JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.199.50.129

138.199.50.129 was found in our database!

This IP was reported 133 times. Confidence of Abuse is 64%: ?

64%

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Hostname(s)	371334303.cdn77.com
Domain Name	datacamp.co.uk
Country	🇺🇸 United States of America
City	Miami, Florida

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.199.50.129

Whois 138.199.50.129

IP Abuse Reports for 138.199.50.129:

This IP address has been reported a total of 133 times from 79 distinct sources. 138.199.50.129 was first reported on January 13th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 oncord	2026-06-10 02:24:50 (4 days ago)	Form spam	Web Spam
🇨🇦 1gz	2026-06-06 15:23:05 (1 week ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: CHALLENGE Protocol: HTTP/3 (GET met ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: CHALLENGE Protocol: HTTP/3 (GET method) Endpoint: /server/a56f785f UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:151.0) Gecko/20100101 Firefox/151.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-01 21:39:25 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 138.199.50.129 (371334303.cdn77.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 138.199.50.129 (371334303.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 17:39:18.816956 2026] [security2:error] [pid 4878:tid 4878] [client 138.199.50.129:8719] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|caquintet.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "caquintet.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ah38BuFDYW_XcY50QKRIFwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 pscriptos	2026-05-30 00:25:00 (2 weeks ago)	DNS flooding on our DNS server: 218x cnn.com in 60s. Banned by Adguard Shield 🔗 https://git.technive ... show more DNS flooding on our DNS server: 218x cnn.com in 60s. Banned by Adguard Shield 🔗 https://git.techniverse.net/scriptos/adguard-shield.git show less	DDoS Attack
🇭🇳 unph	2026-05-27 19:07:19 (2 weeks ago)	Intento de acceso sospechoso bloqueado por AbuseIPDB Blocker Plugin	Brute-Force
🇦🇺 screwlooseit.com.au	2026-05-21 21:54:43 (3 weeks ago)	Blocked by CSF 13 firewall - Rule: XMLRPC 371334303.cdn77.com	Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 17:08:57 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 138.199.50.129 (371334303.cdn77.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 138.199.50.129 (371334303.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 13:08:51.546402 2026] [security2:error] [pid 17481:tid 17481] [client 138.199.50.129:2865] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|bostonmarathonstories.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bostonmarathonstories.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ag88I1ICiliOoHoZhN6hsQAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-05-21 13:09:18 (3 weeks ago)	Unauthorized access to webpage admin	Web App Attack
🇫🇷 masterguru	2026-05-21 10:20:11 (3 weeks ago)	(xmlrpc) Apache: Failed xmlrpc access from 138.199.50.129 (US/United States/371334303.cdn77.com): 10 ... show more (xmlrpc) Apache: Failed xmlrpc access from 138.199.50.129 (US/United States/371334303.cdn77.com): 10 in the last 3600 secs (0-201) show less	Hacking
🇸🇪 vaia.cloud	2026-05-21 01:59:02 (3 weeks ago)	trying wp-login.php/xmlrpc.php 89 times in 1 minutes	Brute-Force Web App Attack
🇫🇷 ELYAZ	2026-05-21 01:31:29 (3 weeks ago)	(wordpress) Failed wordpress login from 138.199.50.129 (US/United States/371334303.cdn77.com): (CF_ ... show more (wordpress) Failed wordpress login from 138.199.50.129 (US/United States/371334303.cdn77.com): (CF_ENABLE) show less	Brute-Force
🇫🇷 SpaceHost-Server	2026-05-20 22:23:59 (3 weeks ago)	138.199.50.129 - - [21/May/2026:00:22:56 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4894 "-" "Mozilla/5. ... show more 138.199.50.129 - - [21/May/2026:00:22:56 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4894 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/96.0.0.0 Safari/537.36" 138.199.50.129 - - [21/May/2026:00:23:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4894 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36" 138.199.50.129 - - [21/May/2026:00:23:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4894 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/86.0.0.0 Safari/537.36" show less	Hacking Web App Attack
Anonymous	2026-05-20 22:20:05 (3 weeks ago)	Automatic report - Vulnerability scan /xmlrpc.php	Web App Attack
🇺🇸 integrantservices.com	2026-05-20 20:15:56 (3 weeks ago)	(PERMBLOCK) 138.199.50.129 (US/United States/371334303.cdn77.com) has had more than 4 temp blocks	Hacking
Anonymous	2026-05-20 17:25:36 (3 weeks ago)	(caddyscan) Scanner path probe from 138.199.50.129 (US/United States/371334303.cdn77.com): 5 in the ... show more (caddyscan) Scanner path probe from 138.199.50.129 (US/United States/371334303.cdn77.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 138.199.50.129 - - [20/May/2026:17:14:43 +0000] "POST /xmlrpc.php HTTP/1.1" [REDACTED] 200 2627 138.199.50.129 - - [20/May/2026:17:25:25 +0000] "POST /xmlrpc.php HTTP/1.1" [REDACTED] 200 2627 138.199.50.129 - - [20/May/2026:17:25:31 +0000] "POST /xmlrpc.php HTTP/1.1" [REDACTED] 200 2627 138.199.50.129 - - [20/May/2026:17:25:32 +0000] "POST /xmlrpc.php HTTP/1.1" [REDACTED] 200 2627 138.199.50.129 - - [20/May/2026:17:25:33 +0000] "POST /xmlrpc.php HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 133 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 192.64.61.188

🇲🇽 187.230.115.212

🇫🇮 178.20.210.208

🇳🇱 45.148.10.147

🇨🇳 43.226.39.182

🇺🇬 41.220.3.101

🇨🇦 20.151.201.255

🇩🇪 193.124.20.244

🇵🇭 180.191.204.236

🇧🇬 79.124.49.226

🇺🇸 74.82.47.2

🇻🇳 45.122.242.218

🇬🇧 35.203.211.33

🇦🇪 5.192.140.211

🇬🇧 216.226.76.30

🇷🇺 185.40.30.168

🇺🇸 162.216.150.173

🇺🇸 154.83.197.148

🇺🇸 107.152.44.215

🇨🇳 101.96.220.237