AbuseIPDB » 18.138.21.30

18.138.21.30 was found in our database!

This IP was reported 105 times. Confidence of Abuse is 1%: ?

1%

ISP	Amazon Data Services Singapore
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-18-138-21-30.ap-southeast-1.compute.amazonaws.com
Domain Name	amazon.com
Country	Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 18.138.21.30

Whois 18.138.21.30

IP Abuse Reports for 18.138.21.30:

This IP address has been reported a total of 105 times from 35 distinct sources. 18.138.21.30 was first reported on August 18th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
ipoac.nl	2024-08-23 15:04:14 (10 months ago)	2024-08-23T17:04:13.080292+02:00 ipoac.nl wordpress(***)[1497014]: XML-RPC authentication failure fo ... show more2024-08-23T17:04:13.080292+02:00 ipoac.nl wordpress(***)[1497014]: XML-RPC authentication failure for***from 18.138.21.30 show less	Web App Attack
TPI-Abuse	2024-08-23 01:54:27 (10 months ago)	(mod_security) mod_security (id:240335) triggered by 18.138.21.30 (ec2-18-138-21-30.ap-southeast-1.c ... show more(mod_security) mod_security (id:240335) triggered by 18.138.21.30 (ec2-18-138-21-30.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 21:54:23.785179 2024] [security2:error] [pid 11407:tid 11407] [client 18.138.21.30:56166] [client 18.138.21.30] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 18.138.21.30 (+1 hits since last alert)|www.artbytracyjane.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.artbytracyjane.com"] [uri "/xmlrpc.php"] [unique_id "Zsfrz98zXYQk9Nx10WKAgwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
QT	2024-08-23 00:52:22 (10 months ago)	Unauthorised WordPress admin login attempted at 2024-08-23 10:52:18 +1000	Web App Attack
francoisunix	2024-08-22 23:49:59 (10 months ago)	18.138.21.30 - - [22/Aug/2024:23:46:07 +0000] "POST /xmlrpc.php HTTP/1.0" 401 413 "-" "Mozilla/5.0 ( ... show more18.138.21.30 - - [22/Aug/2024:23:46:07 +0000] "POST /xmlrpc.php HTTP/1.0" 401 413 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" 18.138.21.30 - - [22/Aug/2024:23:48:46 +0000] "POST /xmlrpc.php HTTP/1.0" 401 413 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" 18.138.21.30 - - [22/Aug/2024:23:49:57 +0000] "POST /xmlrpc.php HTTP/1.0" 401 413 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" show less	Web App Attack
TPI-Abuse	2024-08-22 17:21:52 (10 months ago)	(mod_security) mod_security (id:240335) triggered by 18.138.21.30 (ec2-18-138-21-30.ap-southeast-1.c ... show more(mod_security) mod_security (id:240335) triggered by 18.138.21.30 (ec2-18-138-21-30.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 13:21:45.026911 2024] [security2:error] [pid 14529:tid 14529] [client 18.138.21.30:57864] [client 18.138.21.30] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 18.138.21.30 (+1 hits since last alert)|www.nearfieldchrist.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.nearfieldchrist.com"] [uri "/xmlrpc.php"] [unique_id "ZsdzqXW0A6wSseoB7IgTFgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
ipoac.nl	2024-08-22 16:51:05 (10 months ago)	2024-08-22T18:51:03.819469+02:00 ipoac.nl wordpress(***)[1497018]: XML-RPC authentication failure fo ... show more2024-08-22T18:51:03.819469+02:00 ipoac.nl wordpress(***)[1497018]: XML-RPC authentication failure for***from 18.138.21.30 show less	Web App Attack
Marc	2024-08-22 16:31:20 (10 months ago)		Brute-Force
cmbplf	2024-08-22 13:24:54 (10 months ago)	1.139 requests to */xmlrpc.php	Brute-Force Bad Web Bot
ger-stg-sifi1	2024-08-22 11:56:10 (10 months ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2024-08-22 11:13:33 (10 months ago)	Bot / scanning and/or hacking attempts: [1/1] done, POST /xmlrpc.php HTTP/2.0, [0/0] init	Hacking Web App Attack
Swiptly	2024-08-22 10:29:04 (10 months ago)	WordPress xmlrpc spam or enumeration ...	Web Spam Bad Web Bot Web App Attack
Anonymous	2024-08-22 07:35:03 (10 months ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
Anonymous	2024-08-22 06:44:20 (10 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
rsiddall	2024-08-22 01:35:46 (10 months ago)	18.138.21.30 - - [21/Aug/2024:21:30:51 -0400] "POST /xmlrpc.php HTTP/1.1" 403 1809 "-" "Mozilla/5.0 ... show more18.138.21.30 - - [21/Aug/2024:21:30:51 -0400] "POST /xmlrpc.php HTTP/1.1" 403 1809 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" 18.138.21.30 - - [21/Aug/2024:21:35:45 -0400] "POST /xmlrpc.php HTTP/1.1" 403 1809 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" ... show less	Brute-Force
Kenshin869	2024-08-22 01:28:53 (10 months ago)	Wordpress unauthorized access attempt	Brute-Force

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