JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 165.154.42.211

165.154.42.211 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 100%: ?

100%

ISP	UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED
Usage Type	Data Center/Web Hosting/Transit
ASN	AS135377
Domain Name	ucloud.cn
Country	🇭🇰 Hong Kong
City	Hong Kong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 165.154.42.211

Whois 165.154.42.211

IP Abuse Reports for 165.154.42.211:

This IP address has been reported a total of 51 times from 46 distinct sources. 165.154.42.211 was first reported on June 5th 2026, and the most recent report was 20 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Teufel100	2026-06-06 07:27:30 (20 minutes ago)	ModSecurity rejected a query'	Brute-Force Hacking Web App Attack
🇳🇱 soverin	2026-06-06 06:04:53 (1 hour ago)	Network scan on port 443	Email Spam
🇺🇸 antlac1	2026-06-06 05:27:29 (2 hours ago)	crowdsecurity/http-cve-2021-42013	Brute-Force Web App Attack
🇦🇹 kuppit	2026-06-06 04:20:41 (3 hours ago)	Honeypot bot from HK: 4 SSH login attempts; first 2026-06-05 21:39:06, last 2026-06-05 21:40:55	Brute-Force SSH
Anonymous	2026-06-06 04:13:09 (3 hours ago)	Repeated unauthorized connection attempts to restricted service observed.	Port Scan Hacking Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-06 03:19:46 (4 hours ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇬🇧 PeravixGroup	2026-06-06 02:40:29 (5 hours ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇺🇸 TPI-Abuse	2026-06-06 02:29:21 (5 hours ago)	(mod_security) mod_security (id:218420) triggered by 165.154.42.211 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:218420) triggered by 165.154.42.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 22:29:06.284380 2026] [security2:error] [pid 27254:tid 27254] [client 165.154.42.211:57476] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "38"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.156:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.156"] [uri "/hello.world"] [unique_id "aiOF8j4HSIA3YhXtpzlsdQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-06 02:22:12 (5 hours ago)	2026-06-06 02:22:12 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
Anonymous	2026-06-06 02:02:15 (5 hours ago)	Fail2Ban detection - brute-force attempt (jail: sshd)	Brute-Force
🇺🇸 MPL	2026-06-06 01:39:15 (6 hours ago)	tcp/443 (4 or more attempts)	Port Scan
🇫🇷 paradoxnetworks	2026-06-06 00:51:33 (6 hours ago)	2026-06-06T00:45:51.764367+00:00 edge-thn-par02.int.pdx.net.uk sshd[155869]: Invalid user test from ... show more 2026-06-06T00:45:51.764367+00:00 edge-thn-par02.int.pdx.net.uk sshd[155869]: Invalid user test from 165.154.42.211 port 36974 2026-06-06T00:47:39.809560+00:00 edge-thn-par02.int.pdx.net.uk sshd[156185]: Invalid user user from 165.154.42.211 port 56248 2026-06-06T00:51:33.104020+00:00 edge-thn-par02.int.pdx.net.uk sshd[156452]: Invalid user admin from 165.154.42.211 port 34676 ... show less	Brute-Force SSH
🇳🇱 fynndows.de	2026-06-06 00:00:38 (7 hours ago)	2026-06-06T00:00:35.930960+00:00 fynn-epyc2 sshd[1678018]: pam_unix(sshd:auth): authentication failu ... show more 2026-06-06T00:00:35.930960+00:00 fynn-epyc2 sshd[1678018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.42.211 2026-06-06T00:00:37.665606+00:00 fynn-epyc2 sshd[1678018]: Failed password for invalid user admin from 165.154.42.211 port 35504 ssh2 ... show less	Brute-Force SSH
🇺🇸 MPL	2026-06-05 23:56:43 (7 hours ago)	tcp/23 (2 or more attempts)	Port Scan
Anonymous	2026-06-05 23:40:50 (8 hours ago)	2026-06-06T07:37:03.796021+08:00 kltw-debian sshd[103349]: Invalid user admin from 165.154.42.211 po ... show more 2026-06-06T07:37:03.796021+08:00 kltw-debian sshd[103349]: Invalid user admin from 165.154.42.211 port 44282 2026-06-06T07:37:03.915445+08:00 kltw-debian sshd[103349]: Connection closed by invalid user admin 165.154.42.211 port 44282 [preauth] 2026-06-06T07:38:42.335243+08:00 kltw-debian sshd[103359]: Invalid user orangepi from 165.154.42.211 port 58834 2026-06-06T07:38:42.411335+08:00 kltw-debian sshd[103359]: Connection closed by invalid user orangepi 165.154.42.211 port 58834 [preauth] 2026-06-06T07:40:11.327159+08:00 kltw-debian sshd[103368]: Connection closed by authenticating user root 165.154.42.211 port 54050 [preauth] ... show less	Brute-Force SSH

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 103.185.53.93

🇺🇸 66.132.172.115

🇮🇳 202.88.209.51

🇺🇸 172.98.32.116

🇲🇲 103.134.205.21

🇺🇸 66.132.172.38

🇺🇸 20.169.104.49

🇺🇸 2604:a880:0:202a::b41:a000

🇫🇮 185.148.1.18

🇧🇷 138.99.80.102

🇨🇳 101.96.200.79

🇨🇳 220.205.122.34

🇺🇸 205.185.127.250

🇬🇧 193.176.29.17

🇨🇳 183.152.43.165

🇹🇭 152.32.245.170

🇫🇮 147.185.133.135

🇹🇼 111.185.230.249

🇨🇳 101.126.155.86

🇷🇺 93.181.239.64