JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 174.138.18.196

174.138.18.196 was found in our database!

This IP was reported 139 times. Confidence of Abuse is 0%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 174.138.18.196

Whois 174.138.18.196

IP Abuse Reports for 174.138.18.196:

This IP address has been reported a total of 139 times from 55 distinct sources. 174.138.18.196 was first reported on June 6th 2021, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 ketovoila.pl	2025-11-05 11:55:41 (6 months ago)	ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/wp-json/wp/v2/posts; UA=Mo ... show more ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/wp-json/wp/v2/posts; UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36; window=2025-11-05T11:33:20Z..2025-11-05T11:33:20Z show less	Port Scan Brute-Force
🇵🇱 sefinek.net	2025-10-29 06:53:38 (7 months ago)	Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: //feed/ UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-10-28 06:24:06 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 174.138.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 174.138.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 02:24:00.238347 2025] [security2:error] [pid 29824:tid 29824] [client 174.138.18.196:56657] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|llew.life\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "llew.life"] [uri "/wp-json/wp/v2/users/"] [unique_id "aQBhgCUb-avIKfCZel-CiQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇱 Dolphi	2025-10-25 10:40:03 (7 months ago)	POST //xmlrpc.php	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-10-25 07:26:31 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 174.138.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 174.138.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 25 03:26:26.035971 2025] [security2:error] [pid 20440:tid 20440] [client 174.138.18.196:59739] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.1832wos.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.1832wos.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aPx7oj3cVukdtyq3CwaljwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-10-24 14:02:11 (7 months ago)	Blocking for trying to access an exploit file: /xmlrpc.php?rsd	Hacking
🇺🇸 agenciahypelab.com.br	2025-10-24 03:41:12 (7 months ago)	WordPress login brute-force detectado e bloqueado pelo CSF/LFD. Trigger: LF_TRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-10-21 20:08:52 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 174.138.18.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 174.138.18.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 21 16:08:44.362049 2025] [security2:error] [pid 1180:tid 1180] [client 174.138.18.196:58380] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|midcityrotary.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "midcityrotary.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "aPfoTNjp400RDsiFUuUMGwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 rdpguard.com	2025-08-20 15:56:51 (9 months ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇮🇩 securejdprop	2025-07-14 03:56:06 (10 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing. Ip 174.138.18.196 performed ... show more This IP was detected by CrowdSec triggering crowdsecurity/http-probing. Ip 174.138.18.196 performed 'crowdsecurity/http-probing' (19 events over 1m24.8948232s) at 2025-07-14 03:56:05.287948749 +0000 UTC show less	Hacking Web App Attack
🇲🇾 Rizzy	2025-07-14 01:52:50 (10 months ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 ipblock.com	2025-07-13 11:14:00 (10 months ago)	IPBlock protected site ID [4055-d][s=02]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇩🇪 rh24	2025-07-13 06:54:32 (10 months ago)	(mod_security) mod_security triggered on hostname [redacted] 174.138.18.196 (SG/Singapore/-): (CF_E ... show more (mod_security) mod_security triggered on hostname [redacted] 174.138.18.196 (SG/Singapore/-): (CF_ENABLE) show less	SQL Injection
🇺🇸 ipblock.com	2025-07-13 05:12:00 (10 months ago)	IPBlock protected site ID [4055-d][s=07]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇧🇪 voormedia	2025-07-12 23:23:55 (10 months ago)	Accessed trap at '/wp-admin/install.php'	Web App Attack

Showing 1 to 15 of 139 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.38

🇰🇷 112.121.24.156

🇳🇱 93.123.109.127

🇺🇸 199.231.163.19

🇳🇱 195.178.110.30

🇬🇹 190.148.112.242

🇧🇷 186.250.177.66

🇮🇹 172.253.228.153

🇱🇹 141.98.11.41

🇫🇮 65.21.0.152

🇧🇷 187.126.105.42

🇦🇷 179.40.112.10

🇬🇧 172.71.178.25

🇰🇷 121.159.177.185

🇷🇴 89.33.130.185

🇺🇸 65.49.1.159

🇵🇭 61.9.8.176

🇬🇧 35.203.211.57

🇩🇪 213.209.159.56

🇮🇳 203.192.197.86