JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.239.127.42

172.239.127.42 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 100%: ?

100%

ISP	Linode
Usage Type	Data Center/Web Hosting/Transit
ASN	AS63949
Hostname(s)	172-239-127-42.ip.linodeusercontent.com
Domain Name	linode.com
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	London, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.239.127.42

Whois 172.239.127.42

IP Abuse Reports for 172.239.127.42:

This IP address has been reported a total of 29 times from 27 distinct sources. 172.239.127.42 was first reported on June 26th 2026, and the most recent report was 9 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 zapteryx	2026-06-29 04:00:45 (9 minutes ago)	172.239.127.42 - - [29/Jun/2026:00:00:43 -0400] "HEAD /.credentials.json HTTP/1.1" 400 0 "-" "opendi ... show more 172.239.127.42 - - [29/Jun/2026:00:00:43 -0400] "HEAD /.credentials.json HTTP/1.1" 400 0 "-" "opendirme-credhunt/1.0" 172.239.127.42 - - [29/Jun/2026:00:00:43 -0400] "\x16\x03\x01\x05\xCC\x01\x00\x05\xC8\x03\x03c\xB3\xB9\xB6V\xE4\x09\xE92\x05\xC1\x84\xED\x1A\xFE\xFBYG\xA0\xBAH\xE9\x12QL\xF9\xF8\xA1(\xA1>H L8\xAF\xFE\xAE\x07\xB7\x99\xD7<.CBI\xEF\xFA\xF3\x14\xEAV9\x038\xFE\xAF\x0Cq\xF1K\x95rq\x00 \xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 166 "-" "-" 172.239.127.42 - - [29/Jun/2026:00:00:43 -0400] "HEAD /.claude/.credentials.json HTTP/1.1" 400 0 "-" "opendirme-credhunt/1.0" 172.239.127.42 - - [29/Jun/2026:00:00:43 -0400] "\x16\x03\x01\x05\xCC\x01\x00\x05\xC8\x03\x035=4\xD1@\xBD\xDCB\xC9\xCF\x0C=\xE35E\xF2\x93=\x19\xDD\x87EC$ \xBA\x16V \xD1\xCE@ 3\xD2\xC6Z\xB5\xD6L\x18SZq\xFA\x5C\xF0\xF5\xEF\xE9mm\xBF\xD1t\x9E\x99s\xF38\x98\xAD\xBB\x844\x00 \xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x13\xC0\x14\x00\x9C\x00\x9D\x00/\x005\x00" 400 166 "-" "-" 172.2 ... show less	Brute-Force Web App Attack
🇨🇳 PrivateLiu	2026-06-28 15:14:02 (12 hours ago)	[AbuseIPDB auto-report] Rules: Rule3, Rule4, Rule5. Region: non-CN. Non-standard HTTP methods: \X16\ ... show more [AbuseIPDB auto-report] Rules: Rule3, Rule4, Rule5. Region: non-CN. Non-standard HTTP methods: \X16\X03\X01\X05\XCC\X01\X00\X05\XC8\X03\X03E\XCD;2\X9A\XBD,\XAF\XC6\X09VI\XA4\X12\XEA\XCA\XC3\XBCK\XB6\X91(\XBD&\XA8\X01\XB7\XEE\X09\X00\XF4L, \X16\X03\X01\X05\XCC\X01\X00\X05\XC8\X03\X03H\X8D\XAE_\XD3\X92P\XD9\X99-\X5C&\XDF\XC9\XCF;\XEE\XD7=\XFC\XF9\XF8\X06~\X07\XDF\X88K\X97\XD1J\XA7; Unsupported/malformed requests: HTTP 400 responses or POST to static/read-only paths; Known vulnerability path probing: targeting CMS (WordPress/Drupal), phpMyAdmin, actuator endpoints, or other known vulnerable paths. Sample paths: /.credentials.json, \xFD\xA8\xA5\xF8\x9FGk=\x9A\xE5\xE9!2\xC2\x99W\xF6\xB5\xFExRI\x91dA8\xE6\x12$\x9D\x5C\xEF\x00, /.config/claude/.credentials.json, \xB6\x02\x009\x1D\x90T\xF6\x87\xB8\x22\x7F\xBFd\xCF\xD4\x87!