JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 3.18.220.173

3.18.220.173 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 100%: ?

100%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-3-18-220-173.us-east-2.compute.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Columbus, Ohio

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 3.18.220.173

Whois 3.18.220.173

IP Abuse Reports for 3.18.220.173:

This IP address has been reported a total of 31 times from 27 distinct sources. 3.18.220.173 was first reported on June 18th 2026, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-19 05:17:31 (12 hours ago)	<jail> banned by fail2ban	Brute-Force Web App Attack
🇫🇷 service Informatique	2026-06-19 04:00:37 (14 hours ago)	/___proxy_subdomain_whm/login	Web App Attack
🇩🇪 Nightreaver	2026-06-18 23:00:50 (19 hours ago)	3.18.220.173 - - [19/Jun/2026:01:00:46 0200] "GET /.git/index HTTP/1.1" 404 457 "-" "Mozilla/5.0 (M ... show more 3.18.220.173 - - [19/Jun/2026:01:00:46 0200] "GET /.git/index HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" 3.18.220.173 - - [19/Jun/2026:01:00:48 0200] "GET /.env HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 3.18.220.173 - - [19/Jun/2026:01:00:48 0200] "GET /.env.local HTTP/1.1" 404 457 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" 3.18.220.173 - - [19/Jun/2026:01:00:50 0200] "GET /.env.backup HTTP/1.1" 404 457 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" 3.18.220.173 - - [19/Jun/2026:01:00:50 0200] "GET /.env.save HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"[...] show less	Bad Web Bot Web App Attack
🇷🇺 mysh38	2026-06-18 22:28:25 (19 hours ago)	fail2ban: nginx-bots jail ban	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 22:07:44 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 3.18.220.173 (ec2-3-18-220-173.us-east-2.comput ... show more (mod_security) mod_security (id:210492) triggered by 3.18.220.173 (ec2-3-18-220-173.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 18:07:38.857704 2026] [security2:error] [pid 6491:tid 6491] [client 3.18.220.173:60734] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.176"] [uri "/.git/HEAD"] [unique_id "ajRsKkvw6xMoMWCT-ZUhFAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-18 22:06:32 (19 hours ago)	(mod_security-custom) mod_security (id:210492) triggered by 3.18.220.173 (US/United States/Ohio/Dubl ... show more (mod_security-custom) mod_security (id:210492) triggered by 3.18.220.173 (US/United States/Ohio/Dublin/ec2-3-18-220-173.us-east-2.compute.amazonaws.com/[AS16509 AMAZON-02]): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇨🇭 Kepler-1649c	2026-06-18 22:05:14 (19 hours ago)	Detected Attack: Spring.Boot.Actuator.Unauthorized.Access	Hacking
🇺🇸 MPL	2026-06-18 21:56:01 (20 hours ago)	tcp/2083	Port Scan
🇺🇸 TPI-Abuse	2026-06-18 21:52:09 (20 hours ago)	(mod_security) mod_security (id:210492) triggered by 3.18.220.173 (ec2-3-18-220-173.us-east-2.comput ... show more (mod_security) mod_security (id:210492) triggered by 3.18.220.173 (ec2-3-18-220-173.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:52:04.962900 2026] [security2:error] [pid 7117:tid 7117] [client 3.18.220.173:50008] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.245"] [uri "/.git/index"] [unique_id "ajRohDD4udjROiLchjQhnAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 i-turnradio.nl	2026-06-18 21:39:56 (20 hours ago)	2026-06-18 @ 23:39:56 (CET) ~ Blocked for trying to access: /.env.local	Web App Attack
