JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:fb54:1200::116

2602:fb54:1200::116 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 59%: ?

59%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206216
Domain Name	advinservers.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:fb54:1200::116

Whois 2602:fb54:1200::116

IP Abuse Reports for 2602:fb54:1200::116:

This IP address has been reported a total of 16 times from 9 distinct sources. 2602:fb54:1200::116 was first reported on June 22nd 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 e.fierstra	2026-06-26 05:00:21 (11 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 01:45:21 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 21:45:13.840273 2026] [security2:error] [pid 6404:tid 6404] [client 2602:fb54:1200::116:39522] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kcloot.com.topgunsecurityservice.com"] [uri "/.git/HEAD"] [unique_id "aj3ZqUsr_G9f2z2Lz5SufAAAAAU"], referer: https://www.google.com/search?q=kcloot.com.topgunsecurityservice.com show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-06-26 01:34:00 (15 hours ago)	(modsecurity) srv104 ModSecurity 2602:fb54:1200::116 (US/United States/-): 10 in the last 3600 secs; ... show more (modsecurity) srv104 ModSecurity 2602:fb54:1200::116 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 04:30:30 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 00:30:24.700019 2026] [security2:error] [pid 12865:tid 12865] [client 2602:fb54:1200::116:23746] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mnice.help"] [uri "/wp-config.php"] [unique_id "ajtdYCFpbjcAzxvMnE9tXQAAADU"], referer: https://www.google.com/search?q=mnice.help show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 04:11:31 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 00:11:24.624491 2026] [security2:error] [pid 10877:tid 10877] [client 2602:fb54:1200::116:9090] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.carpentriesoffline.org.jannetta.com"] [uri "/.env"] [unique_id "ajtY7Le7S4Kva1q7-U7XkAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 03:27:22 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 23:27:16.037076 2026] [security2:error] [pid 24139:tid 24197] [client 2602:fb54:1200::116:50130] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "onernet.com"] [uri "/wp-config.php"] [unique_id "ajtOlDk2CkLrFM_dW-B_jwAAAdM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 as211431.net	2026-06-24 01:16:52 (2 days ago)	Triggered Cloudflare WAF (linkMaze) from US. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (GE ... show more Triggered Cloudflare WAF (linkMaze) from US. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-23 22:19:23 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 18:19:07.365351 2026] [security2:error] [pid 29885:tid 29885] [client 2602:fb54:1200::116:2520] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "claireashtontherapy.com"] [uri "/.git/config"] [unique_id "ajsGW6U0akMGG8R9FwpClAAAAAM"], referer: https://www.google.com/search?q=claireashtontherapy.com show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-23 22:00:59 (2 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-22. show less	Web App Attack SSH Hacking
🇺🇸 interbiznw.com	2026-06-23 21:58:23 (2 days ago)	malicious-web-requests-vulnerability-scanning	Hacking Brute-Force Exploited Host Web App Attack
🇧🇪 cmbplf	2026-06-23 20:06:42 (2 days ago)	143 requests with url.path *config.json	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-23 19:42:22 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 15:42:19.260921 2026] [security2:error] [pid 17374:tid 17374] [client 2602:fb54:1200::116:15852] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nordicbuilders.net"] [uri "/.env"] [unique_id "ajrhm2bl3WfOAwsq5ARMvwAAAAo"], referer: https://www.google.com/search?q=nordicbuilders.net show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 18:59:01 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1200::116 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 14:58:54.108945 2026] [security2:error] [pid 19522:tid 19522] [client 2602:fb54:1200::116:21504] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raeesa.org"] [uri "/wp-config.php"] [unique_id "ajrXbrSHFovXjRCcWOwtpQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 ParaBug	2026-06-23 18:31:56 (2 days ago)	2602:fb54:1200::116 - - [23/Jun/2026:20:31:56 +0200] "HEAD /.env.local HTTP/1.1" 401 4220 "-" "Mozil ... show more 2602:fb54:1200::116 - - [23/Jun/2026:20:31:56 +0200] "HEAD /.env.local HTTP/1.1" 401 4220 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com/bot)" ... show less	Phishing Brute-Force Web App Attack
🇮🇹 VHosting	2026-06-23 03:45:08 (3 days ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 221.161.235.168

🇺🇸 2607:f8b0:4004:1002::123

🇺🇸 172.171.233.230

🇸🇬 168.144.45.211

🇨🇳 123.145.1.158

🇵🇰 119.73.23.54

🇻🇳 103.60.242.169

🇳🇱 91.92.40.240

🇨🇦 85.217.149.33

🇺🇸 71.6.134.233

🇵🇦 2620:171:c6:f001:9999::240

🇺🇸 147.185.132.18

🇺🇸 107.150.105.116

🇨🇳 101.67.138.224

🇩🇪 77.110.107.31

🇺🇸 76.79.213.69

🇺🇸 64.251.149.81

🇺🇸 44.116.0.33

🇯🇵 43.165.180.54

🇹🇭 147.50.103.212