JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.163.158.114

54.163.158.114 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 0%: ?

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-54-163-158-114.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.163.158.114

Whois 54.163.158.114

IP Abuse Reports for 54.163.158.114:

This IP address has been reported a total of 17 times from 14 distinct sources. 54.163.158.114 was first reported on November 6th 2023, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 sid3windr	2025-11-30 13:24:25 (6 months ago)	GET /config/.env (Tarpitted for 1d15h8m28s, wasted 8.06MB)	Web App Attack
Anonymous	2025-11-29 01:10:50 (6 months ago)	(mod_security) mod_security triggered on hostname [redacted] 54.163.158.114 (US/United States/ec2-54 ... show more (mod_security) mod_security triggered on hostname [redacted] 54.163.158.114 (US/United States/ec2-54-163-158-114.compute-1.amazonaws.com) show less	SQL Injection
🇺🇸 TPI-Abuse	2025-11-29 00:35:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 54.163.158.114 (ec2-54-163-158-114.compute-1.am ... show more (mod_security) mod_security (id:210492) triggered by 54.163.158.114 (ec2-54-163-158-114.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 19:35:41.518246 2025] [security2:error] [pid 19305:tid 19305] [client 54.163.158.114:41056] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nancyscafeandcatering.com"] [uri "/.env.remote"] [unique_id "aSo_3dp3hkTuXgl5z-7RVgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 konseptit	2025-11-29 00:09:03 (6 months ago)	(mod_security) mod_security triggered on hostname [redacted] 54.163.158.114 (US/United States/ec2-54 ... show more (mod_security) mod_security triggered on hostname [redacted] 54.163.158.114 (US/United States/ec2-54-163-158-114.compute-1.amazonaws.com) show less	SQL Injection
🇳🇱 jaapeldoorn	2025-11-28 22:41:37 (6 months ago)	[Fri Nov 28 23:41:30.091321 2025] [access_compat:error] [pid 965757:tid 965790] [client 54.163.158.1 ... show more [Fri Nov 28 23:41:30.091321 2025] [access_compat:error] [pid 965757:tid 965790] [client 54.163.158.114:37538] AH01797: client denied by server configuration: /mnt/myNAS/var/www/nextcloud/config/.env [Fri Nov 28 23:41:35.548557 2025] [access_compat:error] [pid 965757:tid 965794] [client 54.163.158.114:36504] AH01797: client denied by server configuration: /mnt/myNAS/var/www/nextcloud/config/secrets.yml [Fri Nov 28 23:41:35.917373 2025] [access_compat:error] [pid 975995:tid 976005] [client 54.163.158.114:37086] AH01797: client denied by server configuration: /mnt/myNAS/var/www/nextcloud/config/config.yml ... show less	Brute-Force
🇵🇱 Roper123	2025-11-28 22:30:32 (6 months ago)	Web app exploits	Web App Attack
🇺🇸 lnklnx	2025-11-28 22:29:37 (6 months ago)	nextcloud.lnklnx.com:443 54.163.158.114 - - [28/Nov/2025:16:29:35 -0600] "GET /.env.backup HTTP/1.1" ... show more nextcloud.lnklnx.com:443 54.163.158.114 - - [28/Nov/2025:16:29:35 -0600] "GET /.env.backup HTTP/1.1" 404 9040 "-" "python-httpx/0.22.0" ... show less	Web App Attack
🇩🇪 jasperedv.de	2025-11-28 22:14:37 (6 months ago)	Apache Login - Brutforcing	Brute-Force Web App Attack
🇫🇷 Hippoline	2025-11-28 22:12:13 (6 months ago)	[Fri Nov 28 23:11:47.281405 2025] [access_compat:error] [pid 22370] [client 54.163.158.114:50768] AH ... show more [Fri Nov 28 23:11:47.281405 2025] [access_compat:error] [pid 22370] [client 54.163.158.114:50768] AH01797: client denied by server configuration: /var/www/clients/client1/web35/web/config/database.yml [Fri Nov 28 23:11:47.466637 2025] [access_compat:error] [pid 22157] [client 54.163.158.114:50358] AH01797: client denied by server configuration: /var/www/clients/client1/web35/web/config/app.yml [Fri Nov 28 