JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 18.117.220.20

18.117.220.20 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 100%: ?

100%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-18-117-220-20.us-east-2.compute.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Columbus, Ohio

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 18.117.220.20

Whois 18.117.220.20

IP Abuse Reports for 18.117.220.20:

This IP address has been reported a total of 31 times from 29 distinct sources. 18.117.220.20 was first reported on June 19th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 valornode	2026-06-19 13:35:14 (4 days ago)	Detected by CrowdSec on www.iambrayden.net-47d88224: CrowdSec: crowdsecurity/http-probing \| ASN: 165 ... show more Detected by CrowdSec on www.iambrayden.net-47d88224: CrowdSec: crowdsecurity/http-probing \| ASN: 16509 (AMAZON-02) \| Country: US \| Range: 18.112.0.0/12 show less	Brute-Force SSH
🇺🇸 xmission.com	2026-06-19 13:13:15 (4 days ago)	Blocked by UFW (TCP on 2087) Source port: 42268 TTL: 52 Packet length: 60 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 42268 TTL: 52 Packet length: 60 TOS: 0x08 This report (for 18.117.220.20) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 Mainpine	2026-06-19 13:12:37 (4 days ago)	[Fri Jun 19 13:12:33.918734 2026] [proxy_fcgi:error] [pid 3354071:tid 3354193] [client 18.117.220.20 ... show more [Fri Jun 19 13:12:33.918734 2026] [proxy_fcgi:error] [pid 3354071:tid 3354193] [client 18.117.220.20:33554] AH01071: Got error 'Primary script unknown' [Fri Jun 19 13:12:37.171109 2026] [proxy_fcgi:error] [pid 3354069:tid 3354236] [client 18.117.220.20:33650] AH01071: Got error 'Primary script unknown' [Fri Jun 19 13:12:37.307489 2026] [proxy_fcgi:error] [pid 3354068:tid 3354218] [client 18.117.220.20:33666] AH01071: Got error 'Primary script unknown' ... show less	Web App Attack
🇺🇸 mc4bbs	2026-06-19 13:09:03 (4 days ago)	Automated Apache detection on Windows host. 5 suspicious HTTP requests within 300 seconds. Examples: ... show more Automated Apache detection on Windows host. 5 suspicious HTTP requests within 300 seconds. Examples: GET /.git/config -> 404 UA=""; GET /.git/logs/HEAD -> 404 UA=""; GET /.git/refs/heads/master -> 404 UA=""; GET /.git/refs/heads/main -> 404 UA=""; GET /.env -> 404 UA="" show less	Web App Attack Hacking
🇩🇪 kivitendo.de	2026-06-19 13:00:43 (4 days ago)	[Fri Jun 19 15:00:56.780604 2026] [access_compat:error] [pid 365681:tid 365696] [client 18.117.220.2 ... show more [Fri Jun 19 15:00:56.780604 2026] [access_compat:error] [pid 365681:tid 365696] [client 18.117.220.20:60164] AH01797: client denied by server configuration: /var/www/kivitendo-erp/.git/config [Fri Jun 19 15:00:57.344815 2026] [access_compat:error] [pid 365679:tid 365685] [client 18.117.220.20:60174] AH01797: client denied by server configuration: /var/www/kivitendo-erp/.git/logs/HEAD ... show less	Brute-Force Web App Attack
🇵🇹 rncbc	2026-06-19 11:07:08 (4 days ago)	[Fri Jun 19 12:07:07.841538 2026] [authz_core:error] [pid 853963:tid 853963] [client 18.117.220.20:5 ... show more [Fri Jun 19 12:07:07.841538 2026] [authz_core:error] [pid 853963:tid 853963] [client 18.117.220.20:58204] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/.git [Fri Jun 19 12:07:08.094889 2026] [authz_core:error] [pid 843452:tid 843452] [client 18.117.220.20:58216] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/.git [Fri Jun 19 12:07:08.452695 2026] [authz_core:error] [pid 847177:tid 847177] [client 18.117.220.20:58230] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/.git ... show less	Brute-Force Bad Web Bot Web App Attack SSH
🇦🇺 Lazarus	2026-06-19 10:35:23 (4 days ago)	HTTP probe.	Bad Web Bot
🇫🇷 dynamix	2026-06-19 09:57:37 (4 days ago)	Multiple WAF Violations	Web App Attack
🇹🇷 Threat.live	2026-06-19 09:35:03 (4 days ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 jkhorvath.com	2026-06-19 09:15:40 (4 days ago)	Request for URL /.git/logs/HEAD	Phishing Brute-Force Web App Attack
🇩🇪 Admins@FBN	2026-06-19 08:50:39 (4 days ago)	FW-PortScan: Traffic Blocked srcport=58756 dstport=2083	Port Scan
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-19 08:39:49 (4 days ago)	Honeypot hit: Empty payload (likely service probe); 2083 [31], 2087 [3] TCP	Port Scan
🇩🇪 dpsbs	2026-06-19 08:35:53 (4 days ago)	url scanning on multiple public ips detected	Bad Web Bot
🇳🇱 SysAdmin Dylan	2026-06-19 08:02:16 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 18.117.220.20 (US/United States/ec2-18-117-220- ... show more (mod_security) mod_security (id:210492) triggered by 18.117.220.20 (US/United States/ec2-18-117-220-20.us-east-2.compute.amazonaws.com): 10 in the last 3600 secs show less	Brute-Force
🇫🇷 masterguru	2026-06-19 07:50:52 (4 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-197)	Hacking Bad Web Bot

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.247.137.227

🇨🇳 210.22.149.155

🇧🇷 205.210.31.202

🇸🇮 176.65.134.34

🇮🇳 111.118.181.171

🇹🇼 61.220.235.10

🇳🇱 45.148.10.152

🇬🇧 35.203.210.204

🇷🇺 31.173.66.222

🇬🇧 2a06:4880:6000::88

🇬🇧 109.145.61.112

🇬🇧 87.236.176.26

🇸🇬 45.78.204.254

🇧🇷 20.195.178.67

🇭🇰 8.217.193.233

🇩🇪 213.209.159.115

🇺🇸 162.216.149.32

🇨🇳 119.147.8.82

🇮🇳 103.125.155.187

🇸🇬 47.74.213.140