JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2801:80:3ea0:ccde::3a4

2801:80:3ea0:ccde::3a4 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 46%: ?

46%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	MAGAZINE LUIZA S/A
Usage Type	Data Center/Web Hosting/Transit
ASN	AS272432
Domain Name	magazineluiza.com.br
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2801:80:3ea0:ccde::3a4

Whois 2801:80:3ea0:ccde::3a4

IP Abuse Reports for 2801:80:3ea0:ccde::3a4:

This IP address has been reported a total of 12 times from 7 distinct sources. 2801:80:3ea0:ccde::3a4 was first reported on June 1st 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 factor1	2026-06-05 07:21:26 (2 days ago)	Fail2ban at saturn Reports Abuse.	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-05 05:15:07 (3 days ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-04 23:45:14 (3 days ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇺🇸 xmission.com	2026-06-04 16:09:25 (3 days ago)	2801:80:3ea0:ccde::3a4 - - [04/Jun/2026:10:09:25 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Moz ... show more 2801:80:3ea0:ccde::3a4 - - [04/Jun/2026:10:09:25 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇮 JimArchon72	2026-06-04 11:30:01 (3 days ago)	2026/06/04 11:29:58 "GET /wp-login.php HTTP/2.0"	Web App Attack
🇩🇪 LRob.fr	2026-06-04 09:15:03 (3 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 dbmwebdesign	2026-06-04 02:20:06 (4 days ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇺🇸 factor1	2026-06-04 02:08:14 (4 days ago)	Fail2ban at churndash Reports Abuse.	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-04 01:30:10 (4 days ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇨🇭 4server	2026-06-01 19:42:54 (6 days ago)	[MonJun0121:42:48.5069712026][security2:error][pid2190312:tid2190651][client2801:80:3ea0:ccde::3a4:0 ... show more [MonJun0121:42:48.5069712026][security2:error][pid2190312:tid2190651][client2801:80:3ea0:ccde::3a4:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"annunci-ticino.ch\"][uri\"/wp-login.php\"][unique_id\"ah3guK0Ol69-n2xw8CBD-AAAARA\"]\,referer:https://annunci-ticino.ch/wp-login.php show less	Hacking Web App Attack
🇩🇪 LRob.fr	2026-06-01 19:00:13 (6 days ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇩🇪 london2038.com	2026-06-01 15:51:06 (6 days ago)	Attacking WordPress 2801:80:3ea0:ccde::3a4 - - [01/Jun/2026:17:50:56 +0200] "POST /wp-login.php HTTP ... show more Attacking WordPress 2801:80:3ea0:ccde::3a4 - - [01/Jun/2026:17:50:56 +0200] "POST /wp-login.php HTTP/2.0" 503 19289 "https://<REDACTED>/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Brute-Force Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.230

🇲🇽 206.135.24.10

🇳🇱 176.65.139.41

🇩🇪 167.94.146.47

🇭🇰 154.92.16.141

🇵🇰 154.57.221.13

🇫🇮 80.223.198.246

🇹🇷 78.187.9.111

🇨🇳 61.191.145.123

🇧🇩 45.120.115.150

🇪🇬 41.37.152.131

🇮🇪 3.248.232.200

🇺🇸 2604:a880:400:d1:0:4:8c08:d001

🇵🇱 194.180.48.148

🇹🇷 185.223.77.200

🇧🇷 179.48.4.14

🇨🇳 117.81.212.152

🇨🇳 117.15.91.164

🇮🇹 91.80.168.29

🇺🇸 35.221.32.7