JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.30.211.135

103.30.211.135 was found in our database!

This IP was reported 50 times. Confidence of Abuse is 100%: ?

100%

ISP	G-Core Labs S.A.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS202422
Hostname(s)	prep-fetish-0e1.example.com
Domain Name	gcore.com
Country	🇦🇺 Australia
City	Sydney, New South Wales

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.30.211.135

Whois 103.30.211.135

IP Abuse Reports for 103.30.211.135:

This IP address has been reported a total of 50 times from 37 distinct sources. 103.30.211.135 was first reported on January 16th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Donovan	2026-06-24 11:33:24 (1 hour ago)	Web scan/exploit blocked by fail2ban on commitshift.fr - jail: npm-scan - 1 attempt(s)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 11:30:45 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 103.30.211.135 (prep-fetish-0e1.example.com): 1 ... show more (mod_security) mod_security (id:210492) triggered by 103.30.211.135 (prep-fetish-0e1.example.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 07:30:37.684997 2026] [security2:error] [pid 16166:tid 16166] [client 103.30.211.135:59668] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.7"] [uri "/.env"] [unique_id "aju_3dEFMWV936xadLSUBQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 jfz-abuse	2026-06-24 10:17:18 (3 hours ago)	fail2ban: apache-filepath-recon ...	Web App Attack
Anonymous	2026-06-24 10:02:58 (3 hours ago)	103.30.211.135 - - [24/Jun/2026:10:02:52 +0000] "GET /.env HTTP/1.1" 444 0 "-" "python-requests/2.34 ... show more 103.30.211.135 - - [24/Jun/2026:10:02:52 +0000] "GET /.env HTTP/1.1" 444 0 "-" "python-requests/2.34.2" ... show less	Bad Web Bot Web App Attack
🇮🇪 AutosOnShow	2026-06-24 08:41:05 (4 hours ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-24 08:40:35.098 \|	Web App Attack
🇮🇪 AutosOnShow	2026-06-24 08:01:05 (5 hours ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-24 08:00:23.049 \|	Web App Attack
🇮🇩 PENJAGA.AUM	2026-06-24 06:50:00 (6 hours ago)	103.30.211.135 - Attack: Possible XSS attack, js event handler	Web App Attack SQL Injection Spoofing
🇩🇰 RhQM	2026-06-24 06:40:12 (6 hours ago)		Bad Web Bot Exploited Host Web App Attack
🇧🇷 diego	2026-06-24 06:39:14 (6 hours ago)	[arem1] 2026-06-24 06:21:59, Client: 103.30.211.135, Protocol: 6, Unauthorized activity to HTTP: GET ... show more [arem1] 2026-06-24 06:21:59, Client: 103.30.211.135, Protocol: 6, Unauthorized activity to HTTP: GET /.env show less	Web App Attack
🇮🇪 AutosOnShow	2026-06-24 06:22:05 (6 hours ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-24 06:21:16.174 \|	Web App Attack
🇺🇸 NXTwoThou	2026-06-24 05:52:40 (7 hours ago)	/.env	Web App Attack
🇩🇪 maxpower	2026-06-24 05:18:51 (8 hours ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 103.30.211.135 (AU/Australia/prep-fetish ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 103.30.211.135 (AU/Australia/prep-fetish-0e1.example.com): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 103.30.211.135 - - [24/Jun/2026:07:18:43 +0200] "GET /.env HTTP/1.1" 403 146 "-" "python-requests/2.34.2" "-" host=51.89.2.99 103.30.211.135 - - [24/Jun/2026:07:18:44 +0200] "GET /.env HTTP/1.1" 403 146 "-" "python-requests/2.34.2" "-" host=51.89.2.99 show less	Port Scan
🇺🇸 RogueAutomata	2026-06-24 05:08:29 (8 hours ago)	Detected malicious request: GET /.env Detections triggered: Environment/config probe Automated user ... show more Detected malicious request: GET /.env Detections triggered: Environment/config probe Automated user-agent Access via IP addr (v4) show less	Web App Attack
Anonymous	2026-06-24 05:01:01 (8 hours ago)	<jail> banned by fail2ban	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 04:30:43 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 103.30.211.135 (prep-fetish-0e1.example.com): 1 ... show more (mod_security) mod_security (id:210492) triggered by 103.30.211.135 (prep-fetish-0e1.example.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 00:30:37.565210 2026] [security2:error] [pid 29384:tid 29384] [client 103.30.211.135:55911] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.149"] [uri "/.env"] [unique_id "ajtdbebvWEl4Q4E_nOu-1AAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 50 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 113.161.222.150

🇪🇸 80.103.63.136

🇬🇧 216.226.76.20

🇳🇱 195.178.110.30

🇦🇷 186.96.195.96

🇨🇳 150.139.201.247

🇨🇳 117.72.152.142

🇷🇺 93.77.187.140

🇳🇱 91.92.40.4

🇺🇸 65.49.1.180

🇺🇸 205.210.31.34

🇺🇸 172.203.149.63

🇺🇸 66.132.195.30

🇱🇹 62.60.130.60

🇲🇾 47.250.82.24

🇳🇱 45.198.224.46

🇺🇸 43.135.134.180

🇩🇯 197.241.43.78

🇸🇬 103.187.146.90

🇷🇴 80.94.92.152