AbuseIPDB » 47.91.125.252

47.91.125.252 was found in our database!

This IP was reported 7,633 times. Confidence of Abuse is 100%: ?

100%

ISP	Alibaba Cloud - AE(Dubai)
Usage Type	Data Center/Web Hosting/Transit
ASN	AS45102
Hostname(s)	measurements.ki3.org.cn
Domain Name	alibabacloud.com
Country	United Arab Emirates
City	Dubai, Dubai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 47.91.125.252

Whois 47.91.125.252

IP Abuse Reports for 47.91.125.252:

This IP address has been reported a total of 7,633 times from 555 distinct sources. 47.91.125.252 was first reported on February 23rd 2023, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
MPL	2025-06-19 19:53:27 (4 days ago)	tcp/853 (4 or more attempts)	Port Scan
Josh S.	2025-06-19 19:07:05 (4 days ago)	Blocked by UFW on Mailcow [853/tcp] Source port: 57798 TTL: 244 Packet length: 40< ... show moreBlocked by UFW on Mailcow [853/tcp] Source port: 57798 TTL: 244 Packet length: 40 TOS: 0x00 If this was a mistake contact me: [email protected] show less	Port Scan
MPL	2025-06-19 18:20:36 (4 days ago)	tcp/853	Port Scan
MPL	2025-06-19 17:11:24 (4 days ago)	tcp/853 (2 or more attempts)	Port Scan
Cyber Crusader	2025-06-19 13:08:36 (4 days ago)	Hundreds of Attempts (at least) to Connect to and Access Firewall Ports	Port Scan Hacking Brute-Force
slartybartfast69420blazit	2025-06-18 20:31:25 (5 days ago)	Fail2ban picked up 47.91.125.252 attacking nginx	Web App Attack
Anonymous	2025-06-18 12:38:33 (5 days ago)	*Port Scan* detected from 47.91.125.252 (AE/United Arab Emirates/measurements.ki3.org.cn). 5 hits in ... show more*Port Scan* detected from 47.91.125.252 (AE/United Arab Emirates/measurements.ki3.org.cn). 5 hits in the last 25 seconds show less	Port Scan Brute-Force
Anonymous	2025-06-18 09:52:27 (5 days ago)	Reported from Nginx log analysis 6. Log: 47.91.125.252 - - [18/Jun/2025:xx:xx:xx 0200] "GET /dns-qu ... show moreReported from Nginx log analysis 6. Log: 47.91.125.252 - - [18/Jun/2025:xx:xx:xx 0200] "GET /dns-query?dns=6FkBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE HTTP/1.1" xxx xxx "-" "Go-http-client/1.1" "-" "AE United Arab Emirates Dubai" "AS45102" "Alibaba US Technology Co., Ltd." | 47.91.125.252 - - [18/Jun/2025:xx:xx:xx 0200] "POST /dns-query HTTP/1.1" xxx xxx "-" "Go-http-client/1.1" "-" "AE United Arab Emirates Dubai" "AS45102" "Alibaba US Technology Co., Ltd." | 47.91.125.252 - - [18/Jun/2025:xx:xx:xx 0200] "GET /dns-query?name=example.com show less	Port Scan Brute-Force SSH
sthoyer.de	2025-06-18 09:46:27 (5 days ago)	47.91.125.252 - - [18/Jun/2025:11:46:25 +0200] "GET /dns-query?dns=vuYBAAABAAAAAAAAB2V4YW1wbGUDY29tA ... show more47.91.125.252 - - [18/Jun/2025:11:46:25 +0200] "GET /dns-query?dns=vuYBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE HTTP/1.1" 404 1249 "-" "Go-http-client/1.1" 47.91.125.252 - - [18/Jun/2025:11:46:25 +0200] "POST /dns-query HTTP/1.1" 404 1249 "-" "Go-http-client/1.1" 47.91.125.252 - - [18/Jun/2025:11:46:25 +0200] "GET /dns-query?name=example.com&type=A HTTP/1.1" 404 1249 "-" "Go-http-client/1.1" ... show less	Web App Attack
diego	2025-06-18 09:26:48 (5 days ago)	[probe-44-49] 2025-06-18 09:10:07, Client: 47.91.125.252, Protocol: 6, Unauthorized activity to HTTP ... show more[probe-44-49] 2025-06-18 09:10:07, Client: 47.91.125.252, Protocol: 6, Unauthorized activity to HTTP: GET /dns-query show less	Web App Attack
mouafiq	2025-06-18 09:20:04 (5 days ago)	2025-06-18 09:20:03,194 20465 INFO ? werkzeug: 47.91.125.252 - - [18/Jun/2025 09:20:03] "GET /dns-qu ... show more2025-06-18 09:20:03,194 20465 INFO ? werkzeug: 47.91.125.252 - - [18/Jun/2025 09:20:03] "GET /dns-query?dns=5E4BAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE HTTP/1.0" 404 - 1 0.004 0.011 2025-06-18 09:20:03,349 670 INFO ? werkzeug: 47.91.125.252 - - [18/Jun/2025 09:20:03] "POST /dns-query HTTP/1.0" 404 - 1 0.003 0.009 2025-06-18 09:20:03,498 20465 INFO ? werkzeug: 47.91.125.252 - - [18/Jun/2025 09:20:03] "GET /dns-query?name=example.com&type=A HTTP/1.0" 404 - 1 0.003 0.007 2025-06-18 09:20:03,645 20465 INFO ? werkzeug: 47.91.125.252 - - [18/Jun/2025 09:20:03] "GET /dns-query?dns=_DgBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE HTTP/1.0" 404 - 1 0.003 0.007 2025-06-18 09:20:03,859 20465 INFO ? werkzeug: 47.91.125.252 - - [18/Jun/2025 09:20:03] "POST /dns-query HTTP/1.0" 404 - 1 0.003 0.007 show less	Brute-Force SSH
ar2000	2025-06-18 08:46:45 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Hacking Web App Attack
Stoyko Stoykov	2025-06-18 08:42:33 (5 days ago)	Observed persistent suspicious traffic aligned with known web exploitation techniques (e.g., SQLi, X ... show moreObserved persistent suspicious traffic aligned with known web exploitation techniques (e.g., SQLi, XSS, RCE probes). show less	Hacking Web App Attack
Eric	2025-06-18 08:20:04 (5 days ago)	Blocked by jail apache-security2	Hacking Web App Attack
mkaraki	2025-06-18 08:14:53 (5 days ago)	1750234491 # Service_probe # SIGNATURE_SEND # source_ip:47.91.125.252 # dst_port:443 ...	Port Scan

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