JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.251.166.204

54.251.166.204 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 100%: ?

100%

ISP	Amazon.com, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-54-251-166-204.ap-southeast-1.compute.amazonaws.com
Domain Name	amazon.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.251.166.204

Whois 54.251.166.204

IP Abuse Reports for 54.251.166.204:

This IP address has been reported a total of 43 times from 31 distinct sources. 54.251.166.204 was first reported on June 26th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 neckaralb-admin.de	2026-06-29 10:07:38 (1 hour ago)	(wordpress) Failed login wp-login.php or xmlrpc.php	Web App Attack
🇲🇽 octageeks.com	2026-06-29 04:23:46 (7 hours ago)	Wordpress malicious attack:[octawpauthor]	Web App Attack
🇩🇪 4server	2026-06-29 04:04:19 (7 hours ago)	[MonJun2906:04:14.4975252026][security2:error][pid2492009:tid2492074][client54.251.166.204:0]ModSecu ... show more [MonJun2906:04:14.4975252026][security2:error][pid2492009:tid2492074][client54.251.166.204:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"prstartup.ch.136-243-54-122.cpanel.site\"][uri\"/wp-includes/xmlrpc.php\"][unique_id\"akHuvrD0OCXscarKB5dU_wAAAII\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 FeG Deutschland	2026-06-29 00:45:04 (11 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇫🇷 SpaceHost-Server	2026-06-28 22:29:48 (13 hours ago)		Brute-Force Web App Attack
🇫🇷 tecnicorioja	2026-06-28 22:01:30 (14 hours ago)	wp-login attack [28/Jun/2026:06:37:21	Brute-Force Web App Attack
🇮🇹 eliosbrocchi	2026-06-28 14:42:36 (21 hours ago)	2026-06-28T16:42:33.753264+02:00 thunderchild wordpress(www.crislio.com)[1077541]: Immediately block ... show more 2026-06-28T16:42:33.753264+02:00 thunderchild wordpress(www.crislio.com)[1077541]: Immediately block connections from 54.251.166.204 ... show less	VPN IP
🇺🇸 TPI-Abuse	2026-06-28 12:36:00 (23 hours ago)	(mod_security) mod_security (id:225170) triggered by 54.251.166.204 (ec2-54-251-166-204.ap-southeast ... show more (mod_security) mod_security (id:225170) triggered by 54.251.166.204 (ec2-54-251-166-204.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 08:35:53.131077 2026] [security2:error] [pid 2724:tid 2724] [client 54.251.166.204:58536] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|brainstormer.visionremota.info\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "brainstormer.visionremota.info"] [uri "/wp-json/wp/v2/users/5"] [unique_id "akEVKS7jOY6NKC1ctLBvRwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-28 11:05:50 (1 day ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇩🇪 FeG Deutschland	2026-06-28 10:56:36 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 10:23:33 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 54.251.166.204 (ec2-54-251-166-204.ap-southeast ... show more (mod_security) mod_security (id:225170) triggered by 54.251.166.204 (ec2-54-251-166-204.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 06:23:26.056056 2026] [security2:error] [pid 11366:tid 11366] [client 54.251.166.204:34764] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.dev.ericadamsdesign.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dev.ericadamsdesign.com"] [uri "/wp-json/wp/v2/users/7"] [unique_id "akD2HmvyGGPxcbe7VxSCtAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-06-28 10:07:31 (1 day ago)	levellapromotions.co.nz:443 54.251.166.204 - - [28/Jun/2026:20:07:29 +1000] "GET /?author=2&feed=rss ... show more levellapromotions.co.nz:443 54.251.166.204 - - [28/Jun/2026:20:07:29 +1000] "GET /?author=2&feed=rss2 HTTP/1.1" 404 343674 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" ... show less	Web App Attack
🇩🇪 Ba-Yu	2026-06-28 03:07:37 (1 day ago)	WordPress bruteforce	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 23:54:56 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 54.251.166.204 (ec2-54-251-166-204.ap-southeast ... show more (mod_security) mod_security (id:225170) triggered by 54.251.166.204 (ec2-54-251-166-204.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 19:54:52.150879 2026] [security2:error] [pid 18245:tid 18245] [client 54.251.166.204:53276] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jesussotoca.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jesussotoca.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "akBizOc9KSh-r1R79UwNJAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-27 23:42:50 (1 day ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 209.99.190.200

🇮🇩 203.175.125.185

🇺🇸 157.245.123.211

🇸🇮 102.220.160.26

🇫🇷 75.119.139.203

🇺🇸 74.125.179.26

🇧🇷 200.39.46.41

🇧🇷 189.108.215.39

🇮🇳 157.33.54.57

🇸🇦 149.109.91.241

🇮🇳 122.168.83.157

🇵🇰 101.53.249.42

🇷🇴 80.94.92.55

🇺🇸 75.84.32.110

🇮🇩 49.0.24.107

🇭🇰 20.205.14.12

🇺🇸 20.65.195.32

🇹🇼 198.235.24.44

🇵🇭 139.135.241.23

🇬🇧 118.26.104.78