JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.14.131.139

52.14.131.139 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 11%: ?

11%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-52-14-131-139.us-east-2.compute.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Columbus, Ohio

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.14.131.139

Whois 52.14.131.139

IP Abuse Reports for 52.14.131.139:

This IP address has been reported a total of 37 times from 3 distinct sources. 52.14.131.139 was first reported on October 29th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 wrohr	2026-06-10 05:29:00 (1 week ago)		DDoS Attack Email Spam Brute-Force Bad Web Bot
🇮🇩 hermawan	2026-05-30 00:15:47 (2 weeks ago)	05/30/2026-07:15:44.325311 [Drop] [] [1:3100016774:0] Suricata match TLS ja3 scan Uniq Zeek no 16 ... show more 05/30/2026-07:15:44.325311 [Drop] [] [1:3100016774:0] Suricata match TLS ja3 scan Uniq Zeek no 16774 with hash_4ea056e63b7910cbf543f0c095064dfe [**] [Classification: (null)] [Priority: 3] {TCP} 52.14.131.139:34120 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-05-29 00:02:02 (2 weeks ago)	05/29/2026-07:02:01.246773 [Drop] [] [1:3100016774:0] Suricata match TLS ja3 scan Uniq Zeek no 16 ... show more 05/29/2026-07:02:01.246773 [Drop] [] [1:3100016774:0] Suricata match TLS ja3 scan Uniq Zeek no 16774 with hash_4ea056e63b7910cbf543f0c095064dfe [**] [Classification: (null)] [Priority: 3] {TCP} 52.14.131.139:52000 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-05-27 01:44:40 (3 weeks ago)	05/27/2026-08:44:31.405867 [Drop] [] [1:3100016774:0] Suricata match TLS ja3 scan Uniq Zeek no 16 ... show more 05/27/2026-08:44:31.405867 [Drop] [] [1:3100016774:0] Suricata match TLS ja3 scan Uniq Zeek no 16774 with hash_4ea056e63b7910cbf543f0c095064dfe [**] [Classification: (null)] [Priority: 3] {TCP} 52.14.131.139:45132 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-04-17 11:30:44 (2 months ago)	[Fri Apr 17 18:30:43.902716 2026] [security2:error] [pid 453774:tid 140255034336960] [client 52.14.1 ... show more [Fri Apr 17 18:30:43.902716 2026] [security2:error] [pid 453774:tid 140255034336960] [client 52.14.131.139:35220] ModSecurity: Access denied with code 403 (phase 1). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-4.25.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "2951"] [id "920300"] [msg "Request Missing an Accept Header"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: accept-encoding found within REQUEST_HEADERS:User-Agent: Joomla.org Automated Updates Server request_line = GET / HTTP/1.1 Request URI RAW = / Request Basename = "] [severity "NOTICE"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/3"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [hostname "ppid.staklim-malang.info"] [uri "/"] [unique_id "aeIZ4wU ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-04-16 11:16:46 (2 months ago)	[Thu Apr 16 18:15:52.678889 2026] [security2:error] [pid 109856:tid 140195634599616] [client 52.14.1 ... show more [Thu Apr 16 18:15:52.678889 2026] [security2:error] [pid 109856:tid 140195634599616] [client 52.14.131.139:40764] ModSecurity: Access denied with code 403 (phase 1). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-4.25.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "2951"] [id "920300"] [msg "Request Missing an Accept Header"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: accept-encoding found within REQUEST_HEADERS:User-Agent: Joomla.org Automated Updates Server request_line = GET / HTTP/1.1 Request URI RAW = / Request Basename = "] [severity "NOTICE"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/3"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [hostname "ppid.staklim-malang.info"] [uri "/"] [unique_id "aeDE6JR ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-04-15 11:00:47 (2 months ago)	[Wed Apr 15 18:00:46.842096 2026] [security2:error] [pid 51917:tid 140581787395776] [client 52.14.13 ... show more [Wed Apr 15 18:00:46.842096 2026] [security2:error] [pid 51917:tid 140581787395776] [client 52.14.131.139:58910] ModSecurity: Access denied with code 403 (phase 1). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-4.25.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "2951"] [id "920300"] [msg "Request Missing an Accept Header"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: accept-encoding found within REQUEST_HEADERS:User-Agent: Joomla.org Automated Updates Server request_line = GET / HTTP/1.1 Request URI RAW = / Request Basename = "] [severity "NOTICE"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/3"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [hostname "ppid.staklim-malang.info"] [uri "/"] [unique_id "ad9v3nNn ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-04-14 23:03:46 (2 months ago)	[Wed Apr 15 06:03:45.616115 2026] [security2:error] [pid 202079:tid 140536976398016] [client 52.14.1 ... show more [Wed Apr 15 06:03:45.616115 2026] [security2:error] [pid 202079:tid 140536976398016] [client 52.14.131.139:41652] ModSecurity: Access denied with code 403 (phase 1). