JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 152.42.235.126

152.42.235.126 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 72%: ?

72%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 152.42.235.126

Whois 152.42.235.126

IP Abuse Reports for 152.42.235.126:

This IP address has been reported a total of 25 times from 19 distinct sources. 152.42.235.126 was first reported on May 21st 2025, and the most recent report was 4 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇾 lns.bz	2026-06-30 08:03:58 (4 minutes ago)	Too many 404 requests [BY]	Web App Attack
🇩🇪 FeG Deutschland	2026-06-30 07:04:23 (1 hour ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12	Exploited Host Web App Attack
🇩🇪 Bedios GmbH	2026-06-30 07:02:08 (1 hour ago)	Login credentials theft attempt	Hacking
🇺🇸 TPI-Abuse	2026-06-30 06:50:01 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 152.42.235.126 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 152.42.235.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 02:49:53.227457 2026] [security2:error] [pid 3926:tid 3926] [client 152.42.235.126:53612] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kc.michaelgatley.com"] [uri "/client/.env"] [unique_id "akNnEZ8oafytWjsqsfmNIAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 ipoac.nl	2026-06-30 06:49:44 (1 hour ago)	-:443 152.42.235.126 - - [30/Jun/2026:08:49:43 +0200] - "GET /settings.py HTTP/1.1" 404 6419 "-" "Mo ... show more -:443 152.42.235.126 - - [30/Jun/2026:08:49:43 +0200] - "GET /settings.py HTTP/1.1" 404 6419 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)" show less	Bad Web Bot
🇨🇭 zynex	2026-06-30 06:26:41 (1 hour ago)	URL Probing: /client/.env	Web App Attack
🇫🇷 largo-it.net	2026-06-30 06:21:45 (1 hour ago)	Jun 30 08:21:42 vps-9f3cdc33 haproxy[1032114]: 152.42.235.126:10544 [30/Jun/2026:08:21:42.314] www_f ... show more Jun 30 08:21:42 vps-9f3cdc33 haproxy[1032114]: 152.42.235.126:10544 [30/Jun/2026:08:21:42.314] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/59/70 404 3252 - - ---- 57/8/0/0/0 0/0 "GET /settings.json HTTP/1.1" Jun 30 08:21:42 vps-9f3cdc33 haproxy[1032114]: 152.42.235.126:10544 [30/Jun/2026:08:21:42.790] www_frontend~ finance_cluster/finance1_test1_https 0/0/10/53/63 404 3252 - - ---- 58/9/0/0/0 0/0 "GET /secrets.json HTTP/1.1" Jun 30 08:21:43 vps-9f3cdc33 haproxy[1032114]: 152.42.235.126:10544 [30/Jun/2026:08:21:43.254] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/62/73 404 3252 - - ---- 58/9/0/0/0 0/0 "GET /credentials.json HTTP/1.1" Jun 30 08:21:43 vps-9f3cdc33 haproxy[1032114]: 152.42.235.126:10544 [30/Jun/2026:08:21:43.724] www_frontend~ finance_cluster/finance1_test1_https 0/0/11/56/67 404 3252 - - ---- 58/9/0/0/0 0/0 "GET /cdp_api_key.json HTTP/1.1" Jun 30 08:21:44 vps-9f3cdc33 haproxy[1032114]: 152.42.235.126:10544 [30/Jun/2026:08:21:44.197] www_frontend ... show less	Hacking Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-30 06:10:50 (1 hour ago)	[TueJun3008:10:47.5755952026][security2:error][pid2076264:tid2076500][client152.42.235.126:0]ModSecu ... show more [TueJun3008:10:47.5755952026][security2:error][pid2076264:tid2076500][client152.42.235.126:0]ModSecurity:Accessdeniedwithcode403$phase1$.Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.cpu-services.ch.81-17-25-250.cpanel.site\"][uri\"/api/.env\"][unique_id\"akNd5zIo6pmpX9OxA3qpRQAAAQo\"] show less	Hacking Web App Attack
Anonymous	2026-06-30 05:57:12 (2 hours ago)	152.42.235.126 - - [30/Jun/2026:07:57:12 +0200] "GET /.env.template HTTP/1.1" 403 5440 "-" "Mozilla/ ... show more 152.42.235.126 - - [30/Jun/2026:07:57:12 +0200] "GET /.env.template HTTP/1.1" 403 5440 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)" ... show less	Brute-Force Web App Attack
🇬🇧 Axel	2026-06-30 05:49:35 (2 hours ago)	Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by pol ... show more Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by policy\|\|fonts.iii.vg\|F\|2 Phase: 2 Severity: CRITICAL URI: /config/master.key Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇩🇪 4server	2026-06-29 20:09:01 (11 hours ago)	[MonJun2922:08:58.2470072026][security2:error][pid3455038:tid3455171][client152.42.235.126:0]ModSecu ... show more [MonJun2922:08:58.2470072026][security2:error][pid3455038:tid3455171][client152.42.235.126:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"sanierung-pilzen-schimmel.ch.risanamento-funghi-muffa.ch\"][uri\"/backup/.env\"][unique_id\"akLQ2jcE2hrucTOKdEfcwAAAAVY\"] show less	Port Scan Brute-Force Web App Attack
🇱🇻 garmtech.com	2026-06-27 10:58:39 (2 days ago)	IM360 WAF: Direct access to sensitive file or dotfile MV:/.env	Web App Attack
🇩🇪 FeG Deutschland	2026-06-27 03:22:52 (3 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 15:53:37 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 152.42.235.126 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 152.42.235.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 11:53:30.770523 2026] [security2:error] [pid 13832:tid 13832] [client 152.42.235.126:48376] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.unwaved.com"] [uri "/tmp/.env"] [unique_id "aj6geueKQWYHYYu1rNTo4gAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-25 08:17:23 (4 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇹 196.191.133.60

🇳🇱 91.92.40.5

🇮🇳 49.36.24.28

🇰🇷 210.178.154.20

🇧🇷 177.96.211.164

🇺🇸 162.216.150.242

🇧🇪 130.211.76.142

🇸🇪 85.24.223.224

🇫🇷 77.136.67.201

🇨🇳 60.212.0.13

🇹🇭 49.231.192.36

🇯🇵 206.83.106.108

🇺🇸 198.1.75.59

🇲🇳 122.201.31.44

🇨🇳 120.55.99.149

🇨🇳 118.31.7.58

🇮🇳 106.221.227.115

🇮🇳 106.215.170.204

🇫🇷 104.239.66.127

🇧🇬 79.124.56.146