JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.236.204.116

54.236.204.116 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 100%: ?

100%

ISP	Amazon.com, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-54-236-204-116.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.236.204.116

Whois 54.236.204.116

IP Abuse Reports for 54.236.204.116:

This IP address has been reported a total of 51 times from 44 distinct sources. 54.236.204.116 was first reported on June 17th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 boxed-it	2026-06-19 14:11:39 (3 days ago)	GET /.git/HEAD (Tarpitted for 1d15h8m28s, wasted 8.06MB)	Web App Attack
🇫🇷 service Informatique	2026-06-19 04:00:37 (3 days ago)	/___proxy_subdomain_whm/login	Web App Attack
🇩🇪 ghostwarriors	2026-06-18 06:20:06 (4 days ago)	Attempts against non-existent wp-login	Brute-Force Web App Attack
🇩🇪 EGP Abuse Dept	2026-06-18 05:51:15 (4 days ago)	Scanning for web/db/file exploits on tpc-044.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇩🇪 initsol	2026-06-18 05:45:21 (4 days ago)	[Thu Jun 18 07:45:19.774146 2026] [php:error] [pid 3196326:tid 3196326] [client 54.236.204.116:51194 ... show more [Thu Jun 18 07:45:19.774146 2026] [php:error] [pid 3196326:tid 3196326] [client 54.236.204.116:51194] script '/var/www/html/wp-config.php' not found or unable to stat [Thu Jun 18 07:45:20.918321 2026] [php:error] [pid 3179333:tid 3179333] [client 54.236.204.116:51228] script '/var/www/html/phpinfo.php' not found or unable to stat [Thu Jun 18 07:45:21.107786 2026] [php:error] [pid 3195782:tid 3195782] [client 54.236.204.116:51238] script '/var/www/html/info.php' not found or unable to stat ... show less	Brute-Force
🇩🇪 NxtGenIT	2026-06-18 05:20:11 (4 days ago)	Tanner Honeypot hit, Event Type: , HTTP Method: GET, User Agent: , URI: /.npmrc	SSH
🇫🇷 Eldeberen	2026-06-18 05:09:43 (4 days ago)	Vulnerability scan attempt through HTTP protocol	Web App Attack
Anonymous	2026-06-18 05:01:52 (4 days ago)	Blocked by ModSec and CSF	Port Scan
Anonymous	2026-06-18 04:15:47 (4 days ago)	Automated report from Fail2Ban firewall ban	Brute-Force SSH IoT Targeted
🇦🇪 CG	2026-06-18 04:06:37 (4 days ago)	Web application attack, Automated scan	Web App Attack Hacking SQL Injection
🇫🇷 service Informatique	2026-06-18 04:00:37 (4 days ago)	/___proxy_subdomain_whm/login	Web App Attack
🇨🇿 Prcek	2026-06-18 03:18:16 (5 days ago)	PortScan:HOST=54.236.204.116,DPORTS=80,2078,2083,2095	Port Scan
🇺🇸 TPI-Abuse	2026-06-18 03:14:09 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 54.236.204.116 (ec2-54-236-204-116.compute-1.am ... show more (mod_security) mod_security (id:210492) triggered by 54.236.204.116 (ec2-54-236-204-116.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 23:14:03.177997 2026] [security2:error] [pid 26449:tid 26449] [client 54.236.204.116:44872] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.46"] [uri "/.git/HEAD"] [unique_id "ajNie4llrEjbr0LkhllniAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-06-18 03:07:55 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇦🇺 aranguren.org	2026-06-18 03:01:40 (5 days ago)	54.236.204.116 - - [18/Jun/2026:13:01:37 +1000] "GET /.git/HEAD HTTP/1.1" 404 986 "-" "Mozilla/5.0 ( ... show more 54.236.204.116 - - [18/Jun/2026:13:01:37 +1000] "GET /.git/HEAD HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 54.236.204.116 - - [18/Jun/2026:13:01:38 +1000] "GET /.git/config HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 54.236.204.116 - - [18/Jun/2026:13:01:38 +1000] "GET /.git/logs/HEAD HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" 54.236.204.116 - - [18/Jun/2026:13:01:39 +1000] "GET /.git/refs/heads/master HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 54.236.204.116 - - [18/Jun/2026:13:01:39 +1000] "GET /.git/refs/heads/main HTTP/1.1" 404 986 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Geck ... show less	Bad Web Bot

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 193.32.249.160

🇷🇺 185.10.63.235

🇨🇳 182.119.163.16

🇻🇳 125.212.235.194

🇩🇪 104.207.55.176

🇺🇸 216.26.230.153

🇺🇸 216.26.229.107

🇺🇸 205.210.31.54

🇲🇽 189.188.77.85

🇵🇰 163.61.226.5

🇨🇳 115.190.245.176

🇺🇸 104.167.25.154

🇧🇩 103.171.69.121

🇦🇪 92.98.173.85

🇫🇷 85.217.140.12

🇵🇱 83.168.95.29

🇺🇸 66.132.172.191

🇨🇳 58.242.60.230

🇮🇳 49.204.74.149

🇮🇳 2409:4090:4028:d002:a5a2:a3b3:9f47:8697