JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 82.118.30.27

82.118.30.27 was found in our database!

This IP was reported 200 times. Confidence of Abuse is 44%: ?

44%

ISP	Sheimo Scorpion Data AB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	scorpiondata.com
Country	🇨🇿 Czechia
City	Prague, Prague

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 82.118.30.27

Whois 82.118.30.27

IP Abuse Reports for 82.118.30.27:

This IP address has been reported a total of 200 times from 53 distinct sources. 82.118.30.27 was first reported on February 7th 2022, and the most recent report was 40 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 IRISIO	2026-06-08 10:15:43 (40 minutes ago)	scans/SQL injection/spam posts : 285 queries	Web App Attack SQL Injection
🇫🇷 IRISIO	2026-06-08 08:02:18 (2 hours ago)	scans/SQL injection/spam posts : 228 queries	Web App Attack SQL Injection
🇺🇸 TPI-Abuse	2026-05-28 05:19:52 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 01:19:47.145850 2026] [security2:error] [pid 23536:tid 23536] [client 82.118.30.27:37025] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arzoma.com"] [uri "/.env.dev"] [unique_id "ahfQc2IPS-NIU4IJgXR2PQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 17:16:35 (1 week ago)	(mod_security) mod_security (id:949110) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:949110) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 13:16:27.762674 2026] [security2:error] [pid 8094:tid 8094] [client 82.118.30.27:38829] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "experimentalscene.com"] [uri "/.env.development"] [unique_id "ahSD65aNSJsfaotlY_y6fwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-05-25 17:10:17 (1 week ago)	[Tue May 26 03:10:17.002124 2026] [security2:error] [pid 151039] [client 82.118.30.27:65161] [client ... show more [Tue May 26 03:10:17.002124 2026] [security2:error] [pid 151039] [client 82.118.30.27:65161] [client 82.118.30.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "balcomberetreat.com.au"] [uri "/backend/.env"] [unique_id "ahSCeFOiO7J3sOtJU92aVwAAAAQ"] ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 16:53:26 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 12:53:17.841021 2026] [security2:error] [pid 13028:tid 13028] [client 82.118.30.27:64309] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "keystroke.info"] [uri "/.env.staging"] [unique_id "ahR-fcXdILO0FYAA9OKyRQAAADE"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-05-25 13:20:46 (1 week ago)	[Mon May 25 23:20:44.956578 2026] [security2:error] [pid 128350] [client 82.118.30.27:28867] [client ... show more [Mon May 25 23:20:44.956578 2026] [security2:error] [pid 128350] [client 82.118.30.27:28867] [client 82.118.30.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "shotbysuzanne.com.au"] [uri "/.env.old"] [unique_id "ahRMrFTPQ3DwYDwd9GJGAAAAAAQ"] ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 12:12:06 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 08:11:57.223545 2026] [security2:error] [pid 3043:tid 3043] [client 82.118.30.27:26363] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ficklepassionproductions.com"] [uri "/.env.example"] [unique_id "ahQ8jTlC6Pl1Yxj49gh2hgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 11:56:50 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 07:56:40.179264 2026] [security2:error] [pid 12515:tid 12515] [client 82.118.30.27:20921] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pa-ksa.com"] [uri "/.env.example"] [unique_id "ahQ4-OEs8pbiAQQV28cflwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-05-25 09:42:47 (2 weeks ago)	[Mon May 25 19:42:45.808992 2026] [security2:error] [pid 106607] [client 82.118.30.27:38141] [client ... show more [Mon May 25 19:42:45.808992 2026] [security2:error] [pid 106607] [client 82.118.30.27:38141] [client 82.118.30.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "valueaddedpromotions.com.au"] [uri "/.env.production"] [unique_id "ahQZlWJfoIKQuiorO2OSRwAAACY"] ... show less	Web App Attack
🇬🇧 consul.to	2026-05-25 09:42:11 (2 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 FeG Deutschland	2026-05-14 17:26:10 (3 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 27	Exploited Host Web App Attack
🇩🇪 raph	2026-05-11 15:13:58 (3 weeks ago)	[SQL INJECTION] f2b match %{+Q}r for ^.haproxy\[[0-9]+\]: <HOST>:. (GET \|POST ).\?.(%20AND%20\|%2 ... show more [SQL INJECTION] f2b match %{+Q}r for ^.haproxy\[[0-9]+\]: <HOST>:. (GET \|POST ).\?.(%20AND%20\|%20and%20\|%20OR%20\|%20or%20).* HTTP/1.1$ show less	SQL Injection
🇫🇮 YF	2026-05-08 12:12:50 (4 weeks ago)	Attaque distribuée subnet	DDoS Attack Web App Attack
🇩🇪 ghostwarriors	2026-05-06 14:23:45 (1 month ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 200 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 172.253.229.216

🇭🇰 165.154.20.228

🇰🇷 121.167.146.157

🇺🇸 100.49.117.77

🇸🇬 47.128.123.193

🇱🇹 45.84.205.131

🇲🇽 189.197.20.80

🇺🇸 137.184.5.188

🇺🇸 104.222.45.147

🇳🇬 102.91.77.92

🇺🇸 96.78.175.41

🇧🇷 45.205.1.244

🇭🇰 45.142.154.87

🇸🇬 45.78.194.186

🇺🇸 43.162.99.8

🇺🇸 35.231.228.225

🇮🇳 2a02:4780:11:1975:0:1110:c271:1

🇬🇧 185.61.153.105

🇺🇸 107.150.103.210

🇺🇸 65.49.1.21