JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.199.54.64

138.199.54.64 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 0%: ?

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	datacamp.co.uk
Country	🇮🇹 Italy
City	Milan, Lombardy

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.199.54.64

Whois 138.199.54.64

IP Abuse Reports for 138.199.54.64:

This IP address has been reported a total of 39 times from 30 distinct sources. 138.199.54.64 was first reported on November 27th 2021, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 backslash	2026-02-20 10:48:00 (4 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇹🇷 rtbh.com.tr	2026-02-05 04:11:23 (4 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇹🇷 rtbh.com.tr	2026-01-29 20:11:17 (4 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇩🇪 stinpriza	2026-01-29 15:19:32 (4 months ago)	Web App Attack	Web App Attack
🇺🇸 myagent.site	2026-01-29 08:47:53 (4 months ago)	Blocking for trying to access an exploit file: /xmlrpc.php	Hacking
🇧🇪 cmbplf	2026-01-29 04:26:22 (4 months ago)	863 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-29 02:59:10 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 28 21:59:07.556692 2026] [security2:error] [pid 5886:tid 5886] [client 138.199.54.64:17239] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|kbalan.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kbalan.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aXrM-yRunvZBg4p6lpB24gAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-29 02:08:50 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 28 21:08:47.281670 2026] [security2:error] [pid 3039144:tid 3039144] [client 138.199.54.64:51262] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|joevallone.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "joevallone.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aXrBL1P-XpCZjSuuYTn8jwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-28 20:51:14 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 28 15:51:11.367554 2026] [security2:error] [pid 107956:tid 107956] [client 138.199.54.64:57546] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|esysapps.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "esysapps.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aXp2v9BkRMI5YTPMKkFlOQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Jason Howell	2026-01-28 15:57:59 (4 months ago)	138.199.54.64 - - [28/Jan/2026:09:52:59 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3009 "-" "Mozilla/5.0 ... show more 138.199.54.64 - - [28/Jan/2026:09:52:59 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3009 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36" 138.199.54.64 - - [28/Jan/2026:09:54:22 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3010 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/85.0.0.0 Safari/537.36" 138.199.54.64 - - [28/Jan/2026:09:55:35 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3009 "-" "Mozilla/5.0 (Windows NT 6.3; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.0.0 Safari/537.36" 138.199.54.64 - - [28/Jan/2026:09:56:41 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3010 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/15.0.0.0 Safari/537.36" 138.199.54.64 - - [28/Jan/2026:09:57:57 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3009 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/93.0.0.0 Safari/537 ... show less	Web App Attack
🇫🇮 bittiguru.fi	2026-01-28 14:58:25 (4 months ago)	138.199.54.64 - [28/Jan/2026:16:56:45 +0200] "POST /xmlrpc.php HTTP/1.1" 403 428 "-" "Mozilla/5.0 (X ... show more 138.199.54.64 - [28/Jan/2026:16:56:45 +0200] "POST /xmlrpc.php HTTP/1.1" 403 428 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.0.0 Safari/537.36" "-" 138.199.54.64 - [28/Jan/2026:16:58:24 +0200] "POST /xmlrpc.php HTTP/1.1" 404 33171 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/79.0.0.0 Safari/537.36" "-" ... show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-01-28 14:23:27 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 28 09:23:23.056911 2026] [security2:error] [pid 28633:tid 28633] [client 138.199.54.64:64870] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|arriagarealestate.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "arriagarealestate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aXob2ztrpO8BFMQkBdh2OgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇹 Malta	2026-01-28 06:37:25 (4 months ago)	138.199.54.64 - - [28/Jan/2026:07:37:25 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 138.199.54.64 - - [28/Jan/2026:07:37:25 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/75.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇺🇸 octageeks.com	2026-01-28 05:06:07 (4 months ago)	Wordpress malicious attack:[octaxmlrpc]	Web App Attack
🇺🇸 TPI-Abuse	2026-01-27 19:18:39 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 138.199.54.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 27 14:18:33.159613 2026] [security2:error] [pid 2201:tid 2201] [client 138.199.54.64:54386] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|livingminimal.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "livingminimal.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aXkPiZK_W_whYcFW5lQtzAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 91.92.40.10

🇨🇳 182.61.35.204

🇺🇸 147.185.132.240

🇳🇱 89.21.67.165

🇳🇱 45.148.10.240

🇺🇸 35.237.126.118

🇺🇸 35.232.136.4

🇯🇵 8.216.84.209

🇷🇴 2.57.122.238

🇺🇸 172.202.117.179

🇺🇸 162.216.149.200

🇧🇪 158.173.67.190

🇩🇪 138.68.70.115

🇨🇳 120.82.92.97

🇫🇮 74.125.114.147

🇸🇬 43.134.130.2

🇺🇸 40.67.161.175

🇺🇸 35.211.194.217

🇧🇪 35.187.53.131

🇺🇸 35.185.27.240