JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:fa59:10:c38::1

2602:fa59:10:c38::1 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RouterHosting LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14956
Domain Name	cloudzy.com
Country	🇺🇸 United States of America
City	Layton, Utah

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:fa59:10:c38::1

Whois 2602:fa59:10:c38::1

IP Abuse Reports for 2602:fa59:10:c38::1:

This IP address has been reported a total of 39 times from 20 distinct sources. 2602:fa59:10:c38::1 was first reported on June 26th 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-28 11:50:24 (4 hours ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 Viveronese	2026-06-28 11:38:33 (4 hours ago)	HTTP vulnerability scanning	Web App Attack
🇩🇪 Gwyneth Llewelyn	2026-06-28 11:09:16 (4 hours ago)	2026/06/28 12:07:15 [error] 1094874#1094874: 1745328 access forbidden by rule, client: 2602:fa59:10 ... show more 2026/06/28 12:07:15 [error] 1094874#1094874: 1745328 access forbidden by rule, client: 2602:fa59:10:c38::1, server: webapp.gwynethllewelyn.net, request: "GET /.env HTTP/1.1", host: "webapp.gwynethllewelyn.net" 2602:fa59:10:c38::1 - - [28/Jun/2026:12:07:15 +0100] "GET /.env HTTP/1.1" 403 2599 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" 2026/06/28 12:09:15 [error] 1094874#1094874: *1745668 access forbidden by rule, client: 2602:fa59:10:c38::1, server: webapp.gwynethllewelyn.net, request: "GET /private/.env HTTP/1.1", host: "webapp.gwynethllewelyn.net" show less	Brute-Force Web App Attack
🇳🇱 e.fierstra	2026-06-28 10:51:52 (5 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 08:26:03 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 04:25:54.151261 2026] [security2:error] [pid 12969:tid 12969] [client 2602:fa59:10:c38::1:38196] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "78cardsofthetarot-tarotmancy-tarot-cards-and-tarot-readings.com"] [uri "/.env"] [unique_id "akDakpck2_OwqXgSQIK5hAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 07:38:46 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 03:38:38.124518 2026] [security2:error] [pid 21748:tid 21748] [client 2602:fa59:10:c38::1:52346] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rcrgalicia.com"] [uri "/.env"] [unique_id "akDPfl4h6yaipoEYfK37aAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 strefapi_com	2026-06-28 07:36:52 (8 hours ago)	Brute-force, web ...	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 07:14:07 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 03:14:02.508433 2026] [security2:error] [pid 16528:tid 16528] [client 2602:fa59:10:c38::1:53424] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "r-390.com"] [uri "/.env"] [unique_id "akDJuj9Szli4WtKel_QNhAAAACU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-28 07:04:51 (8 hours ago)	[redacted] 2602:fa59:10:c38::1 - - [28/Jun/2026:08:04:34 +0100] "GET /.[redacted] HTTP/1.1" 302 6823 ... show more [redacted] 2602:fa59:10:c38::1 - - [28/Jun/2026:08:04:34 +0100] "GET /.[redacted] HTTP/1.1" 302 6823 0/85085 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" [redacted] 2602:fa59:10:c38::1 - - [28/Jun/2026:08:04:49 +0100] "GET /.[redacted] HTTP/1.1" 302 6823 0/100369 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 02:52:18 (13 hours ago)	(mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 22:52:12.468477 2026] [security2:error] [pid 20914:tid 20914] [client 2602:fa59:10:c38::1:59542] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "qualuedata.com"] [uri "/.env"] [unique_id "akCMXM0vbZ4AOFllJYRdWQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 stinpriza	2026-06-28 02:16:18 (13 hours ago)	Web App Attack	Web App Attack
🇺🇸 ipblock.com	2026-06-28 00:39:00 (15 hours ago)	IPBlock protected site ID [3192-af][s=02]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 00:37:09 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 20:36:59.880707 2026] [security2:error] [pid 27118:tid 27118] [client 2602:fa59:10:c38::1:40582] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "acquivest.net"] [uri "/.env"] [unique_id "akBsqyDSeQJ2klDp-klztAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-27 22:04:32 (17 hours ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-26. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-27 20:52:53 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fa59:10:c38::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 16:52:47.066457 2026] [security2:error] [pid 25926:tid 25926] [client 2602:fa59:10:c38::1:35802] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "agirlwithaguitar.com"] [uri "/.env"] [unique_id "akA4H5k0Bj7py2M3Bl_4BAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 165.154.255.63

🇬🇧 35.203.211.152

🇯🇵 34.97.204.53

🇭🇰 20.205.100.21

🇺🇸 2607:f8b0:4023:100f::124

🇸🇪 192.71.46.211

🇷🇺 178.178.222.53

🇧🇷 177.11.189.250

🇰🇪 102.206.113.139

🇨🇦 85.217.149.46

🇳🇱 45.156.87.147

🇩🇪 43.228.157.10

🇬🇭 41.139.5.210

🇺🇸 20.168.120.210

🇸🇬 8.222.225.103

🇨🇴 179.32.201.5

🇩🇪 167.94.146.49

🇺🇸 143.110.227.128

🇯🇵 124.155.125.131

🇯🇵 36.50.84.60