JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 13.220.1.205

13.220.1.205 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 64%: ?

64%

ISP	Amazon Data Services Northern Virginia
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-13-220-1-205.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 13.220.1.205

Whois 13.220.1.205

IP Abuse Reports for 13.220.1.205:

This IP address has been reported a total of 12 times from 10 distinct sources. 13.220.1.205 was first reported on June 28th 2026, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-29 22:27:22 (20 hours ago)		Brute-Force Web App Attack
🇩🇪 Ba-Yu	2026-06-28 22:44:32 (1 day ago)	WP-xmlrpc exploit	Web Spam Blog Spam Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 21:53:45 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 13.220.1.205 (ec2-13-220-1-205.compute-1.amazon ... show more (mod_security) mod_security (id:225170) triggered by 13.220.1.205 (ec2-13-220-1-205.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 17:53:41.080943 2026] [security2:error] [pid 26809:tid 26809] [client 13.220.1.205:51966] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|sandpointidaho.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sandpointidaho.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akGX5RamTA414_S7HAt7AAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 kkwemi	2026-06-28 21:51:50 (1 day ago)	Blocked by block-exploit-paths on /wp-includes/ID3/license.txt	Bad Web Bot
🇺🇸 Lee Daniel	2026-06-28 21:26:16 (1 day ago)	13.220.1.205 - - [28/Jun/2026:17:26:15 -0400] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" ... show more 13.220.1.205 - - [28/Jun/2026:17:26:15 -0400] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 40416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 13.220.1.205 - - [28/Jun/2026:17:26:15 -0400] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1" 404 40381 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 13.220.1.205 - - [28/Jun/2026:17:26:16 -0400] "GET //2020/wp-includes/wlwmanifest.xml HTTP/1.1" 404 40382 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 13.220.1.205 - - [28/Jun/2026:17:26:16 -0400] "GET //2019/wp-includes/wlwmanifest.xml HTTP/1.1" 404 40382 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 13.220.1.205 - - [28/Jun/2026:17:26:16 -0400] "GET //2021/wp-includes/wlwmanifest.xml HTT ... show less	DDoS Attack Web Spam Email Spam Port Scan Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-28 19:34:45 (1 day ago)	2.135 requests with url.path */wp-includes/wlwmanifest.xml	Brute-Force Bad Web Bot
🇩🇪 big-cloud.nl	2026-06-28 18:09:30 (2 days ago)	Try to access /xmlrpc.php?rsd	Web App Attack
🇫🇷 dynamix	2026-06-28 17:46:48 (2 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇫🇮 bittiguru.fi	2026-06-28 17:29:10 (2 days ago)	13.220.1.205 - [28/Jun/2026:20:29:07 +0300] "POST //xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (W ... show more 13.220.1.205 - [28/Jun/2026:20:29:07 +0300] "POST //xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-" 13.220.1.205 - [28/Jun/2026:20:29:09 +0300] "POST //xmlrpc.php HTTP/1.1" 503 18965 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-" ... show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 16:12:17 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 13.220.1.205 (ec2-13-220-1-205.compute-1.amazon ... show more (mod_security) mod_security (id:225170) triggered by 13.220.1.205 (ec2-13-220-1-205.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 12:12:13.608564 2026] [security2:error] [pid 30973:tid 30973] [client 13.220.1.205:65498] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.doctoredwinalvarez.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.doctoredwinalvarez.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akFH3SuF8i2q4ioakfacCwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 bittiguru.fi	2026-06-28 15:54:22 (2 days ago)	13.220.1.205 - [28/Jun/2026:18:54:19 +0300] "POST //xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (W ... show more 13.220.1.205 - [28/Jun/2026:18:54:19 +0300] "POST //xmlrpc.php HTTP/1.1" 200 426 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-" 13.220.1.205 - [28/Jun/2026:18:54:21 +0300] "POST //xmlrpc.php HTTP/1.1" 503 18965 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-" ... show less	Hacking Brute-Force Web App Attack
🇮🇹 VHosting	2026-06-28 13:45:08 (2 days ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 209.142.100.14

🇳🇴 51.13.121.117

🇰🇷 20.214.144.22

🇺🇸 192.155.84.147

🇩🇪 178.128.202.4

🇧🇷 177.53.173.178

🇩🇪 130.12.180.174

🇧🇬 79.124.62.230

🇩🇪 64.226.79.146

🇸🇬 51.79.173.213

🇲🇦 41.92.100.144

🇨🇳 36.156.22.2

🇩🇪 209.38.205.95

🇺🇸 195.184.76.6

🇬🇧 193.163.125.192

🇫🇮 178.20.210.208

🇹🇼 110.25.107.25

🇮🇩 103.147.159.91

🇺🇸 96.126.106.177

🇵🇱 94.26.68.111