JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.54.107.63

52.54.107.63 was found in our database!

This IP was reported 154 times. Confidence of Abuse is 100%: ?

100%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-52-54-107-63.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.54.107.63

Whois 52.54.107.63

IP Abuse Reports for 52.54.107.63:

This IP address has been reported a total of 154 times from 108 distinct sources. 52.54.107.63 was first reported on June 2nd 2026, and the most recent report was 19 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-04 06:50:14 (19 minutes ago)	[ThuJun0408:50:09.4667792026][security2:error][pid2936413:tid2936462][client52.54.107.63:0]ModSecuri ... show more [ThuJun0408:50:09.4667792026][security2:error][pid2936413:tid2936462][client52.54.107.63:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?i\)\\\\\\\\b\(\?:i\(\?:s\(\?:_\(\?:in\(\?:t\(\?:eger\)\?\\|finite\)\\|n\(\?:u\(\?:meric\\|ll\)\\|an\)\\|\(\?:calla\\|dou\)ble\\|s\(\?:calar\\|tring\)\\|f\(\?:inite\\|loat\)\\|re\(\?:source\\|al\)\\|l\(\?:ink\\|ong\)\\|a\(\?:rray\)\?\\|object\\|bool\)\\|set\)\\|n\(\?:\(\?:clud\\|vok\)e\\|t\(\?:div\\|val\)\)\\|\(\?:mplod\\|dat\)e\\|conv\)\\|s\(\?:t\(\?:r\(\?:\(\?:le\\|sp\)n\\|...\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"582\"][id\"380026\"][rev\"27\"][msg\"Atomicorp.comWAFRules:PHPpayloaddetected\"][data\"split\(\\\\x5c\\\\x22\\\\x5c\\\\x22\).reverse\(\).join\(\\\\x5c\\\\x22\\\\x5c\\\\x22\)].from\(\'kgfzew5jigz1bmn0aw9ukcl7ci8vigzhc3rfcmvjb25fdjyg4ocuihnpz25hdhvyzs1yb3rhdgvkihjly29uihbhewxvywqkly8gq2hhbmdlcybmcm9tihy1ogovlyagic0gumfuzg9taxplzcb0b3atbgv2zwwgslnptibrzxlzichubybmaxhlzcbzy2hlbwegdg8gzmluz2vychjpbnqpci8vicaglsbwyxjpywjszsbvdxrwdxqgc3rydwn0 show less	Port Scan Brute-Force Web App Attack
🇺🇸 Shouddy Tarano	2026-06-04 06:42:02 (27 minutes ago)	[Thu Jun 04 00:42:00.696057 2026] [authz_core:error] [pid 1946394:tid 139792075364096] [client 52.54 ... show more [Thu Jun 04 00:42:00.696057 2026] [authz_core:error] [pid 1946394:tid 139792075364096] [client 52.54.107.63:23528] AH01630: client denied by server configuration: /var/www/api-erpcampestre/api-erpcampestre/public/, referer: https://erpapi.campestremty.com/ [Thu Jun 04 00:42:00.703502 2026] [authz_core:error] [pid 1946394:tid 139792075364096] [client 52.54.107.63:23528] AH01630: client denied by server configuration: /usr/share/httpd/noindex/index.html, referer: https://erpapi.campestremty.com/ [Thu Jun 04 00:42:00.776773 2026] [authz_core:error] [pid 1946394:tid 139792167683840] [client 52.54.107.63:23528] AH01630: client denied by server configuration: /var/www/api-erpcampestre/api-erpcampestre/public/, referer: https://erpapi.campestremty.com/ [Thu Jun 04 00:42:00.782612 2026] [authz_core:error] [pid 1946394:tid 139792167683840] [client 52.54.107.63:23528] AH01630: client denied by server configuration: /usr/share/httpd/noindex/index.html, referer: https://erpapi.campestremty.com/ [T ... show less	DDoS Attack Web Spam Brute-Force Web App Attack
Anonymous	2026-06-04 06:35:09 (34 minutes ago)	[Thu Jun 04 08:35:06.798568 2026] [:error] [pid 1663733:tid 1663733] [client 52.54.107.63:4708] ModS ... show more [Thu Jun 04 08:35:06.798568 2026] [:error] [pid 1663733:tid 1663733] [client 52.54.107.63:4708] ModSecurity: Warning. Matched "Operator `Within' with parameter `/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/ /x-middleware-subrequest/ /expect/' against variable `TX:header_name_920450_content-encoding' (Value: `/content-encoding/' ) [file "/usr/local/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1209"] [id "920450"] [rev ""] [msg "HTTP header is restricted by policy (/content-encoding/)"] [data "Restricted header detected: /content-encoding/"] [severity "2"] [ver "OWASP_CRS/4.28.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [uri "/"] [unique_id "178055490622.270315"] [r ... show less	Web App Attack
