JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.21.227.35

52.21.227.35 was found in our database!

This IP was reported 11,397 times. Confidence of Abuse is 100%: ?

100%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-52-21-227-35.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.21.227.35

Whois 52.21.227.35

IP Abuse Reports for 52.21.227.35:

This IP address has been reported a total of 11,397 times from 383 distinct sources. 52.21.227.35 was first reported on January 19th 2026, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 mkey	2026-06-03 03:05:02 (1 day ago)	Source IP from blacklist is still actively scanning our network. (9 hits in last hour, last seen 202 ... show more Source IP from blacklist is still actively scanning our network. (9 hits in last hour, last seen 2026-06-03 04:58:42) show less	Port Scan
🇷🇺 punctualsuspension968	2026-06-03 02:58:33 (1 day ago)	blocked by ufw on TCP 4443	Port Scan
🇧🇷 diego	2026-06-03 02:58:10 (1 day ago)	[rede-168-134] 06/02/2026-23:58:10.348008, 52.21.227.35, Protocol: 6, ET CINS Active Threat Intellig ... show more [rede-168-134] 06/02/2026-23:58:10.348008, 52.21.227.35, Protocol: 6, ET CINS Active Threat Intelligence Poor Reputation IP group 102 show less	Hacking
🇺🇸 MPL	2026-06-03 02:57:03 (1 day ago)	tcp port scan (28 or more attempts)	Port Scan
🇮🇩 hermawan	2026-06-03 02:56:11 (1 day ago)	06/03/2026-09:56:10.839888 [Drop] [] [1:921373:1] Suricata Dibuat Gemini TCP SYN port scanner - W ... show more 06/03/2026-09:56:10.839888 [Drop] [] [1:921373:1] Suricata Dibuat Gemini TCP SYN port scanner - Win 65535 [**] [Classification: (null)] [Priority: 3] {TCP} 52.21.227.35:45527 -> 103.166.156.58:4443 ... show less	Email Spam Hacking
🇫🇷 EDSL	2026-06-03 02:55:36 (1 day ago)	[SRV-VPN1] Blocked by SysWarden Firewall (Web Attack)	Port Scan Hacking Web App Attack
🇺🇸 OceanTreasure	2026-06-03 02:40:08 (1 day ago)	tcp/5432; SCAN Suspicious inbound to PostgreSQL port 5432 @ 2026-06-03T02:35:01Z	Brute-Force
🇧🇷 diego	2026-06-03 02:36:12 (1 day ago)	[rede-arem1] 06/02/2026-23:36:12.548108, 52.21.227.35, Protocol: 6, ET SCAN Suspicious inbound to Po ... show more [rede-arem1] 06/02/2026-23:36:12.548108, 52.21.227.35, Protocol: 6, ET SCAN Suspicious inbound to PostgreSQL port 5432 show less	Hacking
🇩🇪 AS213449.net	2026-06-03 02:35:35 (1 day ago)	06/03/2026-04:35:32.379007 src=52.21.227.35 dst=89.144.63.3:5432 proto=6 msg=ET SCAN Suspicious inbo ... show more 06/03/2026-04:35:32.379007 src=52.21.227.35 dst=89.144.63.3:5432 proto=6 msg=ET SCAN Suspicious inbound to PostgreSQL port 5432 show less	SQL Injection
Anonymous	2026-06-03 02:34:45 (1 day ago)	2026-06-03T03:34:44.923627+01:00 vps kernel: [42194252.435564] [PORTSCAN DETECTED] IN=ens3 OUT= MAC= ... show more 2026-06-03T03:34:44.923627+01:00 vps kernel: [42194252.435564] [PORTSCAN DETECTED] IN=ens3 OUT= MAC=fa:16:3e:66:f6:24:02:37:19:0d:c2:f3:08:00 SRC=52.21.227.35 DST=54.37.14.118 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36241 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ... show less	Port Scan Brute-Force
🇺🇸 donarev419	2026-06-03 02:33:10 (1 day ago)	Connection to port 8010 with data transfer. Data preview:	Port Scan Hacking
🇦🇩 bakunin1848	2026-06-03 02:31:06 (1 day ago)	Firewall IPS Detection on 03-06-2026 at 04:31:06	Port Scan Exploited Host
🇳🇱 donarev419	2026-06-03 02:13:21 (1 day ago)	Connection to port 443 with data transfer. Data preview:	Port Scan Hacking
🇸🇬 securejdprop	2026-06-03 02:02:39 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET CINS Active Thr ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET CINS Active Threat Intelligence Poor Reputation IP group 99). Ip 52.21.227.35 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-03 02:02:37.82574581 +0000 UTC show less	Hacking Web App Attack
🇺🇸 MPL	2026-06-03 02:02:26 (1 day ago)	tcp port scan (22 or more attempts)	Port Scan

Showing 166 to 180 of 11397 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.199.182.108

🇧🇷 177.55.157.59

🇮🇩 140.213.6.237

🇷🇺 89.113.137.1

🇨🇳 1.24.16.216

🇺🇸 162.240.211.126

🇳🇱 160.211.64.100

🇹🇯 109.75.50.17

🇯🇲 72.27.199.212

🇧🇾 46.216.198.132

🇧🇪 34.78.106.127

🇺🇸 216.25.89.119

🇨🇳 202.46.62.97

🇺🇸 199.127.60.187

🇨🇷 190.113.115.154

🇲🇽 186.96.145.241

🇺🇸 172.212.224.40

🇺🇸 161.35.122.5

🇰🇪 154.159.237.162

🇫🇮 147.185.133.135