JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 66.235.114.20

66.235.114.20 was found in our database!

This IP was reported 3 times. Confidence of Abuse is 0%: ?

ISP	Amazon.com, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Columbus, Ohio

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 66.235.114.20

Whois 66.235.114.20

IP Abuse Reports for 66.235.114.20:

This IP address has been reported a total of 3 times from 3 distinct sources. 66.235.114.20 was first reported on March 21st 2026, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇪 OperatorXoR	2026-03-22 21:44:00 (3 months ago)	This IP address has been observed in the wild attempting to exploit CVE-2018-0171 CVE-2018-0171 i ... show more This IP address has been observed in the wild attempting to exploit CVE-2018-0171 CVE-2018-0171 is a remote code execution vulnerability in Cisco IOS and IOS XE Software, specifically in the Smart Install client feature. An unauthenticated, remote attacker can send crafted Smart Install messages to trigger a buffer overflow, allowing them to execute arbitrary code or cause a denial of service (DoS) on vulnerable devices. Further information available here: https://nvd.nist.gov/vuln/detail/CVE-2018-0171 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 https://www.tenable.com/blog/proof-of-concept-and-patch-for-critical-cisco-ios-vulnerability-cve-2018-0171 show less	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-03-21 17:42:40 (3 months ago)	(mod_security) mod_security (id:217200) triggered by 66.235.114.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:217200) triggered by 66.235.114.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 21 13:42:32.425131 2026] [security2:error] [pid 26267:tid 26267] [client 66.235.114.20:54122] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header\|\|cpanel.koorsen.net:80\|F\|2"] [data "/guest_auth/guestisup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "cpanel.koorsen.net"] [uri "/guest_auth/guestIsUp.php"] [unique_id "ab7YiLFBkrtglFAP8aecLAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-03-21 09:29:38 (3 months ago)	Aggressive web scan	Web App Attack

Showing 1 to 3 of 3 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇾 213.7.225.157

🇺🇸 191.102.174.156

🇺🇸 191.102.174.150

🇺🇸 191.102.174.103

🇦🇷 181.209.76.203

🇬🇧 172.236.8.193

🇨🇳 101.29.255.4

🇫🇷 51.68.126.146

🇳🇱 45.198.224.46

🇺🇸 38.178.37.1

🇧🇪 34.52.157.204

🇺🇸 191.102.170.167

🇺🇸 191.102.163.97

🇺🇸 191.102.163.85

🇺🇸 191.102.162.178

🇳🇱 176.65.149.31

🇨🇬 102.141.50.164

🇺🇸 66.132.186.199

🇬🇧 46.101.77.4

🇻🇳 14.240.49.19