JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.30.36.56

212.30.36.56 was found in our database!

This IP was reported 383 times. Confidence of Abuse is 93%: ?

93%

ISP	M Nets SAL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS137409
Domain Name	mnets.net
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.30.36.56

Whois 212.30.36.56

IP Abuse Reports for 212.30.36.56:

This IP address has been reported a total of 383 times from 144 distinct sources. 212.30.36.56 was first reported on March 21st 2022, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Penny Packer	2025-04-08 01:49:38 (1 year ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2025-04-08 01:37:20 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 07 21:37:09.379350 2025] [security2:error] [pid 18451:tid 18525] [client 212.30.36.56:46079] [client 212.30.36.56] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nobletitles.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nobletitles.org"] [uri "/back/www.sql"] [unique_id "Z_R9xR5yrlkBYIrgILmTIgAAAgY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-02 00:31:43 (1 year ago)	(mod_security) mod_security (id:210831) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210831) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 01 20:31:35.276281 2025] [security2:error] [pid 1429570:tid 1429570] [client 212.30.36.56:50883] [client 212.30.36.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|backstore.com\|F\|4"] [data "a href="] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "backstore.com"] [uri "/webalizer/usage_202504.html"] [unique_id "Z-yFZ80ZVxTPYqzzKfVUFQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-03-28 04:30:21 (1 year ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇺🇸 TPI-Abuse	2025-03-21 23:21:57 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 21 19:21:50.710967 2025] [security2:error] [pid 1989:tid 1989] [client 212.30.36.56:36437] [client 212.30.36.56] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|sptzr.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sptzr.net"] [uri "/backup/www.sql"] [unique_id "Z930jsrR6HV-STsFCmd9nwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-03-21 22:58:47 (1 year ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2025-03-12 21:06:12 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 12 17:06:07.520736 2025] [security2:error] [pid 14391:tid 14413] [client 212.30.36.56:58597] [client 212.30.36.56] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "giere.us"] [uri "/.env"] [unique_id "Z9H3Pyg-G9oisnBvdhWn8AAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 niceshops.com	2025-03-12 18:49:12 (1 year ago)	Web Attack (12/Mar/2025:19:44:10.131", "frontend": "frontend_disco", "backend": "frontend_disco", "b ... show more Web Attack (12/Mar/2025:19:44:10.131", "frontend": "frontend_disco", "backend": "frontend_disco", "backend_server": "<NOSRV>", "time_request": 0, "time_wait": -1, "time_connect": -1, "time_response": -1, "time_active": 0, "status": 301, "bytes_read": 128, "termination_state": "LR--", "actconn": 111, "feconn": 110, "beconn": 0, "srv_conn": 0, "retries": 0, "srv_queue": 0, "backend_queue": 0, "capture_request": "{\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|}", "capture_response GET /.env) show less	Web App Attack
🇮🇹 mgarofano80	2025-03-11 23:26:26 (1 year ago)		Brute-Force Web App Attack
🇨🇳 ThreatBook.io	2025-03-11 22:55:27 (1 year ago)	ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/212.30.36.56 2025-03 ... show more ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/212.30.36.56 2025-03-11 13:07:28 / show less	Web App Attack
🇺🇸 LotPhantom	2025-03-11 12:11:31 (1 year ago)	212.30.36.56 - - [11/Mar/2025:12:11:06 +0000] "GET / HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT ... show more 212.30.36.56 - - [11/Mar/2025:12:11:06 +0000] "GET / HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" "0" ... show less	Web App Attack
🇪🇸 librebit	2025-03-03 14:24:15 (1 year ago)	Brute force	Brute-Force
🇺🇸 TPI-Abuse	2025-02-18 10:29:24 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.36.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 18 05:29:18.241615 2025] [security2:error] [pid 22510:tid 22510] [client 212.30.36.56:34169] [client 212.30.36.56] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|asiabeef.network\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "asiabeef.network"] [uri "/bak/mysql.sql"] [unique_id "Z7Rg_hbqU7ElogEbaQDUDQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-02-13 14:08:36 (1 year ago)	Malicious activity detected	Hacking Web App Attack
Anonymous	2025-02-12 21:53:22 (1 year ago)	Attempted brute force login to web vpn 23 time(s); last attempt for 2025.02.12 is noted in report ti ... show more Attempted brute force login to web vpn 23 time(s); last attempt for 2025.02.12 is noted in report timestamp show less	Hacking Brute-Force

Showing 181 to 195 of 383 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2602:80d:1007::27

🇨🇳 116.169.58.202

🇨🇳 115.190.126.161

🇻🇳 103.200.25.198

🇩🇪 213.209.159.236

🇩🇿 197.140.18.248

🇳🇱 195.178.110.30

🇳🇱 195.178.110.3

🇮🇳 103.91.246.73

🇭🇰 94.74.106.57

🇳🇱 89.248.167.131

🇺🇸 66.132.172.250

🇳🇱 31.14.32.6

🇧🇷 205.210.31.144

🇩🇪 193.124.20.233

🇮🇩 180.247.58.175

🇫🇷 173.212.228.191

🇵🇰 153.117.15.73

🇭🇰 152.32.213.68

🇮🇹 151.95.83.235