JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 18.222.253.55

18.222.253.55 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 95%: ?

95%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-18-222-253-55.us-east-2.compute.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Columbus, Ohio

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 18.222.253.55

Whois 18.222.253.55

IP Abuse Reports for 18.222.253.55:

This IP address has been reported a total of 21 times from 17 distinct sources. 18.222.253.55 was first reported on June 18th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 SOC Blue Team	2026-06-18 17:25:46 (1 hour ago)	IPs get by Hunting on SIEM	Phishing Web Spam Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-18 17:23:19 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 18.222.253.55 (ec2-18-222-253-55.us-east-2.comp ... show more (mod_security) mod_security (id:210492) triggered by 18.222.253.55 (ec2-18-222-253-55.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 13:23:14.867224 2026] [security2:error] [pid 20101:tid 20101] [client 18.222.253.55:40588] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.198"] [uri "/.git/HEAD"] [unique_id "ajQpguQpDd3OeGvCL5upMwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 16:24:34 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 18.222.253.55 (ec2-18-222-253-55.us-east-2.comp ... show more (mod_security) mod_security (id:210492) triggered by 18.222.253.55 (ec2-18-222-253-55.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 12:24:26.281977 2026] [security2:error] [pid 4129:tid 4129] [client 18.222.253.55:55728] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "csm-dtc.com"] [uri "/.env"] [unique_id "ajQbukFZwzvPCljR0hKzcgAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 Mga Admin	2026-06-18 16:17:39 (2 hours ago)	18.222.253.55 - - [18/Jun/2026:23:17:38 +0700] "GET /___proxy_subdomain_whm/login/ HTTP/1.1" 404 136 ... show more 18.222.253.55 - - [18/Jun/2026:23:17:38 +0700] "GET /___proxy_subdomain_whm/login/ HTTP/1.1" 404 1360 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Web App Attack
🇧🇾 lns.bz	2026-06-18 16:07:12 (3 hours ago)	.env scanning [BY]	Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-18 16:06:02 (3 hours ago)	Fail2Ban - [WEB]Exploit attempts (SQLi, RCE, path traversal) on webexploits ... [ice01]	Hacking SQL Injection Web App Attack
🇫🇷 COMAITE	2026-06-18 15:30:32 (3 hours ago)	Suspicious URL access.	Web App Attack
🇺🇸 aks4226	2026-06-18 14:43:16 (4 hours ago)	Attacking common web applications. (n01)	Web App Attack
🇧🇷 maviei	2026-06-18 14:02:04 (5 hours ago)	2026-06-18T11:02:03.552799-03:00 srv1251771 kernel: [1558152.232705] [UFW BLOCK] IN=eth0 OUT= MAC=40 ... show more 2026-06-18T11:02:03.552799-03:00 srv1251771 kernel: [1558152.232705] [UFW BLOCK] IN=eth0 OUT= MAC=40:e8:d4:b8:29:bb:44:38:39:ff:ff:41:08:00 SRC=18.222.253.55 DST=72.61.36.27 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=14317 DF PROTO=TCP SPT=46800 DPT=2083 WINDOW=62727 RES=0x00 SYN URGP=0 2026-06-18T11:02:03.552986-03:00 srv1251771 kernel: [1558152.232996] [UFW BLOCK] IN=eth0 OUT= MAC=40:e8:d4:b8:29:bb:44:38:39:ff:ff:41:08:00 SRC=18.222.253.55 DST=72.61.36.27 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=14153 DF PROTO=TCP SPT=56494 DPT=2082 WINDOW=62727 RES=0x00 SYN URGP=0 2026-06-18T11:02:03.553396-03:00 srv1251771 kernel: [1558152.233509] [UFW BLOCK] IN=eth0 OUT= MAC=40:e8:d4:b8:29:bb:44:38:39:ff:ff:41:08:00 SRC=18.222.253.55 DST=72.61.36.27 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=48700 DF PROTO=TCP SPT=50228 DPT=2078 WINDOW=62727 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇩🇪 maxpower	2026-06-18 13:47:29 (5 hours ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 18.222.253.55 (US/United States/ec2-18-2 ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 18.222.253.55 (US/United States/ec2-18-222-253-55.us-east-2.compute.amazonaws.com): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 18.222.253.55 - - [18/Jun/2026:15:47:24 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" "-" host=145.239.233.179 18.222.253.55 - - [18/Jun/2026:15:47:25 +0200] "GET /.aws/credentials HTTP/1.1" 404 355 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "-" host=145.239.233.179 show less	Port Scan
🇩🇪 pigro	2026-06-18 12:53:08 (6 hours ago)	18.222.253.55 - - [18/Jun/2026:14:52:56 +0200] "GET /.git/HEAD HTTP/1.1" 404 188 "-" "Mozilla/5.0 (M ... show more 18.222.253.55 - - [18/Jun/2026:14:52:56 +0200] "GET /.git/HEAD HTTP/1.1" 404 188 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 18.222.253.55 - - [18/Jun/2026:14:53:08 +0200] "GET /config/database.yml HTTP/1.1" 404 125 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Web App Attack
🇺🇸 MPL	2026-06-18 12:19:29 (6 hours ago)	tcp ports: 2077,2078 (4 or more attempts)	Port Scan
🇩🇪 dbmwebdesign	2026-06-18 11:10:36 (8 hours ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇫🇷 dynamix	2026-06-18 10:13:31 (9 hours ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-06-18 10:09:52 (9 hours ago)	PAD: ModSec_Scanner!,ModSec_Critical,Bad_Web_Bot_D detected	Hacking

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 152.32.189.59

🇨🇳 111.26.63.85

🇹🇼 110.25.112.143

🇳🇱 107.189.27.179

🇺🇸 18.218.129.208

🇮🇳 182.78.240.94

🇻🇳 160.191.244.158

🇫🇷 143.244.57.120

🇳🇱 143.20.79.177

🇭🇰 103.20.223.56

🇳🇱 62.84.172.177

🇨🇳 58.218.195.26

🇨🇳 58.215.207.238

🇺🇸 34.168.236.24

🇨🇦 24.137.45.234

🇨🇳 1.85.216.148

🇧🇷 177.89.59.52

🇹🇭 118.194.251.75

🇧🇬 78.128.113.74

🇺🇸 66.132.172.147