🇵🇱 nfsec.pl	2026-06-18 20:21:09 (21 hours ago)	3.18.220.173 - - [18/Jun/2026:20:21:01 +0000] "GET /.git/HEAD HTTP/1.1" 403 406 "-" "Mozilla/5.0 (Ma ... show more 3.18.220.173 - - [18/Jun/2026:20:21:01 +0000] "GET /.git/HEAD HTTP/1.1" 403 406 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" 3.18.220.173 - - [18/Jun/2026:20:21:06 +0000] "GET /.env HTTP/1.1" 403 406 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" 3.18.220.173 - - [18/Jun/2026:20:21:07 +0000] "GET /.env.local HTTP/1.1" 403 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 3.18.220.173 - - [18/Jun/2026:20:21:08 +0000] "GET /.env.backup HTTP/1.1" 403 406 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 3.18.220.173 - - [18/Jun/2026:20:21:09 +0000] "GET /.env.save HTTP/1.1" 403 406 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" ... show less	Web App Attack Exploited Host
🇮🇹 A000Z	2026-06-18 20:13:08 (21 hours ago)	Fail2Ban: 3.18.220.173 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5.0 ... show more Fail2Ban: 3.18.220.173 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 show less	Bad Web Bot
🇩🇪 gadix	2026-06-18 19:55:49 (22 hours ago)	[18/Jun/2026:21:55:46.689529 +0200] ajRNQuyl7sa1O_hOwvHkkQAAAAE 3.18.220.173 51782 127.0.0.1 7080 [1 ... show more [18/Jun/2026:21:55:46.689529 +0200] ajRNQuyl7sa1O_hOwvHkkQAAAAE 3.18.220.173 51782 127.0.0.1 7080 [18/Jun/2026:21:55:47.108872 +0200] ajRNQ-yl7sa1O_hOwvHkkgAAABc 3.18.220.173 51798 127.0.0.1 7080 [18/Jun/2026:21:55:48.657130 +0200] ajRNROyl7sa1O_hOwvHklAAAAAg 3.18.220.173 51812 127.0.0.1 7080 ... show less	Web App Attack
🇺🇸 rellim.com	2026-06-18 18:47:58 (23 hours ago)	Jun 18 11:47:58 alice kernel: HACK IN=enp3s0 OUT=enp1s0f1 MAC=68:05:ca:2e:ce:bc:00:24:dc:78:a0:01:08 ... show more Jun 18 11:47:58 alice kernel: HACK IN=enp3s0 OUT=enp1s0f1 MAC=68:05:ca:2e:ce:bc:00:24:dc:78:a0:01:08:00 SRC=3.18.220.173 DST=204.17.205.254 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=48092 DF PROTO=TCP SPT=42584 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0 Jun 18 11:47:58 alice kernel: HACK IN=enp3s0 OUT=enp1s0f1 MAC=68:05:ca:2e:ce:bc:00:24:dc:78:a0:01:08:00 SRC=3.18.220.173 DST=204.17.205.254 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=38852 DF PROTO=TCP SPT=42324 DPT=2083 WINDOW=62727 RES=0x00 SYN URGP=0 Jun 18 11:47:58 alice kernel: HACK IN=enp3s0 OUT=enp1s0f1 MAC=68:05:ca:2e:ce:bc:00:24:dc:78:a0:01:08:00 SRC=3.18.220.173 DST=204.17.205.254 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=7082 DF PROTO=TCP SPT=45322 DPT=443 WINDOW=62727 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-18 17:35:02 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 3.18.220.173 (ec2-3-18-220-173.us-east-2.comput ... show more (mod_security) mod_security (id:210492) triggered by 3.18.220.173 (ec2-3-18-220-173.us-east-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 13:34:56.192704 2026] [security2:error] [pid 23335:tid 23335] [client 3.18.220.173:33326] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.67"] [uri "/.git/logs/HEAD"] [unique_id "ajQsQCUqwMfF6XNSCGqJfAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 135.237.125.27

🇱🇹 91.224.92.147

🇩🇪 69.5.169.127

🇺🇸 47.251.91.253

🇺🇸 216.25.89.70

🇮🇹 194.124.73.166

🇺🇸 192.220.50.14

🇨🇴 179.1.125.132

🇨🇳 125.125.222.205

🇩🇪 50.7.29.54

🇧🇷 45.205.1.73

🇲🇦 41.250.167.135

🇵🇰 223.123.71.88

🇩🇪 213.209.159.226

🇸🇬 212.73.148.14

🇸🇬 174.138.17.143

🇺🇸 128.8.124.68

🇸🇬 47.84.100.21

🇺🇸 195.184.76.14

🇱🇻 185.113.139.84