JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.172.98.138

54.172.98.138 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 85%: ?

85%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-54-172-98-138.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.172.98.138

Whois 54.172.98.138

IP Abuse Reports for 54.172.98.138:

This IP address has been reported a total of 34 times from 17 distinct sources. 54.172.98.138 was first reported on June 4th 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 Burayot	2026-06-05 19:44:27 (6 days ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 54.172.98.138 (US/United States/ec2 ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 54.172.98.138 (US/United States/ec2-54-172-98-138.compute-1.amazonaws.com): 1 in the last 3600 secs show less	Web App Attack
🇳🇱 wlt-blocker	2026-06-05 18:50:12 (6 days ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 17:40:56 (6 days ago)	(mod_security) mod_security (id:949110) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amaz ... show more (mod_security) mod_security (id:949110) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 13:40:51.891243 2026] [security2:error] [pid 19147:tid 19147] [client 54.172.98.138:39632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "hamiltonbookings.com"] [uri "/.git/config"] [unique_id "aiMKI40FH1ojzpW4GGdWywAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 16:17:12 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 12:17:08.189103 2026] [security2:error] [pid 9917:tid 9917] [client 54.172.98.138:55844] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ellavandeven.com"] [uri "/.git/config"] [unique_id "aiL2hDksdgCW2WqwXwSEdQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-05 15:26:53 (6 days ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-197)	Hacking Web App Attack
Anonymous	2026-06-05 15:05:17 (6 days ago)	(caddyscan) Scanner path probe from 54.172.98.138 (US/United States/ec2-54-172-98-138.compute-1.amaz ... show more (caddyscan) Scanner path probe from 54.172.98.138 (US/United States/ec2-54-172-98-138.compute-1.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:15:05:07 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:15:05:09 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:15:05:10 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:15:05:12 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:15:05:14 +0000] "GET /.git/config HTTP/1.1" show less	Port Scan
Anonymous	2026-06-05 12:40:58 (6 days ago)	(caddyscan) Scanner path probe from 54.172.98.138 (US/United States/ec2-54-172-98-138.compute-1.amaz ... show more (caddyscan) Scanner path probe from 54.172.98.138 (US/United States/ec2-54-172-98-138.compute-1.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:12:40:52 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:12:40:52 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:12:40:52 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:12:40:53 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 54.172.98.138 - - [05/Jun/2026:12:40:53 +0000] "GET /.git/config HTTP/1.1" show less	Port Scan
🇫🇷 masterguru	2026-06-05 11:30:21 (6 days ago)	BAD BOT - Detected and Blocked.. Matched phrase "python" at REQUEST_HEADERS:User-Agent. (1100000-196 ... show more BAD BOT - Detected and Blocked.. Matched phrase "python" at REQUEST_HEADERS:User-Agent. (1100000-196) show less	Bad Web Bot
🇩🇪 iNetWorker	2026-06-05 08:13:01 (1 week ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 07:14:48 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 03:14:43.308421 2026] [security2:error] [pid 2389:tid 2389] [client 54.172.98.138:52974] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dwightbrown.com"] [uri "/.git/config"] [unique_id "aiJ3Y8F7oWlSzMKYBiqwIgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 04:36:11 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 00:36:07.299294 2026] [security2:error] [pid 16276:tid 16276] [client 54.172.98.138:43128] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "edensgroup.com"] [uri "/.git/config"] [unique_id "aiJSNz2nCRfXv6GVbNqMUQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Lunix	2026-06-05 03:26:00 (1 week ago)		Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 03:18:51 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 23:18:45.127128 2026] [security2:error] [pid 16586:tid 16586] [client 54.172.98.138:50862] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ecomim.com"] [uri "/.git/config"] [unique_id "aiJAFf0rM40sq8FYxsuPXAAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 01:08:24 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 21:08:20.577787 2026] [security2:error] [pid 15119:tid 15119] [client 54.172.98.138:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eddysgroup.com"] [uri "/.git/config"] [unique_id "aiIhhDAO4TdhiL9M043r3AAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 23:53:05 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 54.172.98.138 (ec2-54-172-98-138.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 19:53:02.002662 2026] [security2:error] [pid 8231:tid 8256] [client 54.172.98.138:54570] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "williampower.com"] [uri "/.git/config"] [unique_id "aiIP3p8LUqIFUe0lxvvc_wAAARY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇴 200.105.172.184

🇭🇰 154.92.17.58

🇩🇪 94.26.106.167

🇨🇳 223.241.247.227

🇨🇱 216.155.93.75

🇲🇽 186.96.145.241

🇨🇴 179.43.2.16

🇭🇰 172.253.4.28

🇨🇦 165.22.235.3

🇸🇪 158.173.241.8

🇫🇮 147.185.133.39

🇵🇭 112.201.70.30

🇺🇸 107.170.110.141

🇫🇷 91.196.152.94

🇺🇸 85.239.245.217

🇳🇱 45.148.10.152

🇺🇸 34.19.61.103

🇨🇳 14.152.90.227

🇨🇳 14.29.208.128

🇸🇬 129.226.95.93