JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.179.89.230

54.179.89.230 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 81%: ?

81%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-54-179-89-230.ap-southeast-1.compute.amazonaws.com
Domain Name	amazon.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.179.89.230

Whois 54.179.89.230

IP Abuse Reports for 54.179.89.230:

This IP address has been reported a total of 18 times from 14 distinct sources. 54.179.89.230 was first reported on June 22nd 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 debestelapp	2026-06-27 09:55:06 (4 hours ago)		Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 06:59:26 (7 hours ago)	(mod_security) mod_security (id:210730) triggered by 54.179.89.230 (ec2-54-179-89-230.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 54.179.89.230 (ec2-54-179-89-230.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 02:59:18.625781 2026] [security2:error] [pid 21491:tid 21491] [client 54.179.89.230:62369] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|directoryofdogs.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "directoryofdogs.com"] [uri "/data.sql"] [unique_id "aj90xt_XOLcdqKemNpKt0AAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WellSpring	2026-06-27 06:24:09 (7 hours ago)	wordpress scan on careenough.us/wp-content/uploads/dump.sql — WellSpr.ing/NetSentinel civic-AI secur ... show more wordpress scan on careenough.us/wp-content/uploads/dump.sql — WellSpr.ing/NetSentinel civic-AI security layer show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 23:22:19 (14 hours ago)	(mod_security) mod_security (id:210730) triggered by 54.179.89.230 (ec2-54-179-89-230.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 54.179.89.230 (ec2-54-179-89-230.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 19:22:15.405000 2026] [security2:error] [pid 18312:tid 18442] [client 54.179.89.230:61111] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.stephanietobola.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.stephanietobola.com"] [uri "/1.sql"] [unique_id "aj8Jp72VCng14LeCrrkASQAAANE"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 clapper	2026-06-26 22:46:38 (15 hours ago)	(mod_security) mod_security (id:949110) triggered by 54.179.89.230 (SG/Singapore/ec2-54-179-89-230.a ... show more (mod_security) mod_security (id:949110) triggered by 54.179.89.230 (SG/Singapore/ec2-54-179-89-230.ap-southeast-1.compute.amazonaws.com): 5 in the last 600 secs; ID: rub show less	Brute-Force Bad Web Bot
Anonymous	2026-06-26 21:00:48 (17 hours ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇵🇱 lns.bz	2026-06-26 18:41:41 (19 hours ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack
🇩🇪 DEV-DNS	2026-06-26 18:22:56 (19 hours ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
🇺🇸 mnsf	2026-06-25 21:35:39 (1 day ago)	Abuse Detected (3)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 09:48:08 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 54.179.89.230 (ec2-54-179-89-230.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 54.179.89.230 (ec2-54-179-89-230.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 05:48:01.025703 2026] [security2:error] [pid 19265:tid 19265] [client 54.179.89.230:62329] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dhingra.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dhingra.com"] [uri "/database.sql"] [unique_id "ajz5UZVJ__IsfLrMa4mvzwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-25 06:58:58 (2 days ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-mnz6-1) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-25 00:40:35 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 54.179.89.230 (ec2-54-179-89-230.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 54.179.89.230 (ec2-54-179-89-230.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 20:40:28.158412 2026] [security2:error] [pid 16826:tid 16826] [client 54.179.89.230:59901] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|desimon.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "desimon.com"] [uri "/database.sql"] [unique_id "ajx4_JfXot335w9hujxoLAAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 raph	2026-06-24 20:55:06 (2 days ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-24 13:33:32 (3 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇷 Octopuce	2026-06-23 05:09:01 (4 days ago)	Aggressive web search of vulnerable pages: /backup.sql /database.sql /db_backup.sql /db.sql /dump.sq ... show more Aggressive web search of vulnerable pages: /backup.sql /database.sql /db_backup.sql /db.sql /dump.sql ... show less	Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇱 201.219.234.176

🇮🇹 195.32.116.228

🇺🇸 173.252.82.146

🇺🇸 128.203.200.235

🇭🇰 101.36.111.155

🇳🇱 45.148.10.151

🇨🇳 42.123.123.238

🇺🇸 173.252.82.148

🇧🇬 162.158.210.32

🇨🇳 116.179.32.141

🇺🇸 2607:f8b0:4001:c10::121

🇩🇪 172.217.34.20

🇨🇦 165.22.228.212

🇺🇸 152.232.60.10

🇺🇸 107.172.118.5

🇺🇸 47.41.20.82

🇳🇱 45.148.10.157

🇺🇸 34.138.209.94

🇺🇸 2602:feda:f39f:fb6c:d299:ff01:7999:da2

🇳🇱 195.178.110.30