JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:41d0:602:2606::1

2001:41d0:602:2606::1 was found in our database!

This IP was reported 62 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	OVH Sp. z o. o.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16276
Domain Name	ovh.net
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:41d0:602:2606::1

Whois 2001:41d0:602:2606::1

IP Abuse Reports for 2001:41d0:602:2606::1:

This IP address has been reported a total of 62 times from 36 distinct sources. 2001:41d0:602:2606::1 was first reported on February 28th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-31 20:19:04 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 16:18:57.340699 2026] [security2:error] [pid 11052:tid 11052] [client 2001:41d0:602:2606::1:53524] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "innatmichaellynns.com"] [uri "/app/.env"] [unique_id "ahyXseu1psMvt5w-trK0rAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 interbiznw.com	2026-05-31 19:43:42 (4 days ago)	malicious-web-requests-vulnerability-scanning	Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 19:19:33 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 15:19:27.385629 2026] [security2:error] [pid 1634:tid 1634] [client 2001:41d0:602:2606::1:41244] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "riocanoas.com"] [uri "/backend/.env"] [unique_id "ahyJv1NHI2lQApeI9UxQ8gAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 IloGus	2026-05-31 19:00:13 (4 days ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 18:08:45 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 14:08:38.365801 2026] [security2:error] [pid 24863:tid 24863] [client 2001:41d0:602:2606::1:55506] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kaplankrew.com"] [uri "/.env"] [unique_id "ahx5JiTN9nSAzXqThZHBlAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-05-31 17:45:07 (4 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-31 17:13:56 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 13:13:48.635038 2026] [security2:error] [pid 3029:tid 3029] [client 2001:41d0:602:2606::1:44090] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dwipapuri-abadi.com"] [uri "/app/.env"] [unique_id "ahxsTIL3cpvHW5kXMgfqfQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 16:37:26 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 12:37:22.214586 2026] [security2:error] [pid 27375:tid 27375] [client 2001:41d0:602:2606::1:43422] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lbee.com"] [uri "/.env"] [unique_id "ahxjwhbIuZvkiMcOwN1J_AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 Anytech	2026-05-31 16:11:05 (4 days ago)	Blocked by Conn-Monitor: Web scanning activity	Hacking Web App Attack
🇨🇭 4server	2026-05-31 15:10:14 (4 days ago)	[SunMay3117:10:07.2544492026][security2:error][pid4176997:tid4177524][client2001:41d0:602:2606::1:0] ... show more [SunMay3117:10:07.2544492026][security2:error][pid4176997:tid4177524][client2001:41d0:602:2606::1:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"aid-web.com\"][uri\"/bank/.env\"][unique_id\"ahxPTxh3vjIlXqXQyo6qkgAAANI\"] show less	Hacking Web App Attack
🇺🇸 WizardsToolkit	2026-05-31 15:04:57 (4 days ago)	attempted to access /app/.env	Web App Attack
🇩🇪 Ba-Yu	2026-05-31 15:00:38 (4 days ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 14:40:55 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 10:40:48.171294 2026] [security2:error] [pid 13297:tid 13297] [client 2001:41d0:602:2606::1:53868] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "emhelectric.com"] [uri "/.env"] [unique_id "ahxIcJzzvwKzkzSnLuVdYwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 14:01:43 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2001:41d0:602:2606::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 10:01:38.919812 2026] [security2:error] [pid 21468:tid 21468] [client 2001:41d0:602:2606::1:39570] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "todosconlaura.com"] [uri "/member/.env"] [unique_id "ahw_QoXOaiBCArImu7H6kAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-05-31 13:42:33 (4 days ago)	Multiple WAF Violations	Web App Attack

Showing 31 to 45 of 62 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 172.253.84.209

🇹🇭 147.50.227.79

🇨🇳 117.50.51.119

🇨🇳 110.249.201.91

🇬🇧 35.203.210.3

🇩🇪 213.209.159.235

🇸🇪 194.132.61.61

🇺🇸 192.250.227.24

🇳🇱 185.223.235.24

🇮🇳 182.95.230.150

🇺🇸 173.9.9.142

🇩🇪 158.173.154.150

🇨🇳 111.1.110.49

🇨🇳 110.249.201.80

🇺🇸 35.146.99.144

🇳🇱 5.61.209.33

🇮🇹 2.57.170.146

🇬🇹 190.148.107.110

🇫🇮 147.185.133.216

🇨🇳 110.249.201.75