JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 47.79.201.91

47.79.201.91 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 38%: ?

38%

ISP	Alibaba Cloud LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS45102
Domain Name	alibaba-inc.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 47.79.201.91

Whois 47.79.201.91

IP Abuse Reports for 47.79.201.91:

This IP address has been reported a total of 39 times from 17 distinct sources. 47.79.201.91 was first reported on May 20th 2025, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-13 07:01:56 (5 hours ago)	Web App Attack	Web App Attack
Anonymous	2026-06-13 01:49:02 (10 hours ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 15:17:34 (20 hours ago)	(mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 11:17:28.365544 2026] [security2:error] [pid 30395:tid 30395] [client 47.79.201.91:17336] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dokuzadabirdeniz.com\|F\|2"] [data ".nytimes.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dokuzadabirdeniz.com"] [uri "/www.nytimes.com"] [unique_id "aiwjCMUffUcdUsSyDvMRHAAAAAk"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 09:21:36 (1 day ago)	FortiWeb WAF: 76 attacks detected. Threat Score: 12200. Types: Client Management(38), GEO IP(38). Or ... show more FortiWeb WAF: 76 attacks detected. Threat Score: 12200. Types: Client Management(38), GEO IP(38). Origin: Singapore. show less	Web App Attack
🇨🇦 1gz	2026-06-12 03:20:09 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from SG. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /lajme/viktor-zhusti UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇫🇷 Sklurk	2026-06-12 00:33:13 (1 day ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 19:29:57 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 15:29:49.988478 2026] [security2:error] [pid 22700:tid 22700] [client 47.79.201.91:44422] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|csme-eprr.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "csme-eprr.com"] [uri "/eprr/facilities/Thumbs.db"] [unique_id "aisMrWND5JYmZAxIR9Yt6wAAAAI"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 10:11:00 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 06:10:56.940645 2026] [security2:error] [pid 596:tid 596] [client 47.79.201.91:8346] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.achildsspace.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.achildsspace.com"] [uri "/linkedIn.com"] [unique_id "aiqJsL3dI6u4sW6hexjSYwAAAAs"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 08:17:27 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 04:17:21.371875 2026] [security2:error] [pid 31601:tid 31601] [client 47.79.201.91:10120] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.beirutbazar.com\|F\|2"] [data ".beirutbazar.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.beirutbazar.com"] [uri "/sellers/urban-decay/www.beirutbazar.com"] [unique_id "aipvEaK4aveGnYGG5IE3LwAAAAE"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 23:19:17 (2 days ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-03-31 06:00:24 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 47.79.201.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 31 02:00:18.390483 2026] [security2:error] [pid 13579:tid 13579] [client 47.79.201.91:6294] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.beirutbazar.com\|F\|2"] [data ".beirutbazar.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.beirutbazar.com"] [uri "/item/skulls-158-lbp-157500-usd-105/www.beirutbazar.com"] [unique_id "acti8iDUFLWk3dpBBZy-WQAAAAk"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 SSH-Admin	2026-01-19 01:55:19 (4 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇫🇷 Sklurk	2026-01-17 02:00:22 (4 months ago)	Web App Attack	Web App Attack
🇮🇹 VHosting	2026-01-08 11:36:20 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇺🇸 kosada.com	2026-01-05 08:03:44 (5 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 2620:171:f9:f0::227

🇪🇪 213.35.128.24

🇨🇱 190.47.143.138

🇵🇱 185.252.182.33

🇺🇸 104.234.208.129

🇮🇳 103.100.16.58

🇹🇷 31.145.131.202

🇬🇧 194.50.235.149

🇺🇸 136.35.246.152

🇺🇸 103.203.57.2

🇷🇴 92.118.39.62

🇫🇷 51.75.200.91

🇮🇳 47.11.8.203

🇳🇱 45.148.10.147

🇺🇸 45.79.190.224

🇪🇬 41.33.91.226

🇱🇾 38.252.60.249

🇺🇸 34.162.115.167

🇧🇪 34.156.16.135

🇭🇰 220.246.205.41