JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a01:4f8:c013:bf96::1

2a01:4f8:c013:bf96::1 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 74%: ?

74%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a01:4f8:c013:bf96::1

Whois 2a01:4f8:c013:bf96::1

IP Abuse Reports for 2a01:4f8:c013:bf96::1:

This IP address has been reported a total of 27 times from 12 distinct sources. 2a01:4f8:c013:bf96::1 was first reported on June 15th 2026, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-16 05:15:15 (9 hours ago)	3 attacks on env grabbing URLs: GET /project/.env HTTP/1.1	Hacking
🇺🇸 TPI-Abuse	2026-06-15 20:17:00 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 16:16:56.455766 2026] [security2:error] [pid 14014:tid 14014] [client 2a01:4f8:c013:bf96::1:50312] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lenorasflowers.com"] [uri "/.env"] [unique_id "ajBduD30u5vnhWKpqIQtvwAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 20:01:10 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 16:01:04.281647 2026] [security2:error] [pid 12861:tid 12861] [client 2a01:4f8:c013:bf96::1:48944] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gevieworld.com"] [uri "/project/.env"] [unique_id "ajBaAI4-0uiZY--GEk8QLgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-15 19:23:47 (19 hours ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇫🇷 dynamix	2026-06-15 19:13:05 (19 hours ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 18:52:50 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:52:45.958688 2026] [security2:error] [pid 16110:tid 16110] [client 2a01:4f8:c013:bf96::1:59400] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thedoodlists.com"] [uri "/project/.env"] [unique_id "ajBJ_YMkcAU_FvykjcvZeQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-15 18:36:59 (19 hours ago)	2.073 requests with url.path *.env	Brute-Force Bad Web Bot
🇩🇪 gadix	2026-06-15 17:40:04 (20 hours ago)	[15/Jun/2026:19:40:03.471676 +0200] ajA482OcxMBrQb6i-va37wAAAJM 2a01:4f8:c013:bf96::1 56090 127.0.0. ... show more [15/Jun/2026:19:40:03.471676 +0200] ajA482OcxMBrQb6i-va37wAAAJM 2a01:4f8:c013:bf96::1 56090 127.0.0.1 7081 [15/Jun/2026:19:40:03.473760 +0200] ajA48ym9Nt2RiC58jXyM4QAAAEE 2a01:4f8:c013:bf96::1 56094 127.0.0.1 7081 [15/Jun/2026:19:40:03.475778 +0200] ajA48zcMiK65P9CW8VfGjgAAAD0 2a01:4f8:c013:bf96::1 56102 127.0.0.1 7081 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 17:33:56 (20 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:33:49.067947 2026] [security2:error] [pid 27856:tid 27856] [client 2a01:4f8:c013:bf96::1:55378] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thinkerblox.com"] [uri "/project/.env"] [unique_id "ajA3fQWe8cKiOjlEA2BTpAAAAGw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:28:17 (22 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:28:12.567230 2026] [security2:error] [pid 16215:tid 16215] [client 2a01:4f8:c013:bf96::1:46384] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "guardmagic.eu"] [uri "/.env"] [unique_id "ajAoHLQDkdco1DihkC4ktwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:03:20 (22 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:03:14.771834 2026] [security2:error] [pid 22301:tid 22357] [client 2a01:4f8:c013:bf96::1:57500] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arthansl.com"] [uri "/.env"] [unique_id "ajAiQjDwUZfOhjHbTyNbIgAAAJY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 15:27:03 (23 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c013:bf96::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 11:26:55.598855 2026] [security2:error] [pid 16979:tid 16979] [client 2a01:4f8:c013:bf96::1:47168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chatari.com"] [uri "/.env"] [unique_id "ajAZvyxLgWza0i99ahLgoAAAAD0"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-15 15:21:16 (23 hours ago)	[MonJun1517:21:14.1921462026][security2:error][pid3821666:tid3821844][client2a01:4f8:c013:bf96::1:0] ... show more [MonJun1517:21:14.1921462026][security2:error][pid3821666:tid3821844][client2a01:4f8:c013:bf96::1:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"salonesamire.ch\"][uri\"/.env\"][unique_id\"ajAYahMODPWRFv7BZQe_nQAAAEk\"] show less	Hacking Web App Attack
🇩🇪 XICTRON	2026-06-15 14:35:04 (23 hours ago)	ModSecurity rule violation detected by Fail2Ban	Web App Attack
🇦🇺 2000cn.com.au	2026-06-15 14:30:19 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.242.226.19

🇬🇧 167.172.50.114

🇮🇷 151.233.53.255

🇦🇫 149.54.62.54

🇺🇸 72.240.125.133

🇺🇸 38.34.175.18

🇺🇸 35.245.83.186

🇫🇷 2a10:4646:190::af4f:1a36

🇨🇳 210.13.99.66

🇧🇪 198.235.24.135

🇭🇰 165.154.41.205

🇻🇳 103.118.28.17

🇺🇸 73.151.73.36

🇬🇧 51.195.241.226

🇺🇸 38.135.24.225

🇺🇸 38.34.175.19

🇨🇳 27.25.68.16

🇺🇸 195.184.76.113

🇹🇷 178.245.200.165

🇫🇮 147.185.133.6