JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:fb54:1400::34

2602:fb54:1400::34 was found in our database!

This IP was reported 669 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	advinservers.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:fb54:1400::34

Whois 2602:fb54:1400::34

IP Abuse Reports for 2602:fb54:1400::34:

This IP address has been reported a total of 669 times from 215 distinct sources. 2602:fb54:1400::34 was first reported on May 5th 2026, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 LRNP	2026-06-21 08:17:06 (22 hours ago)	_:80 2602:fb54:1400::34 - - [21/Jun/2026:08:17:04 +0000] "GET /wp-content/debug.log HTTP/1.1" 404 11 ... show more _:80 2602:fb54:1400::34 - - [21/Jun/2026:08:17:04 +0000] "GET /wp-content/debug.log HTTP/1.1" 404 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" _:80 2602:fb54:1400::34 - - [21/Jun/2026:08:17:05 +0000] "GET /.env.backup HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" _:80 2602:fb54:1400::34 - - [21/Jun/2026:08:17:05 +0000] "GET /.env.bak HTTP/1.1" 404 181 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" _:80 2602:fb54:1400::34 - - [21/Jun/2026:08:17:05 +0000] "GET /.env.production HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" _:80 2602:fb54:1400::34 - - [21/Jun/2026:08:17:05 +0000] "GET /public/.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7 ... show less	Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-21 07:45:08 (23 hours ago)	[SunJun2109:45:01.6847072026][security2:error][pid3689668:tid3689910][client2602:fb54:1400::34:0]Mod ... show more [SunJun2109:45:01.6847072026][security2:error][pid3689668:tid3689910][client2602:fb54:1400::34:0]ModSecurity:Accessdeniedwithcode403$phase2$.Stringmatchwithin\".asa/.asax/.ascx/.backup/.bak/.bat/.cdx/.cer/.cfg/.cmd/.com/.config/.conf/.cs/.csproj/.csr/.dat/.db/.dbf/.dll/.dos/.htr/.htw/.ida/.idc/.idq/.inc/.ini/.key/.licx/.lnk/.log/.mdb/.old/.pass/.pdb/.pol/.printer/.pwd/.rdb/.resources/.resx/.sql/.swp/.sys/.vb/.vbs/.vbproj/.vsdisco/.webinfo/.xsx/\"atTX:extension.[file\"/etc/apache2/conf.d/modsec_rules/00_asl_zz_strict.conf\"][line\"91\"][id\"390716\"][rev\"2\"][msg\"Atomicorp.comWAFRules:URLfileextensionisrestrictedbypolicy\"][data\".log\"][severity\"ERROR\"][hostname\"distributori-sigarette-ticino.ch.cadvending.ch\"][uri\"/wp-content/debug.log\"][unique_id\"ajeWfQ_35M8c0Pu9M0ZKtAAAAEk\"] show less	Hacking Web App Attack
🇺🇸 Sling	2026-06-21 06:00:08 (1 day ago)	Automated detection: IP accessed 16 sensitive endpoints within 30s on spotify.slingexe.me. Paths: /w ... show more Automated detection: IP accessed 16 sensitive endpoints within 30s on spotify.slingexe.me. Paths: /wp-content/debug.log, /.env, /.env.backup, /.env.local, /.npmrc, /.env.bak, /config/production.json, /.yarnrc, /config/default.json, /credentials.json. UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0. show less	Web App Attack Bad Web Bot Hacking
🇦🇺 aranguren.org	2026-06-21 05:45:20 (1 day ago)	2602:fb54:1400::34 - - [21/Jun/2026:15:45:18 +1000] "GET /wp-content/debug.log HTTP/1.1" 404 985 "-" ... show more 2602:fb54:1400::34 - - [21/Jun/2026:15:45:18 +1000] "GET /wp-content/debug.log HTTP/1.1" 404 985 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0" 2602:fb54:1400::34 - - [21/Jun/2026:15:45:20 +1000] "GET /config.json HTTP/1.1" 404 985 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 2602:fb54:1400::34 - - [21/Jun/2026:15:45:20 +1000] "GET /google-services.json HTTP/1.1" 404 985 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 2602:fb54:1400::34 - - [21/Jun/2026:15:45:20 +1000] "GET /appsettings.Production.json HTTP/1.1" 404 985 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 2602:fb54:1400::34 - - [21/Jun/2026:15:45:20 +1000] "GET /google-credentials.json HTTP/1.1" 404 985 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147. ... show less	Bad Web Bot
🇩🇪 LRob.fr	2026-06-21 04:45:10 (1 day ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇺🇸 Rocky Mountain Bioengineering Symposium	2026-06-21 04:33:29 (1 day ago)	[Sat Jun 20 22:33:28.735522 2026] [authz_core:error] [pid 423540:tid 139814665872960] [client 2602:f ... show more [Sat Jun 20 22:33:28.735522 2026] [authz_core:error] [pid 423540:tid 139814665872960] [client 2602:fb54:1400::34:61502] AH01630: client denied by server configuration: /var/www/horde/config/credentials.json [Sat Jun 20 22:33:28.735620 2026] [authz_core:error] [pid 423804:tid 139815773251136] [client 2602:fb54:1400::34:61524] AH01630: client denied by server configuration: /var/www/horde/config/gcp.json [Sat Jun 20 22:33:28.752450 2026] [authz_core:error] [pid 423540:tid 139814791763520] [client 2602:fb54:1400::34:61518] AH01630: client denied by server configuration: /var/www/horde/config/gcp-credentials.json ... show less	Bad Web Bot
