JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 105.184.185.18

105.184.185.18 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 59%: ?

59%

ISP	Telkom Internet Broadband 105 184
Usage Type	Fixed Line ISP
ASN	AS37457
Hostname(s)	105-184-185-18.south.dsl.telkomsa.net
Domain Name	telkom.co.za
Country	🇿🇦 South Africa
City	Pretoria, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 105.184.185.18

Whois 105.184.185.18

IP Abuse Reports for 105.184.185.18:

This IP address has been reported a total of 13 times from 10 distinct sources. 105.184.185.18 was first reported on June 18th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 WeekendWeb	2026-06-19 09:50:44 (3 days ago)	Wordpress Vunerability attack	Web App Attack
🇳🇱 ConsulHosting	2026-06-19 09:03:33 (3 days ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 07:56:24 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 105.184.185.18 (105-184-185-18.south.dsl.telkom ... show more (mod_security) mod_security (id:240335) triggered by 105.184.185.18 (105-184-185-18.south.dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 03:56:17.901761 2026] [security2:error] [pid 6470:tid 6470] [client 105.184.185.18:53527] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.184.185.18 (+1 hits since last alert)\|tourissue.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tourissue.com"] [uri "/xmlrpc.php"] [unique_id "ajT2Ie-Y7deS4pwn0oNHpQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 06:12:42 (3 days ago)	[redacted] 105.184.185.18 - - [19/Jun/2026:08:12:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 105.184.185.18 - - [19/Jun/2026:08:12:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.4; http://site33218537.com" [redacted] 105.184.185.18 - - [19/Jun/2026:08:12:10 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 105.184.185.18 - - [19/Jun/2026:08:12:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 105.184.185.18 - - [19/Jun/2026:08:12:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" [redacted] 105.184.185.18 - - [19/Jun/2026:08:12:41 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" ... show less	Hacking Web App Attack
🇺🇸 TAY	2026-06-19 05:10:45 (3 days ago)	105.184.185.18 - - [19/Jun/2026:13:10:26 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5941 "-" "Jetpack by ... show more 105.184.185.18 - - [19/Jun/2026:13:10:26 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5941 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" 105.184.185.18 - - [19/Jun/2026:13:10:34 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5941 "-" "Jetpack/12.5; WordPress/6.2; http://site35583910.com" 105.184.185.18 - - [19/Jun/2026:13:10:44 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5941 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)" ... show less	Brute-Force
🇦🇺 screwlooseit.com.au	2026-06-19 02:37:18 (3 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC ZA/South Africa/105-184-185-18.south.dsl.telkomsa.net	Web App Attack
🇪🇸 alferez	2026-06-19 02:01:10 (3 days ago)		Hacking Exploited Host Web App Attack
🇺🇸 integrantservices.com	2026-06-19 00:34:45 (3 days ago)	(wordpress) Failed wordpress login from 105.184.185.18 (105-184-185-18.south.dsl.telkomsa.net)	Brute-Force
🇩🇪 grassau.com	2026-06-18 22:02:18 (3 days ago)	(wordpress) Failed wordpress login from 105.184.185.18 (ZA/South Africa/Gauteng/Pretoria/105-184-185 ... show more (wordpress) Failed wordpress login from 105.184.185.18 (ZA/South Africa/Gauteng/Pretoria/105-184-185-18.south.dsl.telkomsa.net) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-18 22:01:51 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 105.184.185.18 (105-184-185-18.south.dsl.telkom ... show more (mod_security) mod_security (id:240335) triggered by 105.184.185.18 (105-184-185-18.south.dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 18:01:46.421459 2026] [security2:error] [pid 18928:tid 18928] [client 105.184.185.18:60161] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.184.185.18 (+1 hits since last alert)\|avantgarde-hk.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "avantgarde-hk.org"] [uri "/xmlrpc.php"] [unique_id "ajRqyt7KEAibfThFb42jiQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 20:00:19 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 105.184.185.18 (105-184-185-18.south.dsl.telkom ... show more (mod_security) mod_security (id:240335) triggered by 105.184.185.18 (105-184-185-18.south.dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 16:00:13.866160 2026] [security2:error] [pid 3503:tid 3526] [client 105.184.185.18:56322] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.184.185.18 (+1 hits since last alert)\|killasgarage.bike\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "killasgarage.bike"] [uri "/xmlrpc.php"] [unique_id "ajROTdHOtXbralfJryGTRQAAAZQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-18 19:58:47 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 15:44:36 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 105.184.185.18 (105-184-185-18.south.dsl.telkom ... show more (mod_security) mod_security (id:240335) triggered by 105.184.185.18 (105-184-185-18.south.dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 11:44:30.177199 2026] [security2:error] [pid 12451:tid 12451] [client 105.184.185.18:54009] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.184.185.18 (+1 hits since last alert)\|theopinionatedowl.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theopinionatedowl.com"] [uri "/xmlrpc.php"] [unique_id "ajQSXshPHqxdBmKGizC6NgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇿🇦 197.95.122.243

🇺🇸 66.132.195.27

🇺🇸 66.132.186.240

🇸🇬 1.32.207.234

🇭🇰 156.226.176.91

🇸🇬 119.28.106.227

🇳🇱 91.92.40.8

🇨🇳 49.64.85.138

🇱🇹 45.227.254.170

🇳🇱 45.148.10.91

🇺🇸 35.243.195.202

🇮🇳 223.181.82.213

🇷🇸 212.200.235.62

🇨🇳 203.2.164.205

🇬🇧 193.163.125.230

🇨🇱 186.105.101.39

🇲🇳 180.149.125.226

🇺🇸 64.120.108.13

🇳🇱 45.148.10.147

🇳🇱 45.148.10.121