JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 47.128.52.139

47.128.52.139 was found in our database!

This IP was reported 259 times. Confidence of Abuse is 2%: ?

ISP	Amazon Data Services Singapore
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-47-128-52-139.ap-southeast-1.compute.amazonaws.com
Domain Name	amazon.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 47.128.52.139

Whois 47.128.52.139

IP Abuse Reports for 47.128.52.139:

This IP address has been reported a total of 259 times from 38 distinct sources. 47.128.52.139 was first reported on September 14th 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 claude CALVET	2026-06-03 18:39:42 (1 week ago)	gew-Joomla User : try to access forms...	Hacking
🇫🇷 claude CALVET	2026-03-15 19:45:15 (2 months ago)	gew-Joomla User : try to access forms...	Hacking
🇨🇦 1gz	2026-03-10 07:21:09 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/2 (GET method) ... show more Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/2 (GET method) Endpoint: /style.css UA: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected]) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-10 05:47:19 (3 months ago)	(mod_security) mod_security (id:211190) triggered by 47.128.52.139 (ec2-47-128-52-139.ap-southeast-1 ... show more (mod_security) mod_security (id:211190) triggered by 47.128.52.139 (ec2-47-128-52-139.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 01:47:14.454895 2026] [security2:error] [pid 20980:tid 20980] [client 47.128.52.139:39426] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|heuristicbooks.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /Heuristic Books -- Algorithms for Better Living_files/ccx/?dir=%2Fhome%2Frbanis%2Fetc%2Fdonbullis.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "heuristicbooks.com"] [uri "/Heuristic Books -- Algorithms for Better Living_files/ccx/"] [unique_id "aa-wYsHg4Dbh6oLvN9saTQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 bigorre.org	2026-02-26 10:16:23 (3 months ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇫🇷 bigorre.org	2026-02-23 16:07:01 (3 months ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇫🇷 bigorre.org	2026-02-22 09:49:56 (3 months ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇩🇪 Didier Lagaert	2026-01-14 18:13:20 (4 months ago)	lie-88 : Bloc AI bots=>/component/jevents/evenementsparjour/2029/1/13/99?Itemid=950(Bytespider)	Hacking
🇫🇷 bigorre.org	2026-01-14 16:00:10 (4 months ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇪🇸 masterguru	2026-01-11 04:25:49 (5 months ago)	BAD BOT - Detected and Blocked.. Matched phrase "bytespider" at REQUEST_HEADERS:user-agent. (1100000 ... show more BAD BOT - Detected and Blocked.. Matched phrase "bytespider" at REQUEST_HEADERS:user-agent. (1100000-122) show less	Bad Web Bot
🇫🇷 bigorre.org	2026-01-05 16:49:03 (5 months ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇩🇪 Reinhard	2026-01-02 19:04:19 (5 months ago)	Unknown activity, but too many attacks with too many users.	Hacking
🇩🇪 Didier Lagaert	2025-12-15 17:49:30 (5 months ago)	lie-88 : Bloc AI bots=>/component/jevents/search_form/-?Itemid=0(Bytespider)	Hacking
🇮🇩 hermawan	2025-12-12 13:25:08 (6 months ago)	[Fri Dec 12 20:23:47.890534 2025] [security2:error] [pid 536723:tid 139917867775680] [client 47.128. ... show more [Fri Dec 12 20:23:47.890534 2025] [security2:error] [pid 536723:tid 139917867775680] [client 47.128.52.139:44862] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.20.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "253"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected]) request_line = GET /index.php/informasi-iklim/infografis-iklim/infografis-klimat-story HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/informasi-iklim/infografis-iklim/infografis-klimat-story"] [unique_id "aTwXY25xtENSF-Cpfa-0pQADAxg"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[536755] [+/jOK0EUW0U] [aTwXY25xtENSF-Cpfa-0pQADAxg] keep_alive=[1] [2025-12-1 ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-11 14:09:16 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 47.128.52.139 (ec2-47-128-52-139.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.52.139 (ec2-47-128-52-139.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 09:09:12.611109 2025] [security2:error] [pid 28100:tid 28100] [client 47.128.52.139:28802] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.med-engineering.com\|F\|2"] [data ".tonguediagnose.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.med-engineering.com"] [uri "/www.tonguediagnose.com"] [unique_id "aTrQiKow2mtqn_sWq6dmBwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 259 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 217.154.61.249

🇧🇷 205.210.31.200

🇩🇰 146.70.89.147

🇰🇷 140.238.18.9

🇫🇮 135.181.182.250

🇳🇱 77.83.39.156

🇫🇷 75.119.152.142

🇺🇸 66.132.186.200

🇺🇸 63.135.161.22

🇬🇧 35.203.211.114

🇨🇳 223.73.58.156

🇨🇳 218.25.89.208

🇺🇸 216.218.206.67

🇰🇷 210.222.46.15

🇺🇸 207.246.106.68

🇺🇸 205.210.31.32

🇳🇱 204.76.203.51

🇨🇱 190.21.212.222

🇳🇱 93.123.109.114

🇧🇷 45.232.87.217