JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.169.248.165

54.169.248.165 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 73%: ?

73%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-54-169-248-165.ap-southeast-1.compute.amazonaws.com
Domain Name	amazon.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.169.248.165

Whois 54.169.248.165

IP Abuse Reports for 54.169.248.165:

This IP address has been reported a total of 16 times from 13 distinct sources. 54.169.248.165 was first reported on January 28th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-25 09:20:54 (2 hours ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-193) show less	Hacking
🇳🇱 Savvii	2026-06-25 02:16:54 (9 hours ago)	20 attempts against mh-misbehave-ban on chard	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 01:23:22 (10 hours ago)	(mod_security) mod_security (id:210730) triggered by 54.169.248.165 (ec2-54-169-248-165.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 54.169.248.165 (ec2-54-169-248-165.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 21:23:18.401943 2026] [security2:error] [pid 24981:tid 24981] [client 54.169.248.165:65015] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|earthtwoworkshop.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "earthtwoworkshop.com"] [uri "/backup.sql"] [unique_id "ajyDBncPQRXSx_n-26W3mQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-24 05:30:04 (1 day ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇩🇪 akasolutions.de	2026-06-24 02:27:01 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 54.169.248.165 (SG/Singapore/ec2-54-169 ... show more (mod_security) mod_security triggered on hostname [redacted] 54.169.248.165 (SG/Singapore/ec2-54-169-248-165.ap-southeast-1.compute.amazonaws.com) show less	SQL Injection
🇷🇺 cleanweb	2026-06-24 00:46:19 (1 day ago)	Looking for /1.sql, Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0	Brute-Force Phishing
Anonymous	2026-06-23 22:58:33 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 54.169.248.165 (SG/Singapore/ec2-54-169 ... show more (mod_security) mod_security triggered on hostname [redacted] 54.169.248.165 (SG/Singapore/ec2-54-169-248-165.ap-southeast-1.compute.amazonaws.com): (CF_ENABLE) show less	SQL Injection
🇫🇷 Octopuce	2026-06-23 21:40:55 (1 day ago)	Aggressive web search of vulnerable pages: /backup.sql /database.sql /db_backup.sql /db.sql /dump.sq ... show more Aggressive web search of vulnerable pages: /backup.sql /database.sql /db_backup.sql /db.sql /dump.sql ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 21:33:47 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 54.169.248.165 (ec2-54-169-248-165.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 54.169.248.165 (ec2-54-169-248-165.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 17:33:41.369418 2026] [security2:error] [pid 26177:tid 26177] [client 54.169.248.165:56979] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|liverpoolfootballprogrammes.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "liverpoolfootballprogrammes.com"] [uri "/1.sql"] [unique_id "ajmqNSJ2p48sXC4g5WQINwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇾 lns.bz	2026-06-22 20:47:42 (2 days ago)	Too many 404 requests [BY]	Web App Attack
🇨🇭 lufi	2026-06-22 20:17:05 (2 days ago)	2026-06-22T22:17:04+02:00 lufischer04 ids442 2026-06-22 22:17:04 54.169.248.165: blacklistedPath: /b ... show more 2026-06-22T22:17:04+02:00 lufischer04 ids442 2026-06-22 22:17:04 54.169.248.165: blacklistedPath: /backup.sql ... show less	Web Spam Brute-Force Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 16:53:36 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 54.169.248.165 (ec2-54-169-248-165.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 54.169.248.165 (ec2-54-169-248-165.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 12:53:27.224918 2026] [security2:error] [pid 26325:tid 26325] [client 54.169.248.165:59017] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|xtremelywellproductions.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "xtremelywellproductions.com"] [uri "/dbdump.sql"] [unique_id "ajloh-lwwxXQch-kIF0-WgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-22 14:44:56 (2 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇷🇺 DZBOT	2026-06-22 14:08:18 (2 days ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇵🇱 lns.bz	2026-06-22 09:26:43 (3 days ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.7

🇺🇸 147.185.132.35

🇵🇰 139.135.41.2

🇸🇬 101.32.244.206

🇫🇷 91.231.89.4

🇺🇸 35.230.190.8

🇬🇧 35.203.210.189

🇮🇳 20.235.157.149

🇳🇱 193.176.31.202

🇺🇸 162.216.149.162

🇫🇮 147.185.133.83

🇷🇴 141.98.83.240

🇨🇳 125.39.93.73

🇰🇷 118.194.248.142

🇵🇱 109.205.211.147

🇵🇱 109.205.211.145

🇯🇵 104.46.218.75

🇭🇰 101.36.111.119

🇫🇷 91.231.89.7

🇱🇻 81.30.98.62