozilla/5.0 (Windows NT 6.2; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/97.0.0.0 Safari/537.36" [redacted] 138.199.54.61 - - [10/Mar/2026:11:29:33 +0100] "POST /xmlrpc.php HTTP/1.1" 403 239 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" [redacted] 138.199.54.61 - - [10/Mar/2026:11:29:34 +0100] "POST /xmlrpc.php HTTP/1.1" 403 239 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/88.0.0.0 Safari/537.36" [redacted] 138.199.54.61 - - [10/Mar/2026:11:29:34 +0100] "POST /xmlrpc.php HTTP/1.1" 403 239 "-" "Mozilla/5.0 (Windows NT 6.2; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/7 ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-03-10 10:19:32 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.61 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 06:19:26.094750 2026] [security2:error] [pid 23028:tid 23028] [client 138.199.54.61:27403] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|doreenkimura.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "doreenkimura.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aa_wLpjB-kh89Lfhq5ZtuAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-10 02:34:05 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.61 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 09 22:34:00.052875 2026] [security2:error] [pid 28357:tid 28357] [client 138.199.54.61:47056] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|silalaw.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "silalaw.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aa-DGMIwq-3ctrfUgn0muwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-03-09 06:15:46 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇮🇹 VHosting	2026-01-09 22:26:16 (5 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇭 2405:8d40:405a:9ada:fd76:8bda:5d21:6ab

🇭🇰 199.45.155.72

🇩🇪 172.104.252.242

🇨🇳 111.9.22.102

🇬🇧 87.236.176.155

🇳🇱 81.19.216.103

🇺🇸 71.6.237.228

🇭🇰 45.142.154.33

🇸🇳 41.82.50.218

🇨🇱 186.103.136.43

🇨🇳 117.83.83.235

🇲🇦 105.154.104.183

🇮🇩 103.31.134.166

🇺🇸 52.176.211.73

🇮🇷 46.100.87.80

🇺🇸 2607:f8b0:4864:20::1034

🇰🇷 222.236.155.146

🇧🇷 205.210.31.232

🇻🇳 160.250.246.224

🇮🇳 147.93.169.66