AbuseIPDB » 18.97.9.173

18.97.9.173 was found in our database!

This IP was reported 61 times. Confidence of Abuse is 85%: ?

85%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	18-97-9-173.crawl.commoncrawl.org
Domain Name	amazon.com
Country	United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 18.97.9.173

Whois 18.97.9.173

IP Abuse Reports for 18.97.9.173:

This IP address has been reported a total of 61 times from 32 distinct sources. 18.97.9.173 was first reported on November 30th 2024, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
SkyDancer	2025-03-23 18:30:48 (11 hours ago)	Multiple web intrusion attempts or RDP/SSH hacking using wrong credentials. Attack automatically blo ... show moreMultiple web intrusion attempts or RDP/SSH hacking using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-Ai-D show less	Hacking Brute-Force SSH
taivas.nl	2025-03-23 05:32:22 (1 day ago)	Many_bad_calls	Web App Attack
taivas.nl	2025-03-23 01:02:12 (1 day ago)	Bad_requests	Bad Web Bot
TPI-Abuse	2025-03-22 18:22:16 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 18.97.9.173 (18-97-9-173.crawl.commoncrawl.org) ... show more(mod_security) mod_security (id:210730) triggered by 18.97.9.173 (18-97-9-173.crawl.commoncrawl.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 22 14:22:09.413263 2025] [security2:error] [pid 6373:tid 6373] [client 18.97.9.173:34778] [client 18.97.9.173] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||adoniahenterprises.com|F|2"] [data ".user.ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "adoniahenterprises.com"] [uri "/goober_.user.ini"] [unique_id "Z97_0TYQDajXmN3eRiaqFwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
librebit	2025-03-21 07:04:29 (2 days ago)	Brute force	Brute-Force
antlac1	2025-03-20 00:40:29 (4 days ago)	crowdsecurity/http-bad-user-agent	Brute-Force Web App Attack
MAGIC	2025-03-19 13:02:41 (4 days ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
librebit	2025-03-18 22:50:04 (5 days ago)	Brute force	Brute-Force
2000cn.com.au	2025-03-18 22:23:49 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Bad Web Bot Web App Attack
Swiptly	2025-03-15 03:38:14 (1 week ago)	Aggressive SEO Bots ...	Bad Web Bot
rtbh.com.tr	2025-03-14 20:48:57 (1 week ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
Mendip_Defender	2025-03-14 11:31:52 (1 week ago)	18.97.9.173 - - [14/Mar/2025:11:31:49 +0000] "GET /robots.txt HTTP/1.0" 200 954 "-" "CCBot/2.0 (http ... show more18.97.9.173 - - [14/Mar/2025:11:31:49 +0000] "GET /robots.txt HTTP/1.0" 200 954 "-" "CCBot/2.0 (https://commoncrawl.org/faq/)" ... show less	Bad Web Bot
rtbh.com.tr	2025-03-13 20:48:58 (1 week ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
TPI-Abuse	2025-03-13 17:13:46 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 18.97.9.173 (18-97-9-173.crawl.commoncrawl.org) ... show more(mod_security) mod_security (id:210730) triggered by 18.97.9.173 (18-97-9-173.crawl.commoncrawl.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 13 13:13:42.962603 2025] [security2:error] [pid 6579:tid 6579] [client 18.97.9.173:55240] [client 18.97.9.173] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||koswerks.net|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "koswerks.net"] [uri "/index.bak"] [unique_id "Z9MSRkBX_CaCywu_sC4U8QAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Séfora Srl	2025-03-13 10:00:18 (1 week ago)	Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache ... show moreBad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache-badbot jail show less	Bad Web Bot

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