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-4.25.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "2951"] [id "920300"] [msg "Request Missing an Accept Header"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: accept-encoding found within REQUEST_HEADERS:User-Agent: Joomla.org Automated Updates Server request_line = GET / HTTP/1.1 Request URI RAW = / Request Basename = "] [severity "NOTICE"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/3"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [hostname "ppid.staklim-malang.info"] [uri "/"] [unique_id "ad7H0RC ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-04-08 07:45:24 (2 months ago)	04/08/2026-14:45:24.060854 [Drop] [] [1:2100000939:0] Suricata match TLS JA4 scan Uniq Zeek no 93 ... show more 04/08/2026-14:45:24.060854 [Drop] [] [1:2100000939:0] Suricata match TLS JA4 scan Uniq Zeek no 939 with hash_t13d751100_479067518aa3_d41ae481755e [**] [Classification: (null)] [Priority: 3] {TCP} 52.14.131.139:46002 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-04-08 07:22:58 (2 months ago)	04/08/2026-14:22:54.776311 [Drop] [] [1:2100000939:0] Suricata match TLS JA4 scan Uniq Zeek no 93 ... show more 04/08/2026-14:22:54.776311 [Drop] [] [1:2100000939:0] Suricata match TLS JA4 scan Uniq Zeek no 939 with hash_t13d751100_479067518aa3_d41ae481755e [**] [Classification: (null)] [Priority: 3] {TCP} 52.14.131.139:52444 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-04-07 07:08:40 (2 months ago)	Captured JA4H: ge11n_24222fbfe691 \| Log: 52.14.131.139 - - [07/Apr/2026:14:08:24 +0700] "GET /api/in ... show more Captured JA4H: ge11n_24222fbfe691 \| Log: 52.14.131.139 - - [07/Apr/2026:14:08:24 +0700] "GET /api/index.php/v1/joomlaupdate/healthcheck HTTP/1.1" 200 17776 "-" "Joomla.org Automated Updates Server" ge11n_user-agent,accept-encoding,content-type,accept,host,x-jupdate-token,connection... ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-04-06 06:58:52 (2 months ago)	Captured JA4H: ge11n_24222fbfe691 \| Log: 52.14.131.139 - - [06/Apr/2026:13:53:25 +0700] "GET /api/in ... show more Captured JA4H: ge11n_24222fbfe691 \| Log: 52.14.131.139 - - [06/Apr/2026:13:53:25 +0700] "GET /api/index.php/v1/joomlaupdate/healthcheck HTTP/1.1" 200 17777 "-" "Joomla.org Automated Updates Server" ge11n_user-agent,accept-encoding,content-type,accept,host,x-jupdate-token,connection... ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-03-25 03:45:43 (2 months ago)	03/25/2026-10:45:42.001931 [Drop] [] [1:921732:0] Suricata match TLS JA4 scan Uniq Zeek no 143 wi ... show more 03/25/2026-10:45:42.001931 [Drop] [] [1:921732:0] Suricata match TLS JA4 scan Uniq Zeek no 143 with hash_t13d751100_479067518aa3_d41ae481755e [**] [Classification: (null)] [Priority: 3] {TCP} 52.14.131.139:42252 -> 103.166.156.58:443 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-03-25 03:08:27 (2 months ago)	1774407655.015334 Cp9JT01d1WVebxliLj 52.14.131.139 41670 103.166.156.58 443 tcp ssl 99.879713 517 0 ... show more 1774407655.015334 Cp9JT01d1WVebxliLj 52.14.131.139 41670 103.166.156.58 443 tcp ssl 99.879713 517 0 S2 F F 0 ShADTF 12 5285 1 60 - 6 121174_52 5950_64 64240_2-4-8-1-3_1460_7 43440_2-4-8-1-3_1460_14 03/25/2026-10:00:55.015334 ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-02-21 11:21:33 (3 months ago)	[Sat Feb 21 18:21:32.707469 2026] [security2:error] [pid 475048:tid 139944647448256] [client 52.14.1 ... show more [Sat Feb 21 18:21:32.707469 2026] [security2:error] [pid 475048:tid 139944647448256] [client 52.14.131.139:60430] ModSecurity: Access denied with code 403 (phase 1). Match of "ipMatch 103.166.156.58" against "REMOTE_ADDR" required. [file "/etc/modsecurity/coreruleset-4.22.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "413"] [id "440006"] [msg "Connection Close Header"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: close found within REMOTE_ADDR: 52.14.131.139 request_line = POST /api/index.php/v1/joomlaupdate/notificationFailed HTTP/1.1 Request URI RAW = /api/index.php/v1/joomlaupdate/notificationFailed Request Basename = notificationFailed"] [hostname "ppid.staklim-malang.info"] [uri "/api/index.php/v1/joomlaupdate/notificationFailed"] [unique_id "aZmVPCw0uW_HkzJmmDQcTwAAAJE"] [ppid.staklim-malang.info] [ppid.staklim-malang.info] top=[475136] [yz1hvVPFWbM] [aZmVPCw0uW_HkzJmmDQcTwAAAJE] keep_alive=[0] [2026-02-2 ... show less	Web App Attack Hacking

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 150.255.254.126

🇧🇯 137.255.154.253

🇺🇸 2a03:2880:16ff:58::

🇹🇼 198.235.24.51

🇸🇬 185.200.116.52

🇺🇸 166.1.60.230

🇹🇼 101.13.2.183

🇬🇧 94.198.82.157

🇺🇸 74.7.230.13

🇺🇸 74.7.227.24

🇺🇸 66.132.172.206

🇻🇳 42.114.162.199

🇮🇪 34.242.216.79

🇯🇵 8.209.238.191

🇦🇺 209.38.83.78

🇬🇧 198.244.183.80

🇺🇦 193.246.147.197

🇨🇦 85.217.149.28

🇩🇪 64.89.163.238

🇬🇧 51.195.183.38