JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 47.79.200.121

47.79.200.121 was found in our database!

This IP was reported 102 times. Confidence of Abuse is 59%: ?

59%

ISP	Alibaba Cloud LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS45102
Domain Name	alibaba-inc.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 47.79.200.121

Whois 47.79.200.121

IP Abuse Reports for 47.79.200.121:

This IP address has been reported a total of 102 times from 19 distinct sources. 47.79.200.121 was first reported on May 10th 2025, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 4server	2026-06-14 15:03:10 (15 hours ago)	[SunJun1417:03:05.1311422026][security2:error][pid2711216:tid2711640][client47.79.200.121:0]ModSecur ... show more [SunJun1417:03:05.1311422026][security2:error][pid2711216:tid2711640][client47.79.200.121:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?i\)\(10\\\\\\\\.\\\\\\\\d{1\,3}\\\\\\\\.\\\\\\\\d{1\,3}\\\\\\\\.\\\\\\\\d{1\,3}\\|192\\\\\\\\.168\\\\\\\\.\\\\\\\\d{1\,3}\\\\\\\\.\\\\\\\\d{1\,3}\\|172\\\\\\\\.\(1[6-9]\\|2[0-9]\\|3[0-1]\)\\\\\\\\.\\\\\\\\d{1\,3}\\\\\\\\.\\\\\\\\d{1\,3}\\|fe80::\)\"atREQUEST_HEADERS:X-Forwarded-For.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"25\"][id\"990004\"][msg\"SSRFattempttoprivate/internalnetworkdetected\"][hostname\"shakary.com\"][uri\"/discography.html\"][unique_id\"ai7CqUN7bb2gGhT7zznrAQAAAMc\"]\,referer:https://www.google.com/ show less	Hacking Web App Attack
🇨🇦 1gz	2026-06-14 05:22:59 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /shqiperi/koment-a-do-ta-shpetoje-kjo-foto-vangjel-dulen-/196218/kerko.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-14 04:09:40 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 00:09:34.443394 2026] [security2:error] [pid 25804:tid 25804] [client 47.79.200.121:27034] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|med-engineering.com\|F\|2"] [data ".ventolin.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "med-engineering.com"] [uri "/www.ventolin.com"] [unique_id "ai4pftGZx41JJ_ihAjkL1gAAABQ"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 03:07:03 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 23:06:57.100225 2026] [security2:error] [pid 3179:tid 3179] [client 47.79.200.121:21478] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|williamfitzsimmons.com\|F\|2"] [data ".thehowardtheatre.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "williamfitzsimmons.com"] [uri "/www.thehowardtheatre.com"] [unique_id "ai4a0XjViLBy1qyyrSnXyQAAAAE"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 22:29:20 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 18:29:13.173574 2026] [security2:error] [pid 20763:tid 20763] [client 47.79.200.121:51500] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dokuzadabirdeniz.com\|F\|2"] [data ".instagram.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dokuzadabirdeniz.com"] [uri "/www.instagram.com"] [unique_id "ai3ZuRZbOegtVUHePH-7gAAAAB0"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Sklurk	2026-06-13 19:16:20 (1 day ago)	Web App Attack	Web App Attack
Anonymous	2026-06-13 09:24:56 (1 day ago)	FortiWeb WAF: 50 attacks detected. Threat Score: 16400. Types: Client Management(25), GEO IP(25). Or ... show more FortiWeb WAF: 50 attacks detected. Threat Score: 16400. Types: Client Management(25), GEO IP(25). Origin: Singapore. show less	Web App Attack
🇨🇦 1gz	2026-06-13 07:29:56 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /lajme/nis-hetimet UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 kosada.com	2026-06-13 06:15:02 (2 days ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇫🇷 Sklurk	2026-06-12 16:36:12 (2 days ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 10:32:15 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 06:32:10.405235 2026] [security2:error] [pid 15821:tid 15821] [client 47.79.200.121:49736] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nrvoutdoors.com\|F\|2"] [data ".gunauction.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nrvoutdoors.com"] [uri "/TAMBOUR SAFETY/www.gunauction.com"] [unique_id "aivgKn1WDzZo8AoOq_1MrgAAAAQ"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 07:28:36 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 03:28:31.177390 2026] [security2:error] [pid 4245:tid 4245] [client 47.79.200.121:24472] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|restest.rayeliotschwartz.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "restest.rayeliotschwartz.com"] [uri "/resume/ray-eliot-schwartz/rayeliotschwartz.com"] [unique_id "aiu1HwwqMUPweMOWasJ6XQAAAA0"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 06:23:48 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 02:23:42.056464 2026] [security2:error] [pid 18927:tid 19018] [client 47.79.200.121:29700] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thebiglies.info\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thebiglies.info"] [uri "/wwjnd.com"] [unique_id "aiul7mdTXFfkZgYO0TV4ZwAAAdU"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 06:03:09 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 02:03:03.882307 2026] [security2:error] [pid 21589:tid 21612] [client 47.79.200.121:36056] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aafm.org\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aafm.org"] [uri "/http/charteredfinancialmanager.com"] [unique_id "aiuhF6_pPn-9iLW2uNBOVwAAAJE"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 20:33:41 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 47.79.200.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 16:33:27.171121 2026] [security2:error] [pid 19911:tid 19911] [client 47.79.200.121:25950] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|comics.flyingdodostudio.com\|F\|2"] [data ".tumblr.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "comics.flyingdodostudio.com"] [uri "/harrowingtalesatthebusstop/inkyphalangies.tumblr.com"] [unique_id "aisbl1iNC3n34fEUuOQkbAAAAB8"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 102 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 146.190.48.144

🇻🇳 14.248.82.157

🇨🇳 175.9.143.230

🇺🇸 172.253.91.155

🇸🇬 139.180.213.30

🇭🇰 118.193.44.112

🇮🇳 117.208.201.161

🇧🇩 114.130.85.36

🇺🇸 104.21.83.228

🇷🇺 78.81.151.182

🇮🇳 59.98.3.139

🇨🇳 39.104.63.170

🇮🇳 34.131.30.80

🇺🇸 172.236.228.193

🇺🇸 129.153.31.0

🇨🇳 118.196.84.13

🇫🇷 91.231.89.173

🇧🇷 45.164.251.106

🇸🇬 43.156.116.54

🇺🇸 34.86.75.98