JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 47.80.20.24

47.80.20.24 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 53%: ?

53%

ISP	Alibaba Cloud LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS45102
Domain Name	alibaba-inc.com
Country	🇰🇷 Korea (the Republic of)
City	Seoul, Seoul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 47.80.20.24

Whois 47.80.20.24

IP Abuse Reports for 47.80.20.24:

This IP address has been reported a total of 15 times from 12 distinct sources. 47.80.20.24 was first reported on May 21st 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 JPPO	2026-05-22 15:41:31 (1 week ago)	Port 443 : POST : looking for ..... /bin/sh	Hacking
Anonymous	2026-05-22 05:22:19 (2 weeks ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇺🇸 cybsecaoccol	2026-05-22 03:35:30 (2 weeks ago)	unauthorized connection or malicious port scan attempted on tcp port 23 - dr	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-05-22 03:24:53 (2 weeks ago)	(mod_security) mod_security (id:218420) triggered by 47.80.20.24 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:218420) triggered by 47.80.20.24 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 23:24:46.854372 2026] [security2:error] [pid 16616:tid 16616] [client 47.80.20.24:33860] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.117:443\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.117"] [uri "/hello.world"] [unique_id "ag_Mfn0XDN7RgmqbeOQUQQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-22 03:22:17 (2 weeks ago)	Drop from IP address 47.80.20.24 to tcp-port 443	Port Scan
🇩🇪 mxpgmbh	2026-05-22 03:20:51 (2 weeks ago)	2026-05-22T05:20:10.468130+02:00 ** sshd-session[45254]: pam_unix(sshd:auth): authentication failu ... show more 2026-05-22T05:20:10.468130+02:00 sshd-session[45254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.80.20.24 2026-05-22T05:20:12.616330+02:00 sshd-session[45254]: Failed password for invalid user from 47.80.20.24 port 49136 ssh2 2026-05-22T05:20:48.501504+02:00 sshd-session[45270]: Invalid user from 47.80.20.24 port 45466 2026-05-22T05:20:48.502810+02:00 sshd-session[45270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.80.20.24 2026-05-22T05:20:51.282907+02:00 sshd-session[45270]: Failed password for invalid user ** from 47.80.20.24 port 45466 ssh2 show less	Brute-Force SSH
Anonymous	2026-05-22 03:15:29 (2 weeks ago)	47.80.20.24 detected on srv01	Brute-Force
🇳🇱 Savvii	2026-05-22 03:07:31 (2 weeks ago)	20 attempts against mh-ssh on ethyl	Brute-Force SSH
🇳🇱 Savvii	2026-05-22 02:29:57 (2 weeks ago)	20 attempts against mh-ssh on space	Brute-Force SSH
🇩🇪 mxpgmbh	2026-05-22 02:28:27 (2 weeks ago)	2026-05-22T04:27:49.191017+02:00 ** sshd-session[42490]: pam_unix(sshd:auth): authentication failu ... show more 2026-05-22T04:27:49.191017+02:00 sshd-session[42490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.80.20.24 2026-05-22T04:27:50.681835+02:00 sshd-session[42490]: Failed password for invalid user from 47.80.20.24 port 46254 ssh2 2026-05-22T04:28:24.500959+02:00 sshd-session[43249]: Invalid user from 47.80.20.24 port 55146 2026-05-22T04:28:24.501996+02:00 sshd-session[43249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.80.20.24 2026-05-22T04:28:26.830441+02:00 sshd-session[43249]: Failed password for invalid user ** from 47.80.20.24 port 55146 ssh2 show less	Brute-Force SSH
🇩🇪 dl7olg.de	2026-05-22 02:27:46 (2 weeks ago)	2026-05-22T04:27:09.748912+02:00 server sshd[691073]: pam_unix(sshd:auth): authentication failure; l ... show more 2026-05-22T04:27:09.748912+02:00 server sshd[691073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.80.20.24 2026-05-22T04:27:11.853192+02:00 server sshd[691073]: Failed password for invalid user admin from 47.80.20.24 port 41794 ssh2 2026-05-22T04:27:45.871523+02:00 server sshd[691075]: Invalid user orangepi from 47.80.20.24 port 33360 ... show less	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-05-22 02:24:26 (2 weeks ago)	(mod_security) mod_security (id:218420) triggered by 47.80.20.24 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:218420) triggered by 47.80.20.24 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 22:24:18.195099 2026] [security2:error] [pid 7893:tid 7893] [client 47.80.20.24:58020] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.245:443\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.245"] [uri "/hello.world"] [unique_id "ag--UpPSBQaoSmC_fMAqKgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 AutosOnShow	2026-05-22 02:24:06 (2 weeks ago)	blocked for webapp attack \| path requested: /index.php \| seen at 2026-05-22 02:23:20.190 \|	Web App Attack
🇺🇸 CBJ	2026-05-22 02:11:19 (2 weeks ago)	fail2ban: apache-filepath-recon ...	Web App Attack
🇺🇸 [email protected]	2026-05-21 22:49:22 (2 weeks ago)	Ports: 2375. Proto: TCP. Observations: 2	Port Scan

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.106.137.135

🇺🇸 153.66.161.131

🇺🇸 91.230.168.188

🇷🇺 89.189.159.80

🇲🇽 38.124.192.114

🇺🇸 162.216.150.87

🇺🇸 159.65.185.219

🇺🇸 66.95.214.14

🇺🇸 198.20.65.19

🇯🇵 163.43.18.248

🇮🇳 103.173.147.45

🇱🇹 81.30.98.49

🇸🇬 47.82.8.244

🇬🇧 35.203.210.139

🇷🇴 2.57.122.177

🇬🇧 2a02:4780:a:1960:0:303d:821c:1

🇬🇧 198.244.240.203

🇩🇪 130.12.181.98

🇰🇷 121.175.122.63

🇮🇳 117.198.158.199