JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 203.29.27.212

203.29.27.212 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 0%: ?

ISP	PT. Java Digital Nusantara
Usage Type	Fixed Line ISP
ASN	AS135477
Domain Name	nusantara.net.id
Country	🇮🇩 Indonesia
City	Jember, East Java

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 203.29.27.212

Whois 203.29.27.212

IP Abuse Reports for 203.29.27.212:

This IP address has been reported a total of 20 times from 12 distinct sources. 203.29.27.212 was first reported on July 11th 2023, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Mölkky	2026-04-07 17:01:45 (2 months ago)	DDOS Attack (by infected device ?)	Web App Attack
🇨🇭 backslash	2026-03-28 07:36:55 (2 months ago)		Bad Web Bot
🇺🇸 kosada.com	2026-03-02 16:43:39 (3 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-28 06:58:25 (3 months ago)	(mod_security) mod_security (id:218580) triggered by 203.29.27.212 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218580) triggered by 203.29.27.212 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 28 01:58:14.631164 2026] [security2:error] [pid 30865:tid 30896] [client 203.29.27.212:33700] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\/\\\\[!+](?:[\\\\w\\\\s=_\\\\-()]+)?\\\\*\\\\/)" at ARGS:pageid. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/22_SQL_SQLi.conf"] [line "76"] [id "218580"] [rev "1"] [msg "COMODO WAF: MySQL in-line comment detected.\|\|mecconsultant.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "mecconsultant.com"] [uri "/projects.php"] [unique_id "aaKSBqCWEoHnBX0vapvcHAAAAJY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-20 18:46:48 (6 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇮🇩 hermawan	2025-05-03 03:58:21 (1 year ago)	[Sat May 03 09:47:33.202738 2025] [security2:error] [pid 346208:tid 140329504118464] [client 203.29. ... show more [Sat May 03 09:47:33.202738 2025] [security2:error] [pid 346208:tid 140329504118464] [client 203.29.27.212:6976] ModSecurity: Access denied with code 403 (phase 2). Match of "rx [0-9]\\\\s\\\\'\\\\s[0-9]" against "MATCHED_VAR" required. [file "/etc/modsecurity/coreruleset-4.13.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "1747"] [id "932240"] [msg "Remote Command Execution: Unix Command Injection evasion attempt detected"] [data " Matched Data ARGS charset: - Matched Data TX.1: found within Content-Type multipart form Matched Data: s1746240448$o1 found within MATCHED_VAR: GS2.1.s1746240448$o1$g0$t1746240448$j60$l0$h0 request_line = GET /images/vi_webp/qk_XTcUXhLA/maxresdefault.webp HTTP/2.0 Request URI RAW = /images/vi_webp/qk_XTcUXhLA/maxresdefault.webp Request Basename = maxresdefault.webp"] [severity "CRITICAL"] [ver "OWASP_CRS/4.13.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-02-21 07:29:22 (1 year ago)	[Fri Feb 21 14:26:47.287905 2025] [security2:error] [pid 158448:tid 139941006694080] [client 203.29. ... show more [Fri Feb 21 14:26:47.287905 2025] [security2:error] [pid 158448:tid 139941006694080] [client 203.29.27.212:38914] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "de" at REQUEST_HEADERS:Accept-Language. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "188"] [id "440001"] [msg "Seperti Ddos bahasa Rusia ada di ip vietnam 2.59.0.188 "] [data "Matched Data: de found within REQUEST_HEADERS:Accept-Language: id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6 request_line = GET /TableFilter/system-v170.css HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/TableFilter/system-v170.css"] [unique_id "Z7gqt66oekygN0S2Mfo-6AAApxs"], referer https://staklim-jatim.bmkg.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[158476] [45O56YlyYcU] [Z7gqt66oekygN0S2Mfo-6AAApxs] keep_alive=[1] [2025-02-21 14:26:47.287910] [R:Z7gqt66oekygN0S2Mfo-6AAApxs] UA:'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 ... show less	Hacking Web App Attack
🇮🇩 hermawan	2025-01-24 11:44:21 (1 year ago)	[Fri Jan 24 13:32:09.008201 2025] [security2:error] [pid 110547:tid 140458397181632] [client 203.29. ... show more [Fri Jan 24 13:32:09.008201 2025] [security2:error] [pid 110547:tid 140458397181632] [client 203.29.27.212:60427] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "myactivity.google.com" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "306"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: myactivity.google.com found within REQUEST_HEADERS:Referer: https://myactivity.google.com/ request_line = GET /images/gempa/webp/20250122101206.mmi.jpg.webp HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/gempa/webp/20250122101206.mmi.jpg.webp"] [unique_id "Z5Mz6UaMZTHP1kdjj0mpgAABYBQ"], referer https://myactivity.google.com/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[110568] [rmvV4mXXMpA] [Z5Mz6UaMZTHP1kdjj0mpgAABYBQ] keep_alive=[1] [2025-01-24 13:32:09.008205] [R:Z5Mz6UaMZTHP1kdjj0mpgAABYBQ] UA:'Mozilla/5.0 (iPhone; CPU iPhone OS 18_0_1 like Mac OS X) ... show less	Hacking Web App Attack
🇪🇸 el-brujo	2024-12-10 18:10:00 (1 year ago)	DDoS Attack Layer 7	DDoS Attack
🇷🇴 abuse_IP_reporter	2024-12-09 13:00:37 (1 year ago)	ddosattackagainspublicwebpagewithrandomstrings	DDoS Attack
🇷🇴 abuse_IP_reporter	2024-12-09 13:00:37 (1 year ago)	ddosattackagainspublicwebpagewithrandomstrings	DDoS Attack
🇷🇴 abuse_IP_reporter	2024-12-09 13:00:37 (1 year ago)	ddosattackagainspublicwebpagewithrandomstrings	DDoS Attack
🇺🇸 PulseServers	2024-11-19 05:33:50 (1 year ago)	Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com ... show more Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com - ISUS2 ... show less	DDoS Attack Exploited Host
Anonymous	2024-11-15 08:50:09 (1 year ago)		DDoS Attack
🇩🇪 Packets-Decreaser.NET	2024-11-04 07:40:19 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 172.70.80.208

🇺🇸 107.151.199.26

🇺🇸 137.184.85.24

🇬🇧 123.58.207.151

🇺🇸 91.245.236.89

🇱🇺 64.89.161.85

🇦🇺 45.67.96.137

🇦🇺 35.244.123.88

🇨🇳 218.4.110.186

🇮🇳 202.141.4.201

🇺🇸 147.185.132.122

🇨🇳 117.89.214.30

🇫🇷 95.111.235.75

🇺🇸 72.17.34.38

🇳🇱 217.60.195.229

🇳🇱 176.65.131.188

🇺🇸 162.216.150.186

🇺🇸 162.216.149.81

🇦🇴 102.213.34.99

🇱🇻 81.30.98.158