JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 42.240.130.92

42.240.130.92 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 19%: ?

19%

ISP	Shanghai UCloud Information Technology Company Limited
Usage Type	Commercial
ASN	AS58466
Domain Name	ucloud.cn
Country	🇨🇳 China
City	Shenzhen, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 42.240.130.92

Whois 42.240.130.92

IP Abuse Reports for 42.240.130.92:

This IP address has been reported a total of 27 times from 14 distinct sources. 42.240.130.92 was first reported on May 18th 2021, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-05-27 17:16:42 (3 weeks ago)	[WedMay2719:16:38.3721712026][security2:error][pid3518514:tid3518567][client42.240.130.92:0]ModSecur ... show more [WedMay2719:16:38.3721712026][security2:error][pid3518514:tid3518567][client42.240.130.92:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"mail.titrasloco.ch\"][uri\"/\"][unique_id\"ahcm9uQJD-itz_ZTSiDHjAAAAFE\"] show less	Port Scan Brute-Force Web App Attack
🇬🇧 PeravixGroup	2026-05-21 01:35:17 (4 weeks ago)	Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Sever ... show more Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-18 05:09:45 (1 month ago)	Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2376. Sever ... show more Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2376. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇨🇭 GAS	2026-05-05 07:11:01 (1 month ago)	Direct IP access. 42.240.130.92 - - [05/May/2026:09:10:58 +0200] "GET / HTTP/1.1" 402 2747 "-" "Mozi ... show more Direct IP access. 42.240.130.92 - - [05/May/2026:09:10:58 +0200] "GET / HTTP/1.1" 402 2747 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "REDACTED:80" "" 42.240.130.92 - - [05/May/2026:09:11:00 +0200] "GET /favicon.ico HTTP/1.1" 402 2752 "http://REDACTED:80" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "REDACTED:80" "" ... show less	Port Scan Web App Attack
🇭🇺 kranem	2026-05-03 15:00:25 (1 month ago)	Triggered Cloudflare WAF from CN. Action taken: BLOCK ASN: 58466 (CHINANET Guangdong province networ ... show more Triggered Cloudflare WAF from CN. Action taken: BLOCK ASN: 58466 (CHINANET Guangdong province network) Protocol: HTTP/2 (GET method) Endpoint: / Timestamp: 2026-05-03T13:03:17Z User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 show less	Bad Web Bot
🇯🇵 pixelboost.kr	2026-04-30 19:16:33 (1 month ago)	42.240.130.92 - - [01/May/2026:04:16:32 +0900] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 6 ... show more 42.240.130.92 - - [01/May/2026:04:16:32 +0900] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 wteiken	2026-04-20 23:28:27 (1 month ago)	2026-04-20T19:28:16.372540-04:00 nostromo.teiken.net kernel: [198659.043352] syn_limit:IN=en-wan OUT ... show more 2026-04-20T19:28:16.372540-04:00 nostromo.teiken.net kernel: [198659.043352] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=42.240.130.92 DST=74.101.29.71 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=5437 DF PROTO=TCP SPT=59362 DPT=443 WINDOW=1412 RES=0x00 SYN URGP=0 2026-04-20T19:28:17.372545-04:00 nostromo.teiken.net kernel: [198660.049446] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=42.240.130.92 DST=74.101.29.71 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=5438 DF PROTO=TCP SPT=59362 DPT=443 WINDOW=1412 RES=0x00 SYN URGP=0 2026-04-20T19:28:20.452541-04:00 nostromo.teiken.net kernel: [198663.122284] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=42.240.130.92 DST=74.101.29.71 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=62110 DF PROTO=TCP SPT=59370 DPT=443 WINDOW=1412 RES=0x00 SYN URGP=0 2026-04-20T19:28:22.372544-04:00 nostromo.teiken.net kernel: [198665.048358] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c ... show less	Port Scan
🇭🇺 Geppetto	2026-03-15 12:56:04 (3 months ago)	Connection to IP instead of Domain-Name, HTTP request to HTTPS port [15/Mar/2026:13:56:04 +0100] 400 ... show more Connection to IP instead of Domain-Name, HTTP request to HTTPS port [15/Mar/2026:13:56:04 +0100] 400 - GET http "/" [Client 42.240.130.92] [Length 654] [Gzip -] "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "-" ... show less	Bad Web Bot Web App Attack
🇱🇹 Evag Touf	2026-03-10 14:22:14 (3 months ago)	(mod_security) mod_security triggered on hostname [redacted] 42.240.130.92 (CN/China/-)	SQL Injection
🇸🇪 KIDOS	2026-02-26 12:27:18 (3 months ago)	Apache monitor: ssrf_log_spoofing	Brute-Force SSH
🇫🇷 masterguru	2026-02-25 04:14:39 (3 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.92 (CN/China/-): 1 in the ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.92 (CN/China/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇫🇷 masterguru	2026-02-15 06:01:41 (4 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.92 (CN/China/-): 1 in the ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.92 (CN/China/-): 1 in the last 3600 secs (0-193) show less	Hacking
Anonymous	2026-02-12 00:53:35 (4 months ago)	GET / \| UA: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 ... show more GET / \| UA: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 \| Time: 2026-02-12 00:53:35 UTC show less	Web App Attack
🇫🇷 masterguru	2026-02-11 03:30:46 (4 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.92 (CN/China/-): 1 in the ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.92 (CN/China/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇫🇷 masterguru	2026-02-10 06:11:27 (4 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.92 (CN/China/-): 1 in the ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 42.240.130.92 (CN/China/-): 1 in the last 3600 secs (0-195) show less	Hacking

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.247.137.13

🇷🇺 151.252.84.225

🇭🇰 118.193.44.184

🇳🇱 81.19.216.67

🇳🇱 193.176.31.249

🇳🇱 185.223.235.26

🇰🇿 164.40.121.223

🇪🇸 162.120.232.190

🇺🇸 142.4.31.180

🇳🇱 89.21.67.149

🇫🇷 85.217.140.46

🇿🇦 82.21.245.51

🇳🇱 31.56.209.125

🇫🇷 195.154.211.56

🇳🇱 91.92.40.6

🇸🇬 43.156.92.183

🇺🇸 20.245.71.147

🇶🇦 2a04:7f80:30f2:3700:c9c4:4315:9ab8:86a3

🇺🇸 209.143.33.193

🇦🇲 195.250.79.2