JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 84.239.42.59

84.239.42.59 was found in our database!

This IP was reported 56 times. Confidence of Abuse is 27%: ?

27%

ISP	ORIGIN INTERNET NETWORK
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	castlegem.co.uk
Country	🇺🇦 Ukraine
City	Sofiyivska Borschagivka, Kyiv Oblast

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 84.239.42.59

Whois 84.239.42.59

IP Abuse Reports for 84.239.42.59:

This IP address has been reported a total of 56 times from 44 distinct sources. 84.239.42.59 was first reported on April 2nd 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 securejdprop	2026-05-09 22:15:54 (1 month ago)	This IP was detected by CrowdSec triggering crowdsecurity/vpatch-env-access. WAF block: crowdsecurit ... show more This IP was detected by CrowdSec triggering crowdsecurity/vpatch-env-access. WAF block: crowdsecurity/vpatch-env-access from 84.239.42.59 (172.18.0.2) show less	Hacking Web App Attack
🇦🇺 2000cn.com.au	2026-05-09 21:42:12 (1 month ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇧🇪 voormedia	2026-05-09 21:41:17 (1 month ago)	Accessed trap at '/.env'	Web App Attack
🇯🇵 Watch40x	2026-05-09 21:31:01 (1 month ago)	Automated report from Watch40x security system. Web application probing detected.	Web App Attack
🇬🇧 CrystalMaker	2026-05-09 20:31:48 (1 month ago)	Vulnerability scan - GET /.env	Hacking
🇺🇸 TPI-Abuse	2026-05-09 19:41:32 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 84.239.42.59 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 84.239.42.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 15:41:28.077746 2026] [security2:error] [pid 9522:tid 9522] [client 84.239.42.59:34367] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "quakeprediction.com"] [uri "/.env"] [unique_id "af-N6Pzrs9CHGAoX1omYogAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 MusicLibrary	2026-05-09 19:37:33 (1 month ago)	Attempted access to sensitive configuration files (.env, .git, etc.)	Bad Web Bot Web App Attack
🇯🇵 Short-legs-Spider	2026-05-09 18:49:00 (1 month ago)	Test on existence -- [10/May/2026:03:49:00 +0900] "GET /.env HTTP/1.1" 403 76 "-" "-"	Web App Attack
🇯🇵 VXG-NET	2026-05-09 18:48:10 (1 month ago)	port=80, indicator_type=info-leak	Hacking
🇫🇷 Dampen59	2026-01-24 11:01:00 (4 months ago)	(smtpauth) Failed SMTP AUTH login from 84.239.42.59 (UA/Ukraine/-): 5 in the last 3600 secs; Ports: ... show more (smtpauth) Failed SMTP AUTH login from 84.239.42.59 (UA/Ukraine/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: 2026-01-24 11:00:31 dovecot_login authenticator failed for H=(ADMIN) [84.239.42.59]:2576: 535 Incorrect authentication data ([email protected]) 2026-01-24 11:00:47 dovecot_login authenticator failed for H=(ADMIN) [84.239.42.59]:39894: 535 Incorrect authentication data ([email protected]) 2026-01-24 11:00:49 dovecot_login authenticator failed for H=(ADMIN) [84.239.42.59]:64827: 535 Incorrect authentication data ([email protected]) 2026-01-24 11:00:56 dovecot_login authenticator failed for H=(ADMIN) [84.239.42.59]:1214: 535 Incorrect authentication data ([email protected]) 2026-01-24 11:00:58 dovecot_login authenticator failed for H=(ADMIN) [84.239.42.59]:2677: 535 Incorrect authentication data ([email protected]) show less	Port Scan
🇺🇸 jfz-abuse	2025-12-16 05:17:45 (6 months ago)	fail2ban: apache-proxy ...	Web App Attack
Anonymous	2025-11-25 08:55:53 (6 months ago)	scanning http requests from known botnet	Web App Attack
🇬🇧 Apache	2025-11-20 21:55:35 (6 months ago)	(mod_security) mod_security (id:210801) triggered by 84.239.42.59 (UA/Ukraine/-): 5 in the last 300 ... show more (mod_security) mod_security (id:210801) triggered by 84.239.42.59 (UA/Ukraine/-): 5 in the last 300 secs show less	Brute-Force Web App Attack
Anonymous	2025-11-20 18:28:53 (6 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-03 05:45:45 (7 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.11.03 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.11.03 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 56 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 223.181.44.143

🇨🇴 201.184.50.251

🇩🇪 167.94.145.30

🇺🇸 162.216.149.23

🇺🇸 142.93.183.153

🇳🇱 91.92.40.24

🇳🇱 45.153.34.195

🇺🇸 34.182.90.187

🇲🇦 196.92.7.246

🇲🇽 187.190.35.163

🇨🇴 186.84.88.26

🇳🇱 178.253.23.61

🇬🇧 178.239.198.176

🇸🇦 149.109.244.146

🇬🇧 138.68.156.101

🇪🇸 84.126.104.205

🇺🇸 50.6.228.32

🇹🇿 41.93.28.12

🇪🇸 37.11.184.165

🇱🇻 185.22.175.148