🇫🇮 oh.mg	2026-06-04 06:33:08 (36 minutes ago)	[Thu Jun 04 08:33:07.986113 2026] [security2:error] [pid 1133900:tid 1133915] [client 52.54.107.63:0 ... show more [Thu Jun 04 08:33:07.986113 2026] [security2:error] [pid 1133900:tid 1133915] [client 52.54.107.63:0] [client 52.54.107.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 50)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "ec.je"] [uri "/"] [unique_id "aiEcI5dkkZNVuqii7oTgvQAAAE0"] ... show less	Web App Attack Bad Web Bot
🇩🇪 AetherFox	2026-06-04 06:28:25 (41 minutes ago)	AetherFox VoidGuard detected: [Thu Jun 04 06:28:24.030448 2026] [authz_core:error] [pid 3132759:tid ... show more AetherFox VoidGuard detected: [Thu Jun 04 06:28:24.030448 2026] [authz_core:error] [pid 3132759:tid 3132772] [client 52.54.107.63:59692] AH01630: client denied by server configuration: proxy:https://[MASKED]/, referer: https://draconigen.com/ [Thu Jun 04 06:28:24.316178 2026] [authz_core:error] [pid 3132759:tid 3132809] [client 52.54.107.63:59692] AH01630: client denied by server configuration: proxy:https://[MASKED]/, referer: https://draconigen.com/ [Thu Jun 04 06:28:24.507490 2026] [authz_core:error] [pid 3132759:tid 3132800] [client 52.54.107.63:59692] AH01630: client denied by server configuration: proxy:https://[MASKED]/, referer: https://draconigen.com/ [Thu Jun 04 06:28:24.741739 2026] [authz_core:error] [pid 3132759:tid 3132769] [client 52.54.107.63:59692] AH01630: client denied by server configuration: proxy:https://[MASKED]/, referer: https://draconigen.com/ [Thu Jun 04 06:28:24.972844 2026] [authz_core:error] [pid 3132759:tid 3132807] [client ... show less	Bad Web Bot Web App Attack
🇩🇪 dbmwebdesign	2026-06-04 06:10:07 (59 minutes ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇩🇪 ut-addicted.com	2026-06-04 06:07:47 (1 hour ago)	\[Thu Jun 04 08:07:46.097805 2026\] \[:error\] \[pid 31476:tid 139785977566976\] \[client 52.54.107. ... show more \[Thu Jun 04 08:07:46.097805 2026\] \[:error\] \[pid 31476:tid 139785977566976\] \[client 52.54.107.63:25410\] \[client 52.54.107.63\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 5\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "crx.it"\] \[uri "/"\] \[unique_id "aiEWMkSUsE0BZF1xf9DyhwAAAMA"\], referer: https://crx.it/ show less	Brute-Force Web App Attack
🇨🇭 blinx	2026-06-04 05:30:23 (1 hour ago)	Suspicious activity detected by Modsecurity	Web Spam Port Scan Hacking Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-04 04:51:59 (2 hours ago)	Remote Command Execution: Unix Command Injection (command without evasion). Pattern match "(?i)(?:b ... show more Remote Command Execution: Unix Command Injection (command without evasion). Pattern match "(?i)(?:b (932235-195) show less	Hacking
🇩🇪 Progetto1	2026-06-04 04:38:01 (2 hours ago)	Detected via HAProxyScanner at 2026-06-04 04:38:01 UTC on destination port WEB (80/443). Repeated sc ... show more Detected via HAProxyScanner at 2026-06-04 04:38:01 UTC on destination port WEB (80/443). Repeated scan / connection. show less	Port Scan Hacking Brute-Force
🇫🇮 wpwoodo	2026-06-04 04:22:09 (2 hours ago)	Webpage crawler	Bad Web Bot
🇭🇳 unph	2026-06-04 03:49:43 (3 hours ago)	Intento de acceso sospechoso bloqueado por AbuseIPDB Blocker Plugin	Brute-Force
🇸🇬 securejdprop	2026-06-04 03:37:55 (3 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing. crowdsecurity/http-probing	Hacking Web App Attack
🇦🇺 MAGIC	2026-06-04 03:05:35 (4 hours ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2026-06-04 02:03:05 (5 hours ago)	Auto-reported by Fail2Ban (NPM-Auth)	Web App Attack

Showing 1 to 15 of 154 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 202.46.85.198

🇺🇸 65.49.1.59

🇺🇸 64.62.156.199

🇯🇵 8.216.14.99

🇮🇩 180.248.22.28

🇵🇭 165.154.100.252

🇺🇸 162.216.150.206

🇨🇦 134.122.33.120

🇲🇾 113.211.96.235

🇧🇩 103.183.62.3

🇨🇳 61.151.249.194

🇧🇪 34.140.236.87

🇭🇰 199.45.154.188

🇹🇼 198.235.24.126

🇮🇳 182.95.187.86

🇺🇸 172.208.49.189

🇫🇮 147.185.133.83

🇨🇳 123.160.172.51

🇺🇸 91.230.168.121

🇪🇸 85.86.181.39