JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.30.37.25

212.30.37.25 was found in our database!

This IP was reported 238 times. Confidence of Abuse is 70%: ?

70%

ISP	M Nets SAL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS137409
Domain Name	mnets.net
Country	🇳🇱 Netherlands
City	Rotterdam, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.30.37.25

Whois 212.30.37.25

IP Abuse Reports for 212.30.37.25:

This IP address has been reported a total of 238 times from 80 distinct sources. 212.30.37.25 was first reported on April 2nd 2022, and the most recent report was 14 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Penny Packer	2025-11-28 08:18:44 (6 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇬🇧 BoredBroadcast	2025-11-24 23:50:03 (6 months ago)	VPN brute force: 17 failed auth attempts on 2025-11-24. Automated botnet pattern.	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-11-22 02:07:34 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 21 21:07:27.249309 2025] [security2:error] [pid 30275:tid 30275] [client 212.30.37.25:52789] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|doubloonswap.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "doubloonswap.com"] [uri "/mysql.sql"] [unique_id "aSEa3xfsMKOLgeaFB2uPVgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 16:58:06 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 11:58:03.686666 2025] [security2:error] [pid 8398:tid 8451] [client 212.30.37.25:61793] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.fishrapper.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fishrapper.com"] [uri "/restore/www.sql"] [unique_id "aRYOG0yEYhQEfhHiJyHQ3gAAAEs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-11-07 16:15:51 (6 months ago)	Fail2Ban apache-tripwires	Web App Attack
Anonymous	2025-11-02 19:15:16 (7 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2025-10-30 19:10:23 (7 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
🇺🇸 TPI-Abuse	2025-10-28 15:00:44 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 11:00:40.082440 2025] [security2:error] [pid 14649:tid 14649] [client 212.30.37.25:31125] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.pcga.golf\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pcga.golf"] [uri "/backup/backup.sql"] [unique_id "aQDamApUkVTGz1EeoJzktwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-25 04:15:15 (7 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2025-10-22 04:10:18 (7 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
🇺🇸 TPI-Abuse	2025-10-17 22:54:15 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 17 18:54:07.027525 2025] [security2:error] [pid 13165:tid 13172] [client 212.30.37.25:47755] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nobletitles.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nobletitles.org"] [uri "/old/mysql.sql"] [unique_id "aPLJD18qV8G30v2T3kJ_zgAAAMM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-15 22:57:34 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 15 18:57:28.882771 2025] [security2:error] [pid 26638:tid 26638] [client 212.30.37.25:34109] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ilandman.com"] [uri "/backup/sftp-config.json"] [unique_id "aPAm2N9Edq1NG7qUMp_tCwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2025-10-15 20:34:05 (7 months ago)	2.200 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇦🇺 screwlooseit.com.au	2025-10-14 12:11:57 (7 months ago)	Blocked by CSF 13 firewall - Rule: XMLRPC LB/Lebanon/-	Web App Attack
🇹🇷 rtbh.com.tr	2025-10-11 20:09:18 (7 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force

Showing 106 to 120 of 238 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 2804:30f8:229:c400:e07d:cabc:10d3:ff77

🇺🇸 185.180.141.10

🇲🇽 177.229.209.2

🇺🇸 82.26.162.39

🇺🇸 64.62.197.157

🇺🇸 45.79.207.13

🇿🇼 197.221.232.44

🇺🇸 195.184.76.12

🇸🇬 193.37.32.43

🇯🇵 172.105.218.179

🇺🇸 143.110.141.191

🇸🇬 129.226.95.93

🇮🇳 98.70.48.241

🇺🇸 3.131.24.55

🇺🇸 216.133.145.160

🇧🇷 187.8.120.90

🇺🇸 185.180.141.8

🇬🇧 165.232.104.200

🇺🇸 143.59.90.82

🇻🇺 138.226.239.10