JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.89.249.138

54.89.249.138 was found in our database!

This IP was reported 70 times. Confidence of Abuse is 0%: ?

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-54-89-249-138.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.89.249.138

Whois 54.89.249.138

IP Abuse Reports for 54.89.249.138:

This IP address has been reported a total of 70 times from 54 distinct sources. 54.89.249.138 was first reported on February 15th 2026, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-03-25 00:06:32 (3 months ago)	<jail> banned by fail2ban	Brute-Force Web App Attack
🇬🇧 Axel	2026-02-22 02:24:04 (4 months ago)	Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.git/HEAD Se ... show more Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.git/HEAD Server: UK-02 show less	Web App Attack Hacking SQL Injection
🇬🇧 Axel	2026-02-22 00:16:04 (4 months ago)	Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.git/HEAD Se ... show more Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.git/HEAD Server: UK-02 show less	Web App Attack Hacking SQL Injection
🇬🇧 Axel	2026-02-20 00:16:04 (4 months ago)	Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.git/HEAD Se ... show more Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.git/HEAD Server: UK-02 show less	Web App Attack Hacking SQL Injection
🇬🇧 Axel	2026-02-19 00:00:21 (4 months ago)	Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.git/HEAD Se ... show more Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.git/HEAD Server: UK-02 show less	Web App Attack Hacking SQL Injection
🇺🇸 Charlesiv	2026-02-16 15:31:53 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE ASN: 14618 (AMAZO ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE ASN: 14618 (AMAZON-AES - Amazon.com, Inc.) Protocol: HTTP/1.1 (POST method) Endpoint: / Timestamp: 2026-02-16T13:57:28Z Ray ID: 9ced8de2ac4ee61f UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Bad Web Bot
🇺🇦 URAN Publishing Service	2026-02-16 15:20:54 (4 months ago)	54.89.249.138 - - [16/Feb/2026:17:19:35 +0200] "GET /.env HTTP/1.1" 404 626 "-" "Mozilla/5.0 (Window ... show more 54.89.249.138 - - [16/Feb/2026:17:19:35 +0200] "GET /.env HTTP/1.1" 404 626 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 54.89.249.138 - - [16/Feb/2026:17:20:54 +0200] "GET /.env HTTP/1.1" 404 623 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web App Attack
🇬🇧 Test Developer	2026-02-16 15:19:00 (4 months ago)	Suspicious activity None Request details IP 54.89.249.138 Country United States ASN ... show more Suspicious activity None Request details IP 54.89.249.138 Country United States ASN 14618 - AMAZON-AES - Amazon.com, Inc. User agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Method GET Scheme HTTP/1.1 Path /phpmyadmin/ /adminer.php Verified Bot Category None show less	Brute-Force Web App Attack
🇳🇱 debestelapp	2026-02-16 14:55:04 (4 months ago)		Web App Attack
🇧🇪 DrLex0	2026-02-16 13:43:21 (4 months ago)	Poking for git configs and env files 54.89.249.138 80 - [16/Feb/2026:13:43:20 +0000] "GET /.env HTT ... show more Poking for git configs and env files 54.89.249.138 80 - [16/Feb/2026:13:43:20 +0000] "GET /.env HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 54.89.249.138 80 - [16/Feb/2026:13:43:21 +0000] "GET /.env.local HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 54.89.249.138 80 - [16/Feb/2026:13:43:21 +0000] "GET /.env.local HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 54.89.249.138 80 - [16/Feb/2026:13:43:21 +0000] "GET /.env.local HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Mario Silber	2026-02-16 12:43:56 (4 months ago)	(mod_security) mod_security triggered on hostname [redacted] 54.89.249.138 (US/United States/ec2-54- ... show more (mod_security) mod_security triggered on hostname [redacted] 54.89.249.138 (US/United States/ec2-54-89-249-138.compute-1.amazonaws.com) show less	SQL Injection
🇺🇸 ambor	2026-02-16 11:45:10 (4 months ago)	L0ss Honeypot: Git HEAD file access attempt. Path: /.git/HEAD	Web App Attack
🇩🇪 ps-center	2026-02-16 11:20:13 (4 months ago)	HHV: Web Attack GET /adminer.php	Web Spam Hacking Bad Web Bot Web App Attack
Anonymous	2026-02-16 09:48:25 (4 months ago)	path attack /.git/HEAD	Web App Attack
🇺🇸 quicksand	2026-02-16 09:24:24 (4 months ago)	Malicious URI path [GET /telescope/requests] [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/ ... show more Malicious URI path [GET /telescope/requests] [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36] show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 70 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 91.230.168.208

🇸🇬 194.5.82.47

🇪🇸 158.173.36.217

🇭🇰 123.58.210.86

🇧🇹 103.133.216.202

🇭🇰 101.36.109.176

🇳🇱 89.21.67.157

🇲🇦 81.192.46.29

🇷🇺 46.159.230.137

🇭🇰 46.8.78.131

🇱🇹 45.227.254.170

🇬🇧 45.146.10.113

🇨🇳 43.248.108.210

🇺🇸 20.106.196.4

🇨🇳 1.30.111.88

🇹🇷 195.33.200.58

🇪🇸 194.41.127.237

🇮🇶 185.244.153.19

🇧🇷 177.200.34.8

🇺🇸 173.255.223.149