JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 82.118.30.31

82.118.30.31 was found in our database!

This IP was reported 214 times. Confidence of Abuse is 37%: ?

37%

ISP	Sheimo Scorpion Data AB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	scorpiondata.com
Country	🇨🇿 Czechia
City	Prague, Prague

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 82.118.30.31

Whois 82.118.30.31

IP Abuse Reports for 82.118.30.31:

This IP address has been reported a total of 214 times from 61 distinct sources. 82.118.30.31 was first reported on February 14th 2022, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 SilverZippo	2026-06-30 14:50:37 (4 hours ago)	Web App Attack	Web App Attack
🇯🇵 demonsword	2026-06-30 09:43:21 (9 hours ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.expressapisv2.net:443 show less	Open Proxy Port Scan
🇫🇷 IRISIO	2026-06-08 10:15:49 (3 weeks ago)	scans/SQL injection/spam posts : 146 queries	Web App Attack SQL Injection
🇺🇸 threatintelligence_bvc	2026-05-30 04:18:54 (1 month ago)		Brute-Force
🇺🇸 TPI-Abuse	2026-05-28 01:34:21 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 21:34:13.241861 2026] [security2:error] [pid 28026:tid 28026] [client 82.118.30.31:21481] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scermak.com"] [uri "/.env.development"] [unique_id "aheblazcqdQOUZ8KsCBMKAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 19:58:25 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 15:58:21.262055 2026] [security2:error] [pid 20139:tid 20139] [client 82.118.30.31:47775] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thevenicecafe.com"] [uri "/.env.prod"] [unique_id "ahSp3banXhombtkLH6eGNAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 17:40:37 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 13:40:32.331278 2026] [security2:error] [pid 10993:tid 10993] [client 82.118.30.31:40611] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "auditleverage.com"] [uri "/app/.env"] [unique_id "ahSJkMjisCyPhYOrC14C1QAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 14:58:55 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 10:58:51.229633 2026] [security2:error] [pid 13483:tid 13483] [client 82.118.30.31:49391] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yerevanpress.am"] [uri "/.env"] [unique_id "ahRjqx9Qo2i_weMlUBipkgAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-05-25 13:57:24 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 11:56:34 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 07:56:27.911562 2026] [security2:error] [pid 14666:tid 14666] [client 82.118.30.31:42815] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pa-ksa.com"] [uri "/.env"] [unique_id "ahQ465KLIVjCBfgQ7cefSAAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 chronos	2026-05-25 10:09:43 (1 month ago)	[AUTORAVALT][[25/05/2026 - 07:09:43 -03:00 UTC] Attack from [82.118.30.31] Action: BLocKed Hacking. ... show more [AUTORAVALT][[25/05/2026 - 07:09:43 -03:00 UTC] Attack from [82.118.30.31] Action: BLocKed Hacking... Unauthorized attempts to access the server. Web App Attack -> Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software plugins/solutions. ] ... show less	Hacking Web App Attack
🇦🇺 paulshipley.com.au	2026-05-25 09:42:49 (1 month ago)	[Mon May 25 19:42:49.327589 2026] [security2:error] [pid 106595] [client 82.118.30.31:55267] [client ... show more [Mon May 25 19:42:49.327589 2026] [security2:error] [pid 106595] [client 82.118.30.31:55267] [client 82.118.30.31] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "valueaddedpromotions.com.au"] [uri "/.env.staging"] [unique_id "ahQZmR65FZsw7tMQ3vaWRwAAABY"] ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 08:55:31 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.118.30.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 04:55:21.125314 2026] [security2:error] [pid 1828:tid 1828] [client 82.118.30.31:64377] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kennedysplace.com"] [uri "/.env.development"] [unique_id "ahQOeYmCTCFic7p3F2cA4gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 etu brutus	2026-05-14 15:40:54 (1 month ago)	82.118.30.31 has been banned for [WebApp Attack] ...	Hacking Bad Web Bot Web App Attack
🇩🇪 raph	2026-05-11 14:06:08 (1 month ago)	[SQL INJECTION] f2b match %{+Q}r for ^.haproxy\[[0-9]+\]: <HOST>:. (GET \|POST ).\?.(%20AND%20\|%2 ... show more [SQL INJECTION] f2b match %{+Q}r for ^.haproxy\[[0-9]+\]: <HOST>:. (GET \|POST ).\?.(%20AND%20\|%20and%20\|%20OR%20\|%20or%20).* HTTP/1.1$ show less	SQL Injection

Showing 1 to 15 of 214 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 154.16.44.73

🇸🇬 138.75.114.62

🇩🇪 87.106.47.28

🇨🇦 85.217.149.41

🇳🇱 20.71.254.235

🇹🇼 198.235.24.104

🇹🇼 198.235.24.94

🇲🇦 196.206.52.221

🇨🇳 180.184.43.90

🇬🇧 176.58.124.254

🇭🇰 119.246.15.94

🇰🇪 102.209.57.70

🇺🇸 100.28.153.226

🇺🇸 91.193.232.188

🇺🇸 24.30.46.44

🇰🇷 1.222.42.237

🇺🇸 2602:80d:1007::5b

🇺🇸 216.73.217.50

🇳🇱 195.178.110.227

🇳🇱 195.178.110.137