JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:df7:5300:8::50d

2001:df7:5300:8::50d was found in our database!

This IP was reported 18 times. Confidence of Abuse is 49%: ?

49%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	PT Deneva
Usage Type	Data Center/Web Hosting/Transit
ASN	AS138115
Domain Name	deneva.co.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:df7:5300:8::50d

Whois 2001:df7:5300:8::50d

IP Abuse Reports for 2001:df7:5300:8::50d:

This IP address has been reported a total of 18 times from 12 distinct sources. 2001:df7:5300:8::50d was first reported on February 1st 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-16 05:14:27 (1 day ago)	2 attacks on env grabbing URLs: GET /shop/.env HTTP/1.1	Hacking
🇺🇸 TPI-Abuse	2026-06-15 19:38:59 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:38:53.549757 2026] [security2:error] [pid 9098:tid 9098] [client 2001:df7:5300:8::50d:44098] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seacorre.de"] [uri "/database/.env"] [unique_id "ajBUzXEmaBeulTjwFXld_QAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:20:42 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:20:33.416515 2026] [security2:error] [pid 1971:tid 1971] [client 2001:df7:5300:8::50d:39444] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "watongalodging.com"] [uri "/api/.env"] [unique_id "ajBQgW_NJXrxSp3PtYDOegAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 XICTRON	2026-06-15 18:45:05 (1 day ago)	ModSecurity rule violation detected by Fail2Ban	Web App Attack
🇳🇱 e.fierstra	2026-06-15 15:58:02 (1 day ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 14:52:28 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 10:52:21.277159 2026] [security2:error] [pid 18109:tid 18109] [client 2001:df7:5300:8::50d:49440] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jimrichardart.com"] [uri "/.env"] [unique_id "ajARpalYW07E8DnXQ7peswAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 14:12:36 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 10:12:31.755195 2026] [security2:error] [pid 27445:tid 27445] [client 2001:df7:5300:8::50d:55288] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trapper.biz"] [uri "/.env"] [unique_id "ajAIT47wqu_sLKlGm1XKrgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-15 12:03:04 (1 day ago)	[MonJun1514:02:59.9932302026][security2:error][pid72775:tid72921][client2001:df7:5300:8::50d:0]ModSe ... show more [MonJun1514:02:59.9932302026][security2:error][pid72775:tid72921][client2001:df7:5300:8::50d:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"dellafoglia.ch\"][uri\"/app/.env\"][unique_id\"ai_p82YCS0F6nEsfSecEEQAAAQI\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 10:12:35 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 06:12:22.131073 2026] [security2:error] [pid 15782:tid 15794] [client 2001:df7:5300:8::50d:51942] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aspencommission.com"] [uri "/app/.env"] [unique_id "ai_QBk-Lyux1us1_re3S-QAAAIk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 09:44:19 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:949110) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 05:44:14.142395 2026] [security2:error] [pid 22095:tid 22095] [client 2001:df7:5300:8::50d:52562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jadabellportfolio.com"] [uri "/api/.env"] [unique_id "ai_Jbjhh7eITnDFSPBI7lAAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 09:06:47 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:df7:5300:8::50d (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 05:06:38.550666 2026] [security2:error] [pid 14114:tid 14114] [client 2001:df7:5300:8::50d:56936] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "register-yacht-spain.com"] [uri "/.env"] [unique_id "ai_AngirRDlO7XPYNo39wgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-06-15 09:02:43 (2 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇫🇷 Baking333	2026-06-15 08:47:45 (2 days ago)	[redacted] 2001:df7:5300:8::50d - - [15/Jun/2026:09:47:44 +0100] "GET /.env HTTP/1.1" 302 5288 0/478 ... show more [redacted] 2001:df7:5300:8::50d - - [15/Jun/2026:09:47:44 +0100] "GET /.env HTTP/1.1" 302 5288 0/47883 "http://[redacted]/.env" "Go-http-client/1.1" [redacted] 2001:df7:5300:8::50d - - [15/Jun/2026:09:47:44 +0100] "GET / HTTP/1.1" 200 9562 0/82398 "https://[redacted]/.env" "Go-http-client/1.1" show less	Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-02-07 19:51:58 (4 months ago)	SSH abuse or brute-force attack detected by Fail2Ban in ssh jail	Brute-Force SSH
🇧🇪 madeit	2026-02-07 19:42:41 (4 months ago)		Brute-Force SSH

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.84.100.238

🇳🇱 193.176.31.254

🇷🇺 185.70.130.143

🇸🇪 171.25.158.47

🇮🇳 103.145.55.184

🇮🇳 103.145.55.182

🇮🇳 103.21.53.146

🇺🇸 100.29.192.44

🇬🇧 87.236.176.71

🇨🇦 69.49.112.72

🇸🇬 43.172.198.149

🇺🇦 37.221.145.52

🇺🇸 23.144.132.6

🇨🇳 14.103.115.25

🇺🇸 216.180.246.114

🇺🇸 216.25.89.142

🇩🇪 192.109.200.145

🇦🇷 190.244.39.224

🇮🇹 185.15.171.102

🇷🇺 178.209.88.166