🇭🇺 kranem	2026-06-21 03:00:47 (1 day ago)	Triggered Cloudflare WAF from US. Action taken: BLOCK ASN: 22295 (Advin Services LLC) Protocol: HTTP ... show more Triggered Cloudflare WAF from US. Action taken: BLOCK ASN: 22295 (Advin Services LLC) Protocol: HTTP/1.1 (GET method) Endpoint: / Timestamp: 2026-06-21T01:33:38Z User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-21 01:24:46 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::34 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::34 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 21:24:36.461949 2026] [security2:error] [pid 7995:tid 7995] [client 2602:fb54:1400::34:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "goalsnet.net"] [uri "/api/.env"] [unique_id "ajc9VGp8v7so0OOXvBiGlwAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-20 23:26:18 (1 day ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-20 22:25:17 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 2602:fb54:1400::34 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2602:fb54:1400::34 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 18:25:11.131728 2026] [security2:error] [pid 19017:tid 19047] [client 2602:fb54:1400::34:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.raytbrown.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.raytbrown.com"] [uri "/wp-content/debug.log"] [unique_id "ajcTR7k3TQnADcgj_Ay3uAAAAFQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 albionfreemarket.com	2026-06-20 21:04:55 (1 day ago)	2026/06/20 21:04:54 [error] 270#270: 496161 limiting requests, excess: 12.658 by zone "limit_per_se ... show more 2026/06/20 21:04:54 [error] 270#270: 496161 limiting requests, excess: 12.658 by zone "limit_per_sec", client: 2602:fb54:1400::34, server: api.albionfreemarket.com, request: "GET /secrets/gcp-key.json HTTP/2.0", host: "api.albionfreemarket.com" 2026/06/20 21:04:54 [error] 270#270: 496161 limiting requests, excess: 12.658 by zone "limit_per_sec", client: 2602:fb54:1400::34, server: api.albionfreemarket.com, request: "GET /secrets/gcp-key.json HTTP/2.0", host: "api.albionfreemarket.com" 2026/06/20 21:04:54 [error] 270#270: 496161 limiting requests, excess: 12.652 by zone "limit_per_sec", client: 2602:fb54:1400::34, server: api.albionfreemarket.com, request: "GET /.config/gcloud/application_default_credentials.json HTTP/2.0", host: "api.albionfreemarket.com" 2026/06/20 21:04:54 [error] 270#270: *496161 limiting requests, excess: 12.652 by zone "limit_per_sec", client: 2602:fb54:1400::34, server: api.albionfreemarket.com, request: "GET /.config/gcloud/application_default_credentials.jso ... show less	Bad Web Bot
🇫🇷 Baking333	2026-06-20 20:31:38 (1 day ago)	[redacted] 2602:fb54:1400::34 - - [20/Jun/2026:21:31:35 +0100] "GET /wp-content/[redacted] HTTP/1.1" ... show more [redacted] 2602:fb54:1400::34 - - [20/Jun/2026:21:31:35 +0100] "GET /wp-content/[redacted] HTTP/1.1" 302 1549 0/78354 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0" [redacted] 2602:fb54:1400::34 - - [20/Jun/2026:21:31:37 +0100] "GET /.env HTTP/1.1" 302 1549 0/64716 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15" show less	Bad Web Bot Web App Attack
🇳🇱 Savvii	2026-06-20 15:43:43 (1 day ago)	20 attempts against mh-misbehave-ban on takeover-test	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-20 14:52:17 (1 day ago)	Multiple WAF Violations	Web App Attack
🇩🇪 4server	2026-06-20 12:48:36 (1 day ago)	[SatJun2014:48:33.0702922026][security2:error][pid3543778:tid3543799][client2602:fb54:1400::34:0]Mod ... show more [SatJun2014:48:33.0702922026][security2:error][pid3543778:tid3543799][client2602:fb54:1400::34:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"mail.sito-online.ch\"][uri\"/wp-content/debug.log\"][unique_id\"ajaMIVbCdbEcg1NhMLTGUAAAANI\"] show less	Port Scan Brute-Force Web App Attack

Showing 1 to 15 of 669 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 170.238.249.49

🇺🇸 159.223.173.157

🇨🇬 102.129.75.178

🇺🇸 62.164.242.62

🇧🇷 43.164.197.97

🇧🇪 34.79.110.83

🇬🇧 31.14.254.14

🇺🇸 206.232.5.168

🇲🇽 201.98.127.206

🇩🇪 165.154.138.57

🇮🇳 143.244.130.147

🇻🇳 113.172.18.58

🇮🇩 101.128.100.98

🇨🇦 85.217.149.22

🇨🇦 24.64.168.119

🇩🇪 212.30.36.220

🇺🇸 172.210.53.232

🇸🇪 157.22.19.238

🇯🇵 153.122.170.31

🇭🇰 118.193.34.5