JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 42.242.8.9

42.242.8.9 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 100%: ?

100%

ISP	CHINANET YunNan PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4134
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Kunming, Yunnan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 42.242.8.9

Whois 42.242.8.9

IP Abuse Reports for 42.242.8.9:

This IP address has been reported a total of 38 times from 30 distinct sources. 42.242.8.9 was first reported on June 9th 2026, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 JCB	2026-06-10 07:53:00 (5 hours ago)	42.242.8.9 - - [09/Jun/2026:11:57:59 +0300] "POST /cgi-bin/../../../../../../../../../../bin/sh HTTP ... show more 42.242.8.9 - - [09/Jun/2026:11:57:59 +0300] "POST /cgi-bin/../../../../../../../../../../bin/sh HTTP/1.1" 400 266 "-" "libredtail-http" ... show less	Web App Attack Hacking
🇹🇭 Sawasdee	2026-06-10 03:51:07 (9 hours ago)	SSH break in attempt ...	SSH
🇺🇸 RAP	2026-06-10 03:44:06 (9 hours ago)	2026-06-10 03:44:06 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
🇺🇸 xmission.com	2026-06-10 02:06:36 (10 hours ago)	Blocked by UFW (TCP on 23) Source port: 53127 TTL: 49 Packet length: 44 TOS: 0x08 This report (for ... show more Blocked by UFW (TCP on 23) Source port: 53127 TTL: 49 Packet length: 44 TOS: 0x08 This report (for 42.242.8.9) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Hacking Brute-Force
🇺🇸 xmission.com	2026-06-10 01:26:46 (11 hours ago)	Blocked by UFW (TCP on 2222) Source port: 61507 TTL: 51 Packet length: 44 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2222) Source port: 61507 TTL: 51 Packet length: 44 TOS: 0x00 This report (for 42.242.8.9) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇮🇪 AutosOnShow	2026-06-10 01:26:05 (11 hours ago)	blocked for webapp attack \| path requested: /hello.world \| seen at 2026-06-10 01:25:17.606 \|	Web App Attack
🇦🇹 urnilxfgbez	2026-06-09 22:45:00 (14 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 TPI-Abuse	2026-06-09 20:58:30 (16 hours ago)	(mod_security) mod_security (id:218420) triggered by 42.242.8.9 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:218420) triggered by 42.242.8.9 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 16:58:13.998945 2026] [security2:error] [pid 12184:tid 12197] [client 42.242.8.9:41802] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.83:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.83"] [uri "/hello.world"] [unique_id "aih-ZXQo1eGqIdJvMpqQUwAAAEo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Freenex1911	2026-06-09 20:21:48 (16 hours ago)	2026-06-09T22:18:49.827180+02:00 bear sshd[432743]: pam_unix(sshd:auth): authentication failure; log ... show more 2026-06-09T22:18:49.827180+02:00 bear sshd[432743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.242.8.9 2026-06-09T22:18:52.408292+02:00 bear sshd[432743]: Failed password for invalid user admin from 42.242.8.9 port 45038 ssh2 2026-06-09T22:21:47.788558+02:00 bear sshd[433821]: Invalid user orangepi from 42.242.8.9 port 34790 ... show less	Brute-Force SSH
🇩🇪 formality	2026-06-09 20:04:58 (16 hours ago)	Invalid user admin from 42.242.8.9 port 46034	Brute-Force SSH
Anonymous	2026-06-09 20:04:08 (16 hours ago)	IP & Port Scan.	SSH Port Scan Brute-Force
🇵🇱 sefinek.net	2026-06-09 18:20:46 (18 hours ago)	Honeypot hit: SSH handshake/banner (24 bytes of payload); 2222 [1] TCP Reported by: https://github.c ... show more Honeypot hit: SSH handshake/banner (24 bytes of payload); 2222 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	SSH
Anonymous	2026-06-09 18:00:07 (19 hours ago)	PROTO=TCP DPT=23	Port Scan Hacking
🇬🇧 PeravixGroup	2026-06-09 17:02:25 (19 hours ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇩🇪 ghostwarriors	2026-06-09 16:50:39 (20 hours ago)	Unauthorized connection attempt detected, SSH Brute-Force	Brute-Force Port Scan SSH

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 125.20.237.142

🇨🇳 221.203.90.10

🇺🇸 205.210.31.21

🇺🇸 192.174.83.93

🇩🇪 158.94.208.149

🇮🇳 139.59.6.237

🇮🇳 103.162.75.232

🇬🇧 103.106.66.77

🇫🇷 91.196.152.250

🇧🇷 45.178.227.0

🇪🇸 34.175.118.185

🇺🇸 34.162.42.242

🇺🇸 8.34.210.44

🇮🇪 3.252.122.232

🇸🇬 203.116.129.55

🇵🇱 194.180.49.142

🇧🇷 179.181.133.153

🇮🇳 152.59.41.152

🇨🇦 85.217.149.55

🇺🇸 66.132.224.25