23:11:59.709718 2025] [access_compat:error] [pid 22382] [client 54.163.158.114:59068] AH01797: client denied by server configuration: /var/www/clients/client1/web35/web/config/.env [Fri Nov 28 23:12:06.301078 2025] [access_compat:error] [pid 22384] [client 54.163.158.114:60974] AH01797: client denied by server configuration: /var/www/clients/client1/web35/web/config/config.yml [Fri Nov 28 23:12:12.340082 2025] [access_compat:error] [pid 22375] [client 54.163.158.114:57610] AH01797: client denied by server configuration: /var/www/clients/client1/web35/web/config/secrets.yml ... show less	Brute-Force Web App Attack
🇳🇱 Site.eu	2025-11-28 21:56:24 (6 months ago)	Excessive 404/403 errors	Brute-Force
🇺🇸 mnsf	2025-11-28 21:06:27 (6 months ago)	Too many Status 40X (13)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 20:30:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 54.163.158.114 (ec2-54-163-158-114.compute-1.am ... show more (mod_security) mod_security (id:210492) triggered by 54.163.158.114 (ec2-54-163-158-114.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 15:30:14.554732 2025] [security2:error] [pid 32420:tid 32420] [client 54.163.158.114:45358] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "northernfrontier.net"] [uri "/.git/config"] [unique_id "aSoGVtWgXVQA2Cu9SAcO4wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 20:01:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 54.163.158.114 (ec2-54-163-158-114.compute-1.am ... show more (mod_security) mod_security (id:210492) triggered by 54.163.158.114 (ec2-54-163-158-114.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 15:01:42.268516 2025] [security2:error] [pid 16709:tid 16715] [client 54.163.158.114:59922] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "norse.eagletons.com"] [uri "/.git/config"] [unique_id "aSn_plEshD5U9J8K9m3jdAAAAUM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 18:56:49 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 54.163.158.114 (ec2-54-163-158-114.compute-1.am ... show more (mod_security) mod_security (id:210492) triggered by 54.163.158.114 (ec2-54-163-158-114.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 13:56:42.882233 2025] [security2:error] [pid 29436:tid 29436] [client 54.163.158.114:35696] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nsightsound.com"] [uri "/lib/.env"] [unique_id "aSnwatdo4bmwPInPuhTveQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Allolatr	2025-11-28 18:47:37 (6 months ago)	Nov 28 19:47:36 [redacted] j443: ::ffff:54.163.158.114 [redacted].ip-37-187-123.eu "GET /.git/config ... show more Nov 28 19:47:36 [redacted] j443: ::ffff:54.163.158.114 [redacted].ip-37-187-123.eu "GET /.git/config HTTP/1.1" 400 0 "-" "python-httpx/0.22.0" Nov 28 19:47:36 [redacted] j443: ::ffff:54.163.158.114 [redacted].ip-37-187-123.eu "GET /.env HTTP/1.1" 400 0 "-" "python-httpx/0.22.0" Nov 28 19:47:36 [redacted] j443: ::ffff:54.163.158.114 [redacted].ip-37-187-123.eu "GET /.env.local HTTP/1.1" 400 0 "-" "python-httpx/0.22.0" Nov 28 19:47:36 [redacted] j443: ::ffff:54.163.158.114 [redacted].ip-37-187-123.eu "GET /.env.remote HTTP/1.1" 400 0 "-" "python-httpx/0.22.0" Nov 28 19:47:36 [redacted] j443: ::ffff:54.163.158.114 [redacted].ip-37-187-123.eu "GET /.env.production HTTP/1.1" 400 0 "-" "python-httpx/0.22.0"... show less	Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 91.92.42.61

🇳🇱 91.92.42.19

🇧🇬 79.124.62.134

🇮🇱 51.4.98.130

🇸🇬 43.153.204.181

🇨🇦 20.104.19.65

🇮🇪 2607:fdc0:202:3:9999::214

🇧🇷 205.210.31.235

🇧🇪 198.235.24.238

🇮🇳 182.95.228.194

🇨🇦 165.22.226.251

🇳🇱 165.22.205.95

🇳🇱 91.92.42.34

🇬🇧 5.226.140.68

🇺🇸 192.236.244.137

🇳🇱 91.92.42.64

🇦🇺 51.161.137.193

🇧🇬 5.188.206.66

🇻🇳 180.93.43.226

🇳🇱 91.92.40.153