This IP was reported 62 times. Confidence of
Abuse
is 100%: ?
100%
Important Note: Public IPv6 addresses may implement the SLAAC
privacy extension. With this, the interface identifier is randomly generated. The SLAAC
privacy extension also implements a time out, which is configurable, so that the IPv6
interface addresses will be discarded and a new interface identifier is generated.
This IP address has been reported a total of
62
times from
36 distinct
sources.
2001:41d0:602:2606::1 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Triggered Cloudflare WAF (firewallCustom) from PL.
Action taken: CHALLENGE
Protocol: HTTP/1.1 (GET m ...
show moreTriggered Cloudflare WAF (firewallCustom) from PL.
Action taken: CHALLENGE
Protocol: HTTP/1.1 (GET method)
Endpoint: /backend/.env
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
[TueJun0209:20:06.3198142026][security2:error][pid3987591:tid3987620][client2001:41d0:602:2606::1:0] ...
show more[TueJun0209:20:06.3198142026][security2:error][pid3987591:tid3987620][client2001:41d0:602:2606::1:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"asw-sa.com\"][uri\"/member/.env\"][unique_id\"ah6EJpnwBAxCBOlNz8HEywAAAAg\"]
show less
CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 2001:41d0:602:2606::1 (Unknown ...
show moreCSF Auto Report: (mod_security) mod_security (id:949110) triggered by 2001:41d0:602:2606::1 (Unknown): 5 in the last 3600 secs
show less
Brute-Force
Web App Attack
Anonymous
2001:41d0:602:2606::1 - - [02/Jun/2026:03:37:26 +0000] "GET /app/.env HTTP/1.1" 404 19667 "-" "Mozil ...
show more2001:41d0:602:2606::1 - - [02/Jun/2026:03:37:26 +0000] "GET /app/.env HTTP/1.1" 404 19667 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
...
show less
Honeypot triggered on tcpdata.com - Attempted to access /admin/.env (config_file_probe). User-Agent: ...
show moreHoneypot triggered on tcpdata.com - Attempted to access /admin/.env (config_file_probe). User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
show less
[TueJun0203:00:42.3952562026][security2:error][pid3375700:tid3376267][client2001:41d0:602:2606::1:0] ...
show more[TueJun0203:00:42.3952562026][security2:error][pid3375700:tid3376267][client2001:41d0:602:2606::1:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"4-server.com\"][uri\"/backend/.env\"][unique_id\"ah4rOm97QDyyDVTKvYLXwwAAANI\"]
show less
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-31.
show less