JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 42.240.130.62

42.240.130.62 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 37%: ?

37%

ISP	Shanghai UCloud Information Technology Company Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS58466
Hostname(s)	2913j5.cn wwdst.cn
Domain Name	ucloud.cn
Country	🇨🇳 China
City	Shenzhen, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 42.240.130.62

Whois 42.240.130.62

IP Abuse Reports for 42.240.130.62:

This IP address has been reported a total of 22 times from 9 distinct sources. 42.240.130.62 was first reported on February 26th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-06-06 21:40:11 (1 day ago)	[Sun Jun 07 04:40:08.035735 2026] [security2:error] [pid 316292:tid 140594151143104] [client 42.240. ... show more [Sun Jun 07 04:40:08.035735 2026] [security2:error] [pid 316292:tid 140594151143104] [client 42.240.130.62:23082] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "utf-8" at REQUEST_HEADERS:Accept-Charset. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "361"] [id "440015"] [msg "Bot Accept-Charset utf-8"] [data "Matched Data: utf-8 found within REQUEST_HEADERS:Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3 request_line = GET / HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "aiSTuG5qiV-dbnGVuOFm6AACSwM"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[316296] [/+X3nhyzGbM] [aiSTuG5qiV-dbnGVuOFm6AACSwM] keep_alive=[1] [2026-06-07 04:40:08.035738] [R:aiSTuG5qiV-dbnGVuOFm6AACSwM] UA:'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9, ... show less	Email Spam Hacking
🇨🇭 4server	2026-06-06 05:43:13 (1 day ago)	[SatJun0607:43:08.1696692026][security2:error][pid681851:tid682081][client42.240.130.62:0]ModSecurit ... show more [SatJun0607:43:08.1696692026][security2:error][pid681851:tid682081][client42.240.130.62:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"felinescubicle.ch\"][uri\"/\"][unique_id\"aiOzbNNyjmVy8YYvUb_QAwAAAQg\"] show less	Hacking Web App Attack
🇯🇵 pixelboost.kr	2026-06-03 20:20:52 (4 days ago)	42.240.130.62 - - [04/Jun/2026:05:20:50 +0900] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 6 ... show more 42.240.130.62 - - [04/Jun/2026:05:20:50 +0900] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-03 17:29:26 (4 days ago)	[WedJun0319:29:21.7487032026][security2:error][pid2072934:tid2073042][client42.240.130.62:0]ModSecur ... show more [WedJun0319:29:21.7487032026][security2:error][pid2072934:tid2073042][client42.240.130.62:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"mail.traslochiamo.ch\"][uri\"/\"][unique_id\"aiBkcXOdiM424oZleGZ9zQAAAMQ\"] show less	Port Scan Brute-Force Web App Attack
🇨🇭 4server	2026-06-03 01:50:31 (4 days ago)	[WedJun0303:50:28.5513002026][security2:error][pid662514:tid662758][client42.240.130.62:0]ModSecurit ... show more [WedJun0303:50:28.5513002026][security2:error][pid662514:tid662758][client42.240.130.62:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"4server.biz\"][uri\"/\"][unique_id\"ah-IZAeX45NB9bLPBwKiuwAAARQ\"] show less	Hacking Web App Attack
🇩🇪 4server	2026-05-31 04:21:38 (1 week ago)	[SunMay3106:21:31.1298852026][security2:error][pid590545:tid590656][client42.240.130.62:0]ModSecurit ... show more [SunMay3106:21:31.1298852026][security2:error][pid590545:tid590656][client42.240.130.62:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"hercules.li\"][uri\"/\"][unique_id\"ahu3S1y-1eeebBeXdjcTggAAAQo\"] show less	Port Scan Brute-Force Web App Attack
🇬🇧 PeravixGroup	2026-05-27 22:28:54 (1 week ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-27 15:13:21 (1 week ago)	Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Sever ... show more Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇹🇷 Threat.live	2026-05-25 13:40:05 (1 week ago)	Suspicious Connection Attempts	Brute-Force
🇮🇩 hermawan	2026-05-20 13:02:21 (2 weeks ago)	[Wed May 20 20:02:18.884309 2026] [security2:error] [pid 863607:tid 140082472269504] [client 42.240. ... show more [Wed May 20 20:02:18.884309 2026] [security2:error] [pid 863607:tid 140082472269504] [client 42.240.130.62:38272] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "utf-8" at REQUEST_HEADERS:Accept-Charset. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "403"] [id "440015"] [msg "Bot Accept-Charset utf-8"] [data "Matched Data: utf-8 found within REQUEST_HEADERS:Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "ag2w2nsUl-e2Qw3dhlnfowAAAEg"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[863642] [gsvXZ/+G1bs] [ag2w2nsUl-e2Qw3dhlnfowAAAEg] keep_alive=[0] [2026-05-20 20:02:18.884314] [R:ag2w2nsUl-e2Qw3dhlnfowAAAEg] UA:'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9, ... show less	Email Spam Hacking
🇦🇹 Starburst SysOp Team	2026-05-04 11:09:03 (1 month ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-vie6-1)	Hacking Bad Web Bot
🇨🇳 ThreatBook.io	2026-04-03 01:28:18 (2 months ago)	ThreatBook Intelligence: Zombie,Dynamic IP more details on https://threatbook.io/ip/42.240.130.62	SSH
🇨🇳 ThreatBook.io	2026-02-28 00:24:19 (3 months ago)	ThreatBook Intelligence: Zombie,Dynamic IP more details on https://threatbook.io/ip/42.240.130.62 20 ... show more ThreatBook Intelligence: Zombie,Dynamic IP more details on https://threatbook.io/ip/42.240.130.62 2026-02-27 07:22:48 /excanvas.js 2026-02-27 07:22:49 /libs/rsa.js?v=582537319 2026-02-27 07:22:49 /jssdk/common/errcode.js?v=582537319 2026-02-27 07:22:47 / 2026-02-27 07:22:49 /libs/base64.js?v=582537319 2026-02-27 07:22:48 /favicon.ico 2026-02-27 07:22:49 /common/map.js?v=582537319 2026-02-27 07:22:48 /libs/clipboard.min.js?v=582537319 2026-02-27 07:22:49 /libs/respond.js?v=582537319 show less	Web App Attack
🇫🇷 masterguru	2026-02-25 04:14:57 (3 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.62 (CN/China/2913j5.cn): 1 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.62 (CN/China/2913j5.cn): 1 in the last 3600 secs (0-197) show less	Hacking
🇫🇷 masterguru	2026-02-16 08:25:37 (3 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.62 (CN/China/2913j5.cn): 1 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.62 (CN/China/2913j5.cn): 1 in the last 3600 secs (0-196) show less	Hacking

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 116.110.14.194

🇨🇳 111.124.54.213

🇺🇸 104.194.10.16

🇭🇰 101.36.118.148

🇦🇲 93.94.223.195

🇳🇱 85.11.167.11

🇸🇬 51.79.180.236

🇧🇪 34.62.142.61

🇺🇸 2001:470:1:fb5::2a1

🇺🇸 205.210.31.36

🇩🇪 178.105.221.132

🇺🇸 161.0.2.68

🇵🇰 160.187.180.175

🇺🇸 147.185.132.129

🇮🇳 122.187.173.10

🇸🇬 118.26.111.107

🇻🇳 116.110.14.186

🇨🇳 115.198.106.199

🇷🇺 83.246.133.16

🇩🇪 77.91.71.10