JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a01:4f8:171:37d6::2

2a01:4f8:171:37d6::2 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 3%: ?

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a01:4f8:171:37d6::2

Whois 2a01:4f8:171:37d6::2

IP Abuse Reports for 2a01:4f8:171:37d6::2:

This IP address has been reported a total of 45 times from 10 distinct sources. 2a01:4f8:171:37d6::2 was first reported on February 1st 2023, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 filstal.org	2026-06-03 04:36:02 (3 days ago)	CrowdSec: crowdsecurity/http-bad-user-agent	Bad Web Bot Hacking
🇳🇱 BlueWire Hosting	2026-03-30 16:09:01 (2 months ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-22 00:29:37 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 21 20:29:33.405460 2026] [security2:error] [pid 13701:tid 13701] [client 2a01:4f8:171:37d6::2:56138] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|efhgtc.org\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "efhgtc.org"] [uri "/[email protected]"] [unique_id "ab837Y62-DcwbW1_22yeDQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 LotPhantom	2026-03-08 19:28:09 (2 months ago)	2a01:4f8:171:37d6::2 - - [08/Mar/2026:19:27:12 +0000] "GET /services/technologies/nitrous-oxide HTTP ... show more 2a01:4f8:171:37d6::2 - - [08/Mar/2026:19:27:12 +0000] "GET /services/technologies/nitrous-oxide HTTP/1.1" 404 9 "-" "serpstatbot/2.1 (advanced backlink tracking bot; https://serpstatbot.com/; [email protected])" ... show less	Web App Attack
🇩🇪 filstal.org	2026-02-27 15:50:43 (3 months ago)	CrowdSec-Report: crowdsecurity/http-bad-user-agent	Hacking Web App Attack
🇳🇱 BlueWire Hosting	2026-02-27 13:19:59 (3 months ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇦🇺 2000cn.com.au	2026-02-21 08:14:33 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-15 03:06:23 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:06:17.694109 2026] [security2:error] [pid 1230688:tid 1230688] [client 2a01:4f8:171:37d6::2:52780] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|khaoula.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "khaoula.com"] [uri "/[email protected]"] [unique_id "aZE4KbVDMd_Ivs0BWCZNwQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 20:07:34 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 15:07:29.191261 2026] [security2:error] [pid 4243:tid 4357] [client 2a01:4f8:171:37d6::2:60750] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.fishrapper.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fishrapper.com"] [uri "/images/2020-fishing-link-hovers/debug.log"] [unique_id "aY-EgRey001y7StO6CZwfAAAAdM"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇬 securejdprop	2026-02-12 19:18:23 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent. Ip 2a01:4f8:171:37d6: ... show more This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent. Ip 2a01:4f8:171:37d6::2 performed 'crowdsecurity/http-bad-user-agent' (12 events over 11m38.147131423s) at 2026-02-12 19:18:20.717026456 +0000 UTC show less	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 00:44:59 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 19:44:54.733297 2026] [security2:error] [pid 15656:tid 15656] [client 2a01:4f8:171:37d6::2:49506] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.justinrudd.com\|F\|2"] [data ".bonpetsupply.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.justinrudd.com"] [uri "/www.bonpetsupply.com"] [unique_id "aYvRBtwwJYinJ2Tweh_gQgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 19:27:09 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 14:27:06.035746 2026] [security2:error] [pid 29311:tid 29311] [client 2a01:4f8:171:37d6::2:43534] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.bodybuildbid.com\|F\|2"] [data ".wnso.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.bodybuildbid.com"] [uri "/articles/muscle_building/www.WNSO.com"] [unique_id "aWviiulyl2wR9vsmY3CrFQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-08 06:38:01 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 01:37:56.750645 2025] [security2:error] [pid 25255:tid 25255] [client 2a01:4f8:171:37d6::2:43110] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.bodybuildbid.com\|F\|2"] [data ".granitestateopen.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.bodybuildbid.com"] [uri "/upcom/\\xc3\\xa9\\xc3\\xa9www.granitestateopen.com"] [unique_id "aQ7lRBeqoXteSmSu_1vaIwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 WeCloudit-Anti-Abuse	2025-11-05 20:30:08 (7 months ago)	WAF: Found blacklisted crawler 2- wsit	Email Spam Brute-Force
🇺🇸 TPI-Abuse	2025-09-15 06:00:49 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a01:4f8:171:37d6::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 15 02:00:40.484539 2025] [security2:error] [pid 8568:tid 8568] [client 2a01:4f8:171:37d6::2:43542] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|keystroke.info\|F\|2"] [data ".php.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "keystroke.info"] [uri "/LocalSettings.php.backup"] [unique_id "aMeriBWTheBqiAJR0GuQCgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 209.99.184.143

🇸🇮 176.65.134.20

🇨🇳 106.37.72.234

🇫🇷 92.205.232.88

🇺🇸 65.49.1.182

🇮🇳 49.43.241.11

🇪🇬 197.46.150.141

🇩🇪 194.164.193.194

🇨🇳 171.37.46.210

🇺🇸 167.71.146.2

🇨🇳 110.177.179.2

🇲🇦 105.76.183.33

🇷🇴 80.94.92.171

🇳🇱 64.89.162.15

🇸🇬 43.160.212.102

🇬🇧 31.14.254.15

🇩🇪 213.209.159.56

🇰🇭 175.100.83.86

🇮🇳 106.205.165.174

🇮🇳 103.104.53.245