JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a01:4f8:c015:2e98::1

2a01:4f8:c015:2e98::1 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 29%: ?

29%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a01:4f8:c015:2e98::1

Whois 2a01:4f8:c015:2e98::1

IP Abuse Reports for 2a01:4f8:c015:2e98::1:

This IP address has been reported a total of 7 times from 4 distinct sources. 2a01:4f8:c015:2e98::1 was first reported on June 15th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-16 05:15:22 (4 days ago)	6 attacks on env grabbing URLs: GET /api/.env HTTP/1.1	Hacking
🇺🇸 TPI-Abuse	2026-06-15 19:03:24 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c015:2e98::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c015:2e98::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:03:17.377030 2026] [security2:error] [pid 6645:tid 6645] [client 2a01:4f8:c015:2e98::1:40962] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ditchthediaper.com"] [uri "/.env"] [unique_id "ajBMdbrbRESZRe-cP1qMMAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-15 18:37:01 (4 days ago)	2.042 requests with url.path *.env	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-15 17:02:45 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c015:2e98::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c015:2e98::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:02:40.286351 2026] [security2:error] [pid 7181:tid 7181] [client 2a01:4f8:c015:2e98::1:60960] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "purelywhimsical.com"] [uri "/project/.env"] [unique_id "ajAwMAtSyYkvVbDJtWkwqAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:10:17 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c015:2e98::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c015:2e98::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:10:11.611713 2026] [security2:error] [pid 3816:tid 3816] [client 2a01:4f8:c015:2e98::1:32784] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lovebuilds.com"] [uri "/.env"] [unique_id "ajAj479ogvm4ioIhKDfpBgAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 11:34:52 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f8:c015:2e98::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f8:c015:2e98::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 07:34:46.220431 2026] [security2:error] [pid 2911:tid 2911] [client 2a01:4f8:c015:2e98::1:34046] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "avrknives.com"] [uri "/.env"] [unique_id "ai_jVh8W2P-fjhHcwpl8JwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-15 11:22:16 (4 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇹 196.190.43.161

🇸🇬 2406:da18:a1e:c10c:9f27::7

🇩🇪 213.209.159.236

🇺🇸 162.216.149.109

🇸🇦 151.255.10.148

🇨🇦 142.68.171.127

🇿🇦 105.233.66.167

🇮🇳 98.70.50.166

🇷🇴 92.118.39.62

🇳🇱 91.92.40.233

🇩🇪 69.5.169.12

🇩🇪 47.254.154.160

🇬🇧 35.203.210.147

🇧🇪 34.77.97.90

🇲🇽 201.142.164.224

🇨🇱 200.89.69.247

🇦🇷 186.148.224.83

🇻🇳 180.93.172.213

🇧🇷 179.0.117.209

🇭🇰 103.218.241.245