JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.189.105.14

54.189.105.14 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 100%: ?

100%

ISP	Amazon.com, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-54-189-105-14.us-west-2.compute.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Boardman, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.189.105.14

Whois 54.189.105.14

IP Abuse Reports for 54.189.105.14:

This IP address has been reported a total of 37 times from 26 distinct sources. 54.189.105.14 was first reported on June 30th 2026, and the most recent report was 43 seconds ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 ruusvuu	2026-06-30 18:58:10 (43 seconds ago)	Automated abuse report: 25 attack/probe requests from Amazon.com, Inc. / US. Targeted paths: /docker ... show more Automated abuse report: 25 attack/probe requests from Amazon.com, Inc. / US. Targeted paths: /docker-compose.yml, /docker-compose.yaml, /docker-compose.prod.yml, /docker-compose.production.yml, /logs/laravel.log. Sample log lines: [shots] 📊 6/30/2026, 11:58:02 54.189.105.14 GET /docker-compose.production.yml 404 - 1.719 ms [shots] 📊 6/30/2026, 11:58:09 54.189.105.14 GET /logs/laravel.log 404 - 1.484 ms [shots] 📊 6/30/2026, 11:58:09 54.189.105.14 GET /.npmrc 404 - 1.242 ms Detected by an automated web-server log monitor. show less	Web App Attack
🇺🇸 conrad10781	2026-06-30 18:13:11 (45 minutes ago)	nginx-dot-env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 17:55:15 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 54.189.105.14 (ec2-54-189-105-14.us-west-2.comp ... show more (mod_security) mod_security (id:210492) triggered by 54.189.105.14 (ec2-54-189-105-14.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 13:55:07.609578 2026] [security2:error] [pid 1167:tid 1167] [client 54.189.105.14:56882] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.natchezbicycle.com"] [uri "/.git/config"] [unique_id "akQC-3Wj5j0DWUhskF8RwAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-30 17:26:47 (1 hour ago)	Excessive multi-domain requests	Brute-Force
🇳🇴 jad-abuse	2026-06-30 17:12:04 (1 hour ago)	ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: git_expos ... show more ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: git_exposure, env_probe, source_backup. Observed by 1 sensor(s); 59 hits. show less	Web App Attack
Anonymous	2026-06-30 17:05:50 (1 hour ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=22	Hacking
🇦🇺 rubixstudios	2026-06-30 16:57:02 (2 hours ago)	Excessive HTTP requests consistent with automated attack behaviour detected by Imunify360	DDoS Attack Brute-Force Web App Attack
🇫🇷 Octopuce	2026-06-30 16:45:41 (2 hours ago)	Aggressive web search of vulnerable pages: /core/install.php /magento_version/ /config.yml /app/conf ... show more Aggressive web search of vulnerable pages: /core/install.php /magento_version/ /config.yml /app/config.yml /docker-compose.yml /docker-compose. ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 16:34:06 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 54.189.105.14 (ec2-54-189-105-14.us-west-2.comp ... show more (mod_security) mod_security (id:210492) triggered by 54.189.105.14 (ec2-54-189-105-14.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 12:33:58.980284 2026] [security2:error] [pid 30733:tid 30733] [client 54.189.105.14:55656] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "theateroobleck.com"] [uri "/.git/config"] [unique_id "akPv9mdQ2hz_hpMN8vS89gAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 debestelapp	2026-06-30 16:10:06 (2 hours ago)		Web App Attack
Anonymous	2026-06-30 16:07:32 (2 hours ago)	54.189.105.14 - - [01/Jul/2026:00:07:28 +0800] "GET /core/install.php HTTP/1.1" 404 300891 "-" "Merc ... show more 54.189.105.14 - - [01/Jul/2026:00:07:28 +0800] "GET /core/install.php HTTP/1.1" 404 300891 "-" "MerchantSecurityScanner/1.0 (+https://stri.pe/go/merchant-security-scanner; opt-out: [email protected])" 54.189.105.14 - - [01/Jul/2026:00:07:29 +0800] "GET /administrator/manifests/files/joomla.xml HTTP/1.1" 404 300891 "-" "MerchantSecurityScanner/1.0 (+https://stri.pe/go/merchant-security-scanner; opt-out: [email protected])" 54.189.105.14 - - [01/Jul/2026:00:07:29 +0800] "GET /magento_version HTTP/1.1" 404 300891 "-" "MerchantSecurityScanner/1.0 (+https://stri.pe/go/merchant-security-scanner; opt-out: [email protected])" 54.189.105.14 - - [01/Jul/2026:00:07:29 +0800] "GET /config.toml HTTP/1.1" 404 300891 "-" "MerchantSecurityScanner/1.0 (+https://stri.pe/go/merchant-security-scanner; opt-out: [email protected])" 54.189.105.14 - - [01/Jul/2026:00:07:30 +0800] "GET /config.yaml HTTP/1.1" 404 300891 "-" "MerchantSecurityScanner/1.0 (+https://stri.pe/go/merchant-security-scan ... show less	Bad Web Bot Web App Attack
🇺🇸 Lezetho	2026-06-30 16:00:38 (2 hours ago)	DDoS, WebSpam, Web Attack, and Brute-force blocked by Cloudflare	DDoS Attack Email Spam Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-06-30 15:48:11 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 54.189.105.14 (ec2-54-189-105-14.us-west-2.comp ... show more (mod_security) mod_security (id:210492) triggered by 54.189.105.14 (ec2-54-189-105-14.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 11:48:07.627816 2026] [security2:error] [pid 7347:tid 7347] [client 54.189.105.14:47980] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "northfultonneurology.com"] [uri "/.git/FETCH_HEAD"] [unique_id "akPlN3eWc5A1Kao4mwQjpwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 15:25:20 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 54.189.105.14 (ec2-54-189-105-14.us-west-2.comp ... show more (mod_security) mod_security (id:210492) triggered by 54.189.105.14 (ec2-54-189-105-14.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 11:25:13.674229 2026] [security2:error] [pid 11890:tid 11890] [client 54.189.105.14:34262] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.agirlwithaguitar.com"] [uri "/.git/config"] [unique_id "akPf2btDNblQl_fbg8i0-gAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 tecnoacquisti.com	2026-06-30 15:17:10 (3 hours ago)	PrestaShop Security Module: suspicious probe path detected (/.git)	Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.56

🇧🇷 187.110.238.50

🇧🇷 177.67.247.161

🇺🇸 172.202.118.11

🇺🇸 162.216.149.169

🇳🇱 160.119.71.135

🇪🇸 77.74.229.158

🇮🇷 46.38.146.46

🇯🇵 43.153.189.212

🇨🇳 39.171.252.186

🇨🇳 14.103.117.97

🇩🇪 167.94.146.79

🇮🇩 163.7.6.114

🇺🇸 162.216.149.105

🇸🇬 152.42.253.238

🇬🇧 144.126.206.86

🇧🇩 103.109.239.210

🇫🇷 91.231.89.143

🇸🇬 43.156.3.248

🇸🇳 41.82.211.58