JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.204.197.20

54.204.197.20 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 0%: ?

ISP	Amazon.com, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-54-204-197-20.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.204.197.20

Whois 54.204.197.20

IP Abuse Reports for 54.204.197.20:

This IP address has been reported a total of 29 times from 22 distinct sources. 54.204.197.20 was first reported on December 21st 2024, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇷 rtbh.com.tr	2025-10-11 20:09:18 (8 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇹🇷 rtbh.com.tr	2025-10-11 00:09:16 (8 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇹🇷 rtbh.com.tr	2025-10-10 20:09:16 (8 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇮🇳 Shaik Sai Meera	2025-10-10 11:32:34 (8 months ago)	IM360 WAF: Laravel .env file access - Thu Oct 9 18:03:11 2025	Web App Attack
Anonymous	2025-10-10 04:30:15 (8 months ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇮🇹 mgarofano80	2025-10-10 02:56:30 (8 months ago)		Brute-Force Web App Attack
🇩🇪 ghostwarriors	2025-10-09 22:20:04 (8 months ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2025-10-09 21:59:17 (8 months ago)	Auto-ban: >3000 req/min op 2025-10-09	Hacking Web App Attack SSH
🇩🇪 alphatact1cs	2025-10-09 21:59:01 (8 months ago)	2025-10-09T21:59:01+00:00 from 54.204.197.20 : Unauthorized connection attempt.	Port Scan
🇺🇸 TPI-Abuse	2025-10-09 21:22:05 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 54.204.197.20 (ec2-54-204-197-20.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 54.204.197.20 (ec2-54-204-197-20.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 09 17:21:59.044385 2025] [security2:error] [pid 32087:tid 32087] [client 54.204.197.20:50896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "networkzone.org.convoyforkids.com"] [uri "/.git/config"] [unique_id "aOgnd_CalhMG1Kp7FjboxwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2025-10-09 20:59:35 (8 months ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2025-10-09 20:36:03 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 54.204.197.20 (ec2-54-204-197-20.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 54.204.197.20 (ec2-54-204-197-20.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 09 16:35:57.610733 2025] [security2:error] [pid 15881:tid 15881] [client 54.204.197.20:54912] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nancyscafeandcatering.com"] [uri "/.git/config"] [unique_id "aOgcrfxM0MVvw62qLBhTYgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 BlueWire Hosting	2025-10-09 20:10:37 (8 months ago)	Probing for application vulnerabilities	Brute-Force Web App Attack
🇩🇪 Mr-Money	2025-10-09 19:20:39 (8 months ago)	54.204.197.20 - - [09/Oct/2025:21:20:38 +0200] "GET /.env HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Window ... show more 54.204.197.20 - - [09/Oct/2025:21:20:38 +0200] "GET /.env HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0" ... show less	Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack
🇩🇪 sigurg	2025-10-09 18:53:10 (8 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 91.196.152.6

🇧🇴 200.105.172.184

🇺🇸 193.43.135.244

🇧🇴 190.129.122.12

🇭🇰 118.26.39.178

🇩🇪 104.140.188.14

🇩🇪 94.16.17.141

🇷🇺 91.211.5.157

🇳🇱 91.92.40.47

🇫🇷 85.217.140.25

🇨🇳 60.29.174.122

🇳🇱 45.148.10.152

🇿🇦 196.192.181.202

🇨🇳 60.13.7.77

🇪🇨 200.112.217.47

🇺🇸 178.156.195.191

🇧🇷 177.85.247.230

🇵🇱 134.112.56.47

🇳🇬 105.127.10.241

🇫🇷 91.231.89.135