JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 39.106.58.26

39.106.58.26 was found in our database!

This IP was reported 68 times. Confidence of Abuse is 54%: ?

54%

ISP	Aliyun Computing Co., LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS37963
Domain Name	alibabacloud.com
Country	🇨🇳 China
City	Beijing, Beijing

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 39.106.58.26

Whois 39.106.58.26

IP Abuse Reports for 39.106.58.26:

This IP address has been reported a total of 68 times from 20 distinct sources. 39.106.58.26 was first reported on April 1st 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 16:04:57 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 12:04:50.032533 2026] [security2:error] [pid 12129:tid 12154] [client 39.106.58.26:43110] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|smarterproductions.com\|F\|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "smarterproductions.com"] [uri "/okok.cer"] [unique_id "ajVoohZdohc3R-mxiLuazQAAAZY"], referer: http://smarterproductions.com/okok.cer show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 02:55:05 (1 week ago)	<comment>	Web App Attack
Anonymous	2026-06-14 21:21:47 (1 week ago)	Multiple, malicious web requests detected	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-13 18:04:55 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 14:04:47.356660 2026] [security2:error] [pid 25409:tid 25409] [client 39.106.58.26:33108] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|iee-usa.com\|F\|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "iee-usa.com"] [uri "/okok.cer"] [unique_id "ai2bv8_FGZ0-pwHZ5R6vUAAAABM"], referer: https://iee-usa.com/okok.cer show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 14:06:50 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 10:06:43.446288 2026] [security2:error] [pid 23628:tid 23628] [client 39.106.58.26:55988] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ieas.org\|F\|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ieas.org"] [uri "/okok.cer"] [unique_id "ai1j82lhQilF5qbNkrdBqgAAAAY"], referer: https://ieas.org/okok.cer show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-13 09:17:24 (1 week ago)	access denied too many times (more than 12 attempts in 60 seconds) ...	Web App Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-06 13:26:01 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 09:25:53.687831 2026] [security2:error] [pid 1134:tid 1134] [client 39.106.58.26:43010] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.floridausa.com\|F\|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.floridausa.com"] [uri "/okok.cer"] [unique_id "aiQf4VYcd2dy_Od-MYwwRgAAABA"], referer: https://www.floridausa.com/okok.cer show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 06:56:03 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 02:55:56.726043 2026] [security2:error] [pid 2439:tid 2439] [client 39.106.58.26:55886] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.floorsanding.org\|F\|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.floorsanding.org"] [uri "/okok.cer"] [unique_id "aiPEfAHypwMyOTxYashSwQAAAA4"], referer: https://www.floorsanding.org/okok.cer show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Floofie	2026-06-06 06:00:17 (2 weeks ago)	39.106.58.26 - - [06/Jun/2026:02:00:16 -0400] "GET /login8.php HTTP/2.0" 403 166 "https://www.floofi ... show more 39.106.58.26 - - [06/Jun/2026:02:00:16 -0400] "GET /login8.php HTTP/2.0" 403 166 "https://www.floofie.org/login8.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 39.106.58.26 - - [06/Jun/2026:02:00:16 -0400] "GET /login9.php HTTP/2.0" 403 166 "https://www.floofie.org/login9.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" 39.106.58.26 - - [06/Jun/2026:02:00:16 -0400] "GET /fun.php?ote HTTP/2.0" 403 166 "https://www.floofie.org/fun.php?ote" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-05 10:07:29 (2 weeks ago)	Too many Status 40X (12)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 09:52:01 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 05:51:54.804151 2026] [security2:error] [pid 22256:tid 22261] [client 39.106.58.26:44020] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|providencetheological.net\|F\|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "providencetheological.net"] [uri "/okok.cer"] [unique_id "aiKcOorPV6NBt0FLDe6mrgAAAAM"], referer: https://providencetheological.net/okok.cer show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 01:59:19 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 21:59:12.688757 2026] [security2:error] [pid 12856:tid 12856] [client 39.106.58.26:51132] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|homeschoolwv.com\|F\|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "homeschoolwv.com"] [uri "/okok.cer"] [unique_id "aiItcEsloTDuMwaNp0USxAAAAAc"], referer: https://homeschoolwv.com/okok.cer show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 kosada.com	2026-06-04 17:56:36 (2 weeks ago)	Web vulnerability probing: /fun.aspx	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 22:56:52 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 39.106.58.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 18:56:46.657503 2026] [security2:error] [pid 13679:tid 13700] [client 39.106.58.26:54726] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aaenroll.com\|F\|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aaenroll.com"] [uri "/okok.cer"] [unique_id "aiCxLv7Fhq1mr4ZN_i4WfQAAANM"], referer: https://aaenroll.com/okok.cer show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Philister11	2026-06-01 00:11:20 (3 weeks ago)	CrowdSec: crowdsecurity/http-probing (CN/AS37963)	Web App Attack Hacking

Showing 1 to 15 of 68 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 209.99.189.168

🇨🇱 201.186.40.161

🇷🇺 152.32.227.68

🇭🇰 152.32.212.149

🇮🇳 125.20.210.182

🇨🇳 106.12.157.104

🇳🇱 91.92.40.204

🇳🇱 91.92.40.7

🇮🇳 62.72.31.233

🇧🇾 37.215.39.108

🇺🇸 2604:a880:800:14::1209:d000

🇮🇩 202.10.37.168

🇻🇪 190.6.32.107

🇮🇳 182.95.185.158

🇺🇸 172.174.5.146

🇸🇬 165.154.29.144

🇭🇰 103.218.241.7

🇳🇱 91.92.40.4

🇩🇪 85.215.192.100

🇺🇸 66.132.186.141