JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.40.145.164

52.40.145.164 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 27%: ?

27%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	prod-boron-us-west-2-8.awp.binaryedge.ninja
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Boardman, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.40.145.164

Whois 52.40.145.164

IP Abuse Reports for 52.40.145.164:

This IP address has been reported a total of 20 times from 13 distinct sources. 52.40.145.164 was first reported on December 8th 2025, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-06-12 22:41:50 (6 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 22:38:21 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 52.40.145.164 (prod-boron-us-west-2-8.awp.binar ... show more (mod_security) mod_security (id:210492) triggered by 52.40.145.164 (prod-boron-us-west-2-8.awp.binaryedge.ninja): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 18:38:15.780790 2026] [security2:error] [pid 29582:tid 29582] [client 52.40.145.164:57214] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.kithouse.org"] [uri "/.env"] [unique_id "aiyKV4Bgrl-b8LU1scurpAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 08:04:19 (1 week ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 90%, Country: US, Attack patterns: Clou ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 90%, Country: US, Attack patterns: Cloud secrets probing, Directory traversal show less	Bad Web Bot Web App Attack
🇸🇪 donarev419	2026-06-10 01:12:44 (1 week ago)	Connection to port 4433 with data transfer. Data preview:	Port Scan Hacking
🇸🇪 donarev419	2026-05-20 00:01:30 (4 weeks ago)	Port scan detected on port 9333 (connection without data transfer)	Port Scan
🇸🇪 donarev419	2026-04-24 00:24:43 (1 month ago)	Port scan detected on port 3368 (connection without data transfer)	Port Scan
🇸🇪 donarev419	2026-03-30 01:38:49 (2 months ago)	Port scan detected on port 1180 (connection without data transfer)	Port Scan
🇸🇪 donarev419	2026-03-27 00:17:48 (2 months ago)	Port scan detected on port 89 (connection without data transfer)	Port Scan
🇨🇳 ThreatBook.io	2026-01-13 23:11:40 (5 months ago)	ThreatBook Intelligence: Zombie,IDC more details on https://threatbook.io/ip/52.40.145.164 2026-01-1 ... show more ThreatBook Intelligence: Zombie,IDC more details on https://threatbook.io/ip/52.40.145.164 2026-01-13 04:12:20 /v1/statement,{"body":"SHOW catalogs","content_type":"","header":{"Accept-Encoding":["identity"],"Content-Length":["13"],"User-Agent":["python-urllib3/2.5.0"],"X-Presto-Catalog":[""],"X-Presto-Schema":[""],"X-Presto-Source":["presto-python-client"],"X-Presto-User":["admin"],"X-Trino-Catalog":[""],"X-Trino-Schema":[""],"X-Trino-Source":["trino-python-client"],"X-Trino-User":["admin"]},"host":"52.83.210.249","method":"POST","proto":"HTTP/1.1","remote_addr":"52.40.145.164:38622","status_code":200,"url":"/v1/statement","user_agent":"python-urllib3/2.5.0"} 2026-01-13 04:12:00 / show less	Web App Attack
🇺🇸 mnsf	2025-12-25 10:05:17 (5 months ago)	Too many Status 40X (12)	Brute-Force Web App Attack
🇳🇱 VMHeaven.io	2025-12-11 13:12:41 (6 months ago)	Blocked by UFW [3388/tcp] Source port: 58155 TTL: 240 Packet length: 44	Port Scan
🇨🇦 Largnet SOC	2025-12-10 16:51:52 (6 months ago)	52.40.145.164 triggered Icarus honeypot on port 3389. Check us out on github.	Port Scan Hacking
Anonymous	2025-12-10 09:54:00 (6 months ago)	Botnet activity detected: Wide horizontal scanner, Multiple non-service patterns, Multiple scan indi ... show more Botnet activity detected: Wide horizontal scanner, Multiple non-service patterns, Multiple scan indicators, Confirmed scanner with multiple patterns, Horizontal scanner on non-service ports, Horizontal scan with SYN retry, Slow horizontal with regular pattern, Mixed vertical+horizontal scanner, Coordinated non-service scan, Confirmed scanner identified (+2 more). Total 35 blocks. show less	DDoS Attack Port Scan Hacking
🇳🇱 VMHeaven.io	2025-12-10 08:19:00 (6 months ago)	Blocked by UFW [443/tcp] Source port: 53723 TTL: 240 Packet length: 44	Port Scan Web App Attack
🇺🇸 MPL	2025-12-10 08:14:27 (6 months ago)	tcp/443 (2 or more attempts)	Port Scan

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 183.10.88.6

🇯🇵 101.36.105.50

🇷🇴 80.94.92.168

🇩🇪 69.5.169.8

🇫🇷 51.68.111.207

🇺🇸 45.33.105.182

🇺🇸 195.184.76.135

🇮🇳 172.71.198.106

🇨🇳 112.28.234.157

🇺🇸 104.194.10.248

🇩🇪 87.106.211.149

🇺🇸 52.242.128.238

🇵🇰 39.62.189.164

🇧🇪 34.156.99.124

🇺🇸 20.121.46.26

🇪🇸 217.154.106.153

🇩🇪 167.233.22.224

🇺🇸 162.216.150.163

🇭🇰 128.1.131.137

🇮🇳 103.127.117.102