JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.168.236.52

54.168.236.52 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 31%: ?

31%

ISP	Amazon Data Services Japan
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-54-168-236-52.ap-northeast-1.compute.amazonaws.com
Domain Name	amazon.com
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.168.236.52

Whois 54.168.236.52

IP Abuse Reports for 54.168.236.52:

This IP address has been reported a total of 14 times from 12 distinct sources. 54.168.236.52 was first reported on October 20th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Octopuce	2026-06-17 03:36:44 (4 days ago)	Aggressive web search of vulnerable pages: /.env /.env.local /app/.env /apps/.env /api/.env ...	Web App Attack
🇳🇴 doofy	2026-06-17 02:46:34 (4 days ago)	[Wed Jun 17 04:46:33.033268 2026] [authz_core:error] [pid 2455316:tid 2455387] [client 54.168.236.52 ... show more [Wed Jun 17 04:46:33.033268 2026] [authz_core:error] [pid 2455316:tid 2455387] [client 54.168.236.52:58228] AH01630: client denied by server configuration: /www/hekser.net/.git [Wed Jun 17 04:46:33.723247 2026] [authz_core:error] [pid 2455316:tid 2455395] [client 54.168.236.52:58228] AH01630: client denied by server configuration: /www/hekser.net/.env [Wed Jun 17 04:46:34.001773 2026] [authz_core:error] [pid 2455316:tid 2455414] [client 54.168.236.52:58228] AH01630: client denied by server configuration: /www/hekser.net/.env.local [Wed Jun 17 04:46:34.293678 2026] [authz_core:error] [pid 2455316:tid 2455416] [client 54.168.236.52:58228] AH01630: client denied by server configuration: /www/hekser.net/.env.production [Wed Jun 17 04:46:34.608829 2026] [authz_core:error] [pid 2455316:tid 2455404] [client 54.168.236.52:58228] AH01630: client denied by server configuration: /www/hekser.net/.env.staging ... show less	Brute-Force Web App Attack
Anonymous	2026-06-13 17:17:18 (1 week ago)	(caddyscan) Scanner path probe from 54.168.236.52 (JP/Japan/ec2-54-168-236-52.ap-northeast-1.compute ... show more (caddyscan) Scanner path probe from 54.168.236.52 (JP/Japan/ec2-54-168-236-52.ap-northeast-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 54.168.236.52 - - [13/Jun/2026:17:17:15 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 54.168.236.52 - - [13/Jun/2026:17:17:16 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 54.168.236.52 - - [13/Jun/2026:17:17:16 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 54.168.236.52 - - [13/Jun/2026:17:17:16 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 54.168.236.52 - - [13/Jun/2026:17:17:17 +0000] "GET /.env.staging HTTP/1.1" show less	Port Scan
🇺🇦 URAN Publishing Service	2026-05-13 02:32:24 (1 month ago)	54.168.236.52 - - [13/May/2026:05:32:10 +0300] "GET /.env HTTP/1.1" 404 705 "-" "Mozilla/5.0 (Macint ... show more 54.168.236.52 - - [13/May/2026:05:32:10 +0300] "GET /.env HTTP/1.1" 404 705 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 54.168.236.52 - - [13/May/2026:05:32:23 +0300] "GET /app/.env HTTP/1.1" 404 705 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" ... show less	Web App Attack
🇩🇪 Petros Stefanakis	2026-05-13 01:00:32 (1 month ago)	(mod_security) mod_security triggered on hostname [redacted] 54.168.236.52 (JP/Japan/ec2-54-168-236- ... show more (mod_security) mod_security triggered on hostname [redacted] 54.168.236.52 (JP/Japan/ec2-54-168-236-52.ap-northeast-1.compute.amazonaws.com) show less	SQL Injection
🇫🇷 masterguru	2026-05-13 00:37:47 (1 month ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇮🇹 VHosting	2026-05-12 23:25:03 (1 month ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇫🇷 Octopuce	2026-05-12 22:15:35 (1 month ago)	Aggressive web search of vulnerable pages: /phpinfo.php /info.php /php.php /i.php /pi.php /pinfo.php ... show more Aggressive web search of vulnerable pages: /phpinfo.php /info.php /php.php /i.php /pi.php /pinfo.php /test.php /p.php /debug.php /admin/phpinfo ... show less	Web App Attack
🇫🇷 dynamix	2026-05-12 22:10:14 (1 month ago)	Multiple WAF Violations	Web App Attack
🇳🇱 homeshowdomain.nl	2025-10-21 22:01:15 (8 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-10-20. show less	Hacking Web App Attack SSH
Anonymous	2025-10-21 17:51:47 (8 months ago)	Aggressive web scan	Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2025-10-20 22:02:08 (8 months ago)	Auto-ban: >3000 req/min op 2025-10-20	Hacking Web App Attack SSH
🇧🇪 cmbplf	2025-10-20 06:23:42 (8 months ago)	252 requests with url.path .env 205 requests with url.path phpinfo.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2025-10-20 04:23:20 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 54.168.236.52 (ec2-54-168-236-52.ap-northeast-1 ... show more (mod_security) mod_security (id:210492) triggered by 54.168.236.52 (ec2-54-168-236-52.ap-northeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 20 00:23:13.740766 2025] [security2:error] [pid 30039:tid 30039] [client 54.168.236.52:37104] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stefchild.com"] [uri "/.env"] [unique_id "aPW5MWlWp-h-LtgS6LfeeAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 117.72.109.90

🇫🇮 94.183.234.128

🇮🇳 92.4.76.12

🇺🇸 72.65.246.82

🇺🇿 213.230.65.53

🇮🇳 110.227.215.90

🇩🇪 69.5.169.30

🇳🇱 45.148.10.157

🇺🇸 44.170.52.150

🇷🇴 2.57.122.177

🇹🇼 198.235.24.76

🇳🇱 195.178.110.26

🇧🇷 191.30.154.196

🇪🇨 190.154.29.85

🇳🇱 176.65.148.4

🇳🇱 176.65.139.181

🇻🇳 113.180.50.235

🇺🇸 98.93.77.214

🇺🇸 72.153.5.137

🇧🇪 34.77.119.84