JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 13.212.192.141

13.212.192.141 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 60%: ?

60%

ISP	Amazon Data Services Singapore
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-13-212-192-141.ap-southeast-1.compute.amazonaws.com
Domain Name	amazon.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 13.212.192.141

Whois 13.212.192.141

IP Abuse Reports for 13.212.192.141:

This IP address has been reported a total of 15 times from 9 distinct sources. 13.212.192.141 was first reported on June 22nd 2026, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-06-26 00:27:18 (13 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇧🇷 Halux	2026-06-25 20:03:17 (18 hours ago)	13.212.192.141 Web Application Firewall multiple violations	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 19:59:43 (18 hours ago)	(mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 15:59:37.675074 2026] [security2:error] [pid 29367:tid 29367] [client 13.212.192.141:57217] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mysteriesrevealed.click\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mysteriesrevealed.click"] [uri "/data.sql"] [unique_id "aj2IqUp6aH4uD5Xz6jHFGQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Octopuce	2026-06-25 08:09:55 (1 day ago)	Aggressive web search of vulnerable pages: /backup.sql /database.sql /db_backup.sql /db.sql /dump.sq ... show more Aggressive web search of vulnerable pages: /backup.sql /database.sql /db_backup.sql /db.sql /dump.sql ... show less	Web App Attack
Anonymous	2026-06-25 07:23:12 (1 day ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇨🇭 4server	2026-06-25 01:17:07 (1 day ago)	[ThuJun2503:17:02.2516152026][security2:error][pid588570:tid588575][client13.212.192.141:0]ModSecuri ... show more [ThuJun2503:17:02.2516152026][security2:error][pid588570:tid588575][client13.212.192.141:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Stringmatchwithin\".asa/.asax/.ascx/.backup/.bak/.bat/.cdx/.cer/.cfg/.cmd/.com/.config/.conf/.cs/.csproj/.csr/.dat/.db/.dbf/.dll/.dos/.htr/.htw/.ida/.idc/.idq/.inc/.ini/.key/.licx/.lnk/.log/.mdb/.old/.pass/.pdb/.pol/.printer/.pwd/.rdb/.resources/.resx/.sql/.swp/.sys/.vb/.vbs/.vbproj/.vsdisco/.webinfo/.xsx/\"atTX:extension.[file\"/etc/apache2/conf.d/modsec_rules/00_asl_zz_strict.conf\"][line\"91\"][id\"390716\"][rev\"2\"][msg\"Atomicorp.comWAFRules:URLfileextensionisrestrictedbypolicy\"][data\".sql\"][severity\"ERROR\"][hostname\"mondo-it.ch\"][uri\"/backups/database.sql\"][unique_id\"ajyBjsGUqU2MOZdfd3daTAAAAQM\"] show less	Hacking Web App Attack
🇬🇧 consul.to	2026-06-25 00:23:07 (1 day ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 14:07:26 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 10:07:21.998482 2026] [security2:error] [pid 28369:tid 28369] [client 13.212.192.141:53359] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.apwstl.com.stlouisdave.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.apwstl.com.stlouisdave.com"] [uri "/db_backup.sql"] [unique_id "ajvkmWDV0Btbqcaac0MrKwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 13:44:47 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 09:44:43.520695 2026] [security2:error] [pid 18377:tid 18397] [client 13.212.192.141:50285] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|inal.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "inal.org"] [uri "/1.sql"] [unique_id "ajvfS2FkuulrQg3gg6YX6gAAARE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-23 18:57:53 (2 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 18:27:13 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 14:27:08.653949 2026] [security2:error] [pid 16573:tid 16573] [client 13.212.192.141:65301] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.emsystemsltd.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.emsystemsltd.com"] [uri "/1.sql"] [unique_id "ajrP_Erqa2iNP3UfNLT0QgAAACg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-23 17:17:22 (2 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇩🇪 LRob.fr	2026-06-23 02:45:10 (3 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 mnsf	2026-06-23 00:19:16 (3 days ago)	Abuse Detected (3)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 13:31:37 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 13.212.192.141 (ec2-13-212-192-141.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 09:31:34.125711 2026] [security2:error] [pid 19869:tid 19869] [client 13.212.192.141:53103] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|blackberrycircle.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blackberrycircle.org"] [uri "/backup.sql"] [unique_id "ajk5NrjlR_6Cy5C09hjh7gAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 167.99.197.34

🇺🇸 49.51.204.74

🇳🇱 40.68.94.149

🇻🇪 38.74.237.134

🇺🇸 18.97.26.120

🇵🇰 203.135.42.52

🇸🇪 185.217.1.243

🇮🇩 168.110.192.131

🇺🇸 147.185.132.95

🇩🇪 69.5.169.162

🇳🇱 45.142.193.53

🇺🇸 13.86.116.162

🇺🇸 8.35.196.254

🇭🇰 199.45.154.179

🇰🇪 197.248.8.33

🇷🇴 193.46.255.86

🇺🇸 162.216.150.193

🇬🇧 152.32.198.210

🇰🇷 125.142.37.91

🇬🇧 81.19.219.251