JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.30.36.102

212.30.36.102 was found in our database!

This IP was reported 361 times. Confidence of Abuse is 91%: ?

91%

ISP	M Nets SAL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS137409
Domain Name	mnets.net
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.30.36.102

Whois 212.30.36.102

IP Abuse Reports for 212.30.36.102:

This IP address has been reported a total of 361 times from 157 distinct sources. 212.30.36.102 was first reported on November 3rd 2022, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 SSH-Admin	2025-11-21 14:42:15 (6 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇫🇷 uhlhosting	2025-11-18 04:55:52 (6 months ago)	dubfromtheground.com 212.30.36.102 - - [18/Nov/2025:05:55:46.111412 +0100] "GET /.well-known/include ... show more dubfromtheground.com 212.30.36.102 - - [18/Nov/2025:05:55:46.111412 +0100] "GET /.well-known/include.php HTTP/1.1" 403 199 "-" "-" aRv8UrnmvxvVpasw4eh4TAAAAI4 "-" /apache/20251118/20251118-0555/20251118-055546-aRv8UrnmvxvVpasw4eh4TAAAAI4 0 1075 md5:af0bb0a3c93c736c8465a21b4ba4364e dubfromtheground.com 212.30.36.102 - - [18/Nov/2025:05:55:48.197444 +0100] "GET /wp-includes/js/tinymce/plugins/fullscreen/about.php HTTP/1.1" 403 199 "-" "-" aRv8VLnmvxvVpasw4eh4XwAAAJA "-" /apache/20251118/20251118-0555/20251118-055548-aRv8VLnmvxvVpasw4eh4XwAAAJA 0 1112 md5:2e6e141129821443cd366f38c9772fac dubfromtheground.com 212.30.36.102 - - [18/Nov/2025:05:55:48.491577 +0100] "GET /wp-includes/block-supports/about.php HTTP/1.1" 403 199 "-" "-" aRv8VLnmvxvVpasw4eh4cQAAAIw "-" /apache/20251118/20251118-0555/20251118-055548-aRv8VLnmvxvVpasw4eh4cQAAAIw 0 1116 md5:97588801e88c67f6bd0e23d9ecf6254f dubfromtheground.com 212.30.36.102 - - [18/Nov/2025:05:55:50.415437 +0100] "GET /.well-known/bosctspi.php HTTP ... show less	DDoS Attack Brute-Force
🇧🇪 cmbplf	2025-11-18 03:30:21 (6 months ago)	842 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇦🇺 AWW-Admin	2025-11-17 23:30:40 (6 months ago)	(wordpress) Failed wordpress login from 212.30.36.102 (DE/Germany/-)	Brute-Force
🇫🇷 dynamix	2025-11-17 16:29:04 (6 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2025-11-11 10:17:00 (6 months ago)	(mod_security) mod_security (id:240000) triggered by 212.30.36.102 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240000) triggered by 212.30.36.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 11 05:16:53.882772 2025] [security2:error] [pid 13141:tid 13141] [client 212.30.36.102:0] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|kryptonome.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "kryptonome.com"] [uri "/images/stories/themes.php"] [unique_id "aRMNFZJ1phKG_QYHKIffTQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2025-11-11 09:25:24 (6 months ago)	210 requests with url.path /.well-known/acme-challenge/.php	Brute-Force Bad Web Bot
🇮🇳 dineshskt4all	2025-11-04 18:40:39 (6 months ago)	[Tue Nov 04 18:40:37.490339 2025] [proxy_fcgi:error] [pid 2967970:tid 139002749331136] [client 212.3 ... show more [Tue Nov 04 18:40:37.490339 2025] [proxy_fcgi:error] [pid 2967970:tid 139002749331136] [client 212.30.36.102:0] AH01071: Got error 'Primary script unknown', referer: http://ninfotech.in//wp.php ... show less	Brute-Force
🇺🇸 TPI-Abuse	2025-11-01 10:13:01 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 212.30.36.102 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.36.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 06:12:54.105698 2025] [security2:error] [pid 15011:tid 15011] [client 212.30.36.102:27719] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.blue-attitude.net"] [uri "/.env"] [unique_id "aQXdJooqthZCKYRxVy8ZqgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-10 04:22:36 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 212.30.36.102 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.36.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 10 00:22:29.470690 2025] [security2:error] [pid 24953:tid 24953] [client 212.30.36.102:63539] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|uppermotradingco.com\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "uppermotradingco.com"] [uri "/wallet.dat"] [unique_id "aOiKBYlVaqrEJHvcxdEd3wAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-10-08 20:49:08 (7 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 23-49.212.30.36.102.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 23-49.212.30.36.102.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇺🇸 Penny Packer	2025-10-07 14:14:43 (7 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇯🇵 Valhalla	2025-09-27 03:19:36 (8 months ago)	/bak/backup.sql	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-09-18 01:27:49 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 212.30.36.102 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.36.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 17 21:27:45.574005 2025] [security2:error] [pid 5227:tid 5227] [client 212.30.36.102:45949] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|usbea.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "usbea.com"] [uri "/backup.sql"] [unique_id "aMtgERM_or0RbWqiXiiF1QAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-09-16 19:21:01 (8 months ago)	sql injection	Web App Attack

Showing 121 to 135 of 361 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 2a00:1450:4001:c00::126

🇰🇷 183.104.26.197

🇩🇪 167.99.240.181

🇹🇭 165.154.119.20

🇩🇪 46.101.148.66

🇺🇦 37.221.129.28

🇺🇸 162.216.150.36

🇺🇸 124.198.131.39

🇺🇸 24.97.253.246

🇹🇷 5.26.190.79

🇧🇪 198.235.24.209

🇳🇱 192.253.248.169

🇲🇽 189.150.55.237

🇨🇳 182.244.0.150

🇺🇸 147.185.132.87

🇬🇧 147.148.205.252

🇧🇩 103.183.62.1

🇨🇾 85.208.98.19

🇫🇷 79.137.87.90

🇺🇸 45.92.229.130