\xCC)\x5Cv\xE3\xC9\xC3q\xAE, /.claude/.credentials.json. Statuses: 301, 400, 404, 444. Methods: HEAD, \X16\X03\X01\X05\XCC\X01\X00\X05\XC8\X03\X03E\XCD;2\X9A\XBD,\XAF\XC6\X09VI\XA4\X12\XEA\XCA\XC3\X show less	Hacking Bad Web Bot Web App Attack
🇲🇦 eeas38	2026-06-28 08:33:00 (19 hours ago)		Port Scan VPN IP
🇺🇸 abenage	2026-06-27 19:52:41 (1 day ago)	172.239.127.42 - - [27/Jun/2026:13:52:41 -0600] "x16x03x01x05xCCx01x00x05xC8x03x03xCB" 400 166 "-" " ... show more 172.239.127.42 - - [27/Jun/2026:13:52:41 -0600] "x16x03x01x05xCCx01x00x05xC8x03x03xCB" 400 166 "-" "-" show less	Port Scan Web App Attack
🇫🇷 masterguru	2026-06-27 18:10:41 (1 day ago)	Host header is a numeric IP address. Pattern match "^ (920350-131)	Hacking Bad Web Bot
🇵🇱 nfsec.pl	2026-06-27 16:23:19 (1 day ago)	Detected: TCP scan on port: 8000 with flags: SYN	Port Scan
🇫🇷 masterguru	2026-06-27 15:39:10 (1 day ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-195)	Hacking Bad Web Bot
🇩🇪 EnthecSolutions	2026-06-27 14:01:04 (1 day ago)	Detected by Enthec Solutions. \| Attempts: 56 in 24h \| Target port: 8000	Port Scan Hacking
🇫🇷 Entalpi.net	2026-06-27 12:01:17 (1 day ago)	Repeatedly filtered for trying to reach closed ports	Port Scan
Anonymous	2026-06-27 11:56:59 (1 day ago)	Try to connect to Port_Scan_80_stealth	Port Scan
🇫🇷 Security_Whaller	2026-06-27 11:19:04 (1 day ago)	Malicious activity detected on Honeypot.	Brute-Force Hacking Web App Attack
🇦🇺 HostFission	2026-06-27 10:12:41 (1 day ago)	PSAD port scan detected	Port Scan
🇫🇷 GabrielJST	2026-06-27 09:56:02 (1 day ago)	Port Scan detected from 172.239.127.42 (GB/United Kingdom/172-239-127-42.ip.linodeusercontent.com) ... show more Port Scan detected from 172.239.127.42 (GB/United Kingdom/172-239-127-42.ip.linodeusercontent.com). show less	Port Scan
🇬🇧 thetomtaylor.co.uk	2026-06-27 09:07:02 (1 day ago)	Fail2Ban - [WAF]ModSecurity OWASP CRS rule violation on nginx-modsecurity ... [ice01,wa01,wa02]	Hacking SQL Injection Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-27 07:11:01 (1 day ago)	Fail2Ban - [WAF]ModSecurity rule violation on modsecurity ... [ice01]	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 199.45.155.108

🇸🇬 172.70.208.140

🇩🇪 164.92.161.148

🇰🇷 121.66.124.148

🇸🇬 111.119.247.253

🇸🇪 90.230.212.29

🇺🇸 66.42.4.90

🇩🇪 64.226.126.224

🇨🇳 61.190.16.210

🇺🇸 45.92.229.99

🇦🇺 35.244.126.128

🇧🇷 189.124.148.5

🇰🇷 111.171.125.94

🇰🇷 59.0.127.22

🇺🇸 35.230.35.205

🇷🇺 31.173.2.172

🇺🇸 216.239.34.223

🇷🇺 176.77.9.196

🇭🇰 159.138.146.214

🇺🇸 144.31.35.68