JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 54.225.52.227

54.225.52.227 was found in our database!

This IP was reported 102 times. Confidence of Abuse is 100%: ?

100%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-54-225-52-227.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 54.225.52.227

Whois 54.225.52.227

IP Abuse Reports for 54.225.52.227:

This IP address has been reported a total of 102 times from 85 distinct sources. 54.225.52.227 was first reported on June 14th 2026, and the most recent report was 30 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-16 22:00:59 (30 minutes ago)	Auto-ban: >3000 req/min op 2026-06-16	Web App Attack SSH Hacking
Anonymous	2026-06-16 21:54:42 (37 minutes ago)	Reported from Nginx log analysis 19. Log: 54.225.52.227 - - [16/Jun/2026:xx:xx:xx 0200] "GET /.git/ ... show more Reported from Nginx log analysis 19. Log: 54.225.52.227 - - [16/Jun/2026:xx:xx:xx 0200] "GET /.git/config HTTP/1.1" xxx xxx "-" "Mozilla/5.0 (Linux; Android 9; SAMSUNG SM-G960U Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/9.4 Chrome/67.0.3396.87 Mobile Safari/537.36" "-" "US United States Ashburn" "AS14618" "Amazon.com, Inc." show less	Port Scan Brute-Force SSH
🇳🇱 oisecnet	2026-06-16 21:03:37 (1 hour ago)	Automated report: Unauthorized vulnerability scanning detected on 2026-06-16. 9 requests from this I ... show more Automated report: Unauthorized vulnerability scanning detected on 2026-06-16. 9 requests from this IP. show less	Brute-Force Web App Attack SSH
Anonymous	2026-06-16 20:47:13 (1 hour ago)	fail2ban: Sensitive web probes detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 20:36:24 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 54.225.52.227 (ec2-54-225-52-227.compute-1.amaz ... show more (mod_security) mod_security (id:210492) triggered by 54.225.52.227 (ec2-54-225-52-227.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 16:36:20.304254 2026] [security2:error] [pid 11888:tid 11888] [client 54.225.52.227:45442] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "puckerbikini.com"] [uri "/.git/config"] [unique_id "ajGzxLJFftocOawMvuw0VgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 loveprod	2026-06-16 20:35:12 (1 hour ago)	54.225.52.227 - - [16/Jun/2026:23:26:19 +0300] "GET /.git/config HTTP/1.1" 404 324 "-" "Mozilla/5.0 ... show more 54.225.52.227 - - [16/Jun/2026:23:26:19 +0300] "GET /.git/config HTTP/1.1" 404 324 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 YaBrowser/19.7.2.470 Yowser/2.5 Safari/537.36" 54.225.52.227 - - [16/Jun/2026:23:35:11 +0300] "GET /.git/config HTTP/1.1" 301 355 "-" "Mozilla/5.0 (Linux; U; Android 3.0.1; en-us; GT-P7100 Build/HRI83) AppleWebkit/534.13 (KHTML, like Gecko) Version/4.0 Safari/534.13" ... show less	Bad Web Bot
🇩🇪 Progetto1	2026-06-16 20:35:02 (1 hour ago)	Detected via HAProxyScanner at 2026-06-16 20:35:02 UTC on destination port WEB (80/443). Repeated sc ... show more Detected via HAProxyScanner at 2026-06-16 20:35:02 UTC on destination port WEB (80/443). Repeated scan / connection. show less	Port Scan Hacking Brute-Force
🇫🇮 as211431.net	2026-06-16 20:31:15 (2 hours ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.git/config UA: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) MxBrowser/4.5.10.7000 Chrome/30.0.1551.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TNZ	2026-06-16 20:30:16 (2 hours ago)	Automated honeypot: bot_detected:no_accept_language \| Path: /.git/config \| ISP: AS14618 Amazon.com, ... show more Automated honeypot: bot_detected:no_accept_language \| Path: /.git/config \| ISP: AS14618 Amazon.com, Inc. \| ASN: AS14618 Amazon.com, Inc. [HOSTING] \| Abuse score: 100 \| Open ports: [] \| UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chro show less	Web App Attack
🇫🇷 LRob.fr	2026-06-16 20:30:03 (2 hours ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇩🇪 IVski	2026-06-16 20:29:55 (2 hours ago)	IVski WAF \| Sensitive file probe detected - looking for .git	Port Scan Brute-Force Web App Attack
🇨🇭 filou812	2026-06-16 20:16:17 (2 hours ago)	url tried is "/.git/config"	Web App Attack
🇩🇪 joharikop	2026-06-16 20:09:23 (2 hours ago)	Nginx: credential/secret file probe (/.env, /.git, /.aws etc). Automated ban via fail2ban nginx-cred ... show more Nginx: credential/secret file probe (/.env, /.git, /.aws etc). Automated ban via fail2ban nginx-credential-probes jail. show less	Web App Attack
🇩🇪 ut-addicted.com	2026-06-16 20:08:59 (2 hours ago)	\[Tue Jun 16 22:08:58.067081 2026\] \[:error\] \[pid 30214:tid 139785967077120\] \[client 54.225.52. ... show more \[Tue Jun 16 22:08:58.067081 2026\] \[:error\] \[pid 30214:tid 139785967077120\] \[client 54.225.52.227:41514\] \[client 54.225.52.227\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 5\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "ut-addicted.com"\] \[uri "/.git/config"\] \[unique_id "ajGtWvBApzMVrDc54IfdVAAAAME"\] show less	Brute-Force Web App Attack
Anonymous	2026-06-16 20:06:11 (2 hours ago)	Trying to access config files	Web App Attack

Showing 1 to 15 of 102 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 185.94.111.1

🇬🇧 118.26.104.19

🇩🇪 85.203.15.121

🇳🇱 85.11.167.118

🇨🇳 39.185.31.192

🇩🇪 213.179.69.181

🇺🇸 195.184.76.215

🇸🇬 188.253.120.46

🇨🇳 180.164.45.181

🇳🇱 87.229.95.129

🇳🇱 45.148.10.183

🇰🇷 211.178.165.251

🇳🇱 195.178.110.26

🇺🇸 186.179.47.170

🇩🇪 154.14.23.208

🇮🇩 103.99.214.16

🇫🇷 84.17.43.213

🇫🇷 83.202.163.22

🇩🇴 45.172.152.74

🇺🇸 205.210.31.82