JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a01:4f9:c013:2f9b::1

2a01:4f9:c013:2f9b::1 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 73%: ?

73%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Domain Name	hetzner.com
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a01:4f9:c013:2f9b::1

Whois 2a01:4f9:c013:2f9b::1

IP Abuse Reports for 2a01:4f9:c013:2f9b::1:

This IP address has been reported a total of 17 times from 13 distinct sources. 2a01:4f9:c013:2f9b::1 was first reported on June 15th 2026, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-15 22:30:12 (13 hours ago)		Brute-Force Web App Attack
🇩🇪 gadix	2026-06-15 20:54:25 (15 hours ago)	[15/Jun/2026:22:54:24.245550 +0200] ajBmgNPxypMG2c2ua0GfbwAAADE 2a01:4f9:c013:2f9b::1 53892 127.0.0. ... show more [15/Jun/2026:22:54:24.245550 +0200] ajBmgNPxypMG2c2ua0GfbwAAADE 2a01:4f9:c013:2f9b::1 53892 127.0.0.1 7081 [15/Jun/2026:22:54:24.247229 +0200] ajBmgLrFRSxLv5mWbp0rgwAAAAQ 2a01:4f9:c013:2f9b::1 53896 127.0.0.1 7081 [15/Jun/2026:22:54:24.250978 +0200] ajBmgKKqQ_waRSbcbJoHzwAAAAM 2a01:4f9:c013:2f9b::1 53906 127.0.0.1 7081 ... show less	Web App Attack
🇳🇱 WinnieHoneypots	2026-06-15 20:23:24 (15 hours ago)		Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:17:17 (16 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:2f9b::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:2f9b::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:17:13.667125 2026] [security2:error] [pid 10028:tid 10028] [client 2a01:4f9:c013:2f9b::1:44730] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arapi.org"] [uri "/config/.env"] [unique_id "ajBPuXu9_GslYApcO3C65QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Viveronese	2026-06-15 19:09:57 (16 hours ago)	HTTP vulnerability scanning	Web App Attack
🇺🇸 ambor	2026-06-15 18:44:44 (17 hours ago)	Honeypot access: Environment file access attempt. Path: /.env	Web App Attack
🇳🇱 BlueWire Hosting	2026-06-15 18:18:23 (17 hours ago)	Probing websites for vulnerabilities	Web App Attack
🇩🇪 febrian.de	2026-06-15 17:37:58 (18 hours ago)	HTTP(S) probing or brute-force attack detected by Fail2Ban	Brute-Force Web App Attack
🇨🇦 internetworld	2026-06-15 16:53:31 (19 hours ago)	internetworld-prod-01 Fail2Ban ban. Jail=nginx-web-probe-iw. Sanitized automatic report from interne ... show more internetworld-prod-01 Fail2Ban ban. Jail=nginx-web-probe-iw. Sanitized automatic report from internetworld.ca server security monitoring. show less	Brute-Force Web App Attack
🇩🇪 macrob	2026-06-15 16:47:22 (19 hours ago)	2026/06/15 16:47:21 [error] 2547561#2547561: 307697125 access forbidden by rule, client: 2a01:4f9:c ... show more 2026/06/15 16:47:21 [error] 2547561#2547561: 307697125 access forbidden by rule, client: 2a01:4f9:c013:2f9b::1, server: fastcredit.net.ua, request: "GET /config/.env HTTP/2.0", host: "fastcredit.net.ua", referrer: "http://fastcredit.net.ua/config/.env" 2026/06/15 16:47:21 [error] 2547561#2547561: 307697130 access forbidden by rule, client: 2a01:4f9:c013:2f9b::1, server: fastcredit.net.ua, request: "GET /api/.env HTTP/2.0", host: "fastcredit.net.ua", referrer: "http://fastcredit.net.ua/api/.env" 2026/06/15 16:47:21 [error] 2547561#2547561: 307697131 access forbidden by rule, client: 2a01:4f9:c013:2f9b::1, server: fastcredit.net.ua, request: "GET /.env HTTP/2.0", host: "fastcredit.net.ua", referrer: "http://fastcredit.net.ua/.env" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:46:49 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:2f9b::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:2f9b::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:46:41.764943 2026] [security2:error] [pid 16489:tid 16489] [client 2a01:4f9:c013:2f9b::1:56280] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aandsmetal.com"] [uri "/.env"] [unique_id "ajAscfJVdnTk8cmWLH_pAwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:02:13 (20 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:2f9b::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:2f9b::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:02:05.268205 2026] [security2:error] [pid 20107:tid 20107] [client 2a01:4f9:c013:2f9b::1:55048] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mjaaforum.org"] [uri "/api/.env"] [unique_id "ajAh_RQfa1O_SrmaioKsBgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-15 12:39:25 (23 hours ago)	2.623 requests with url.path *.env	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-15 12:19:44 (23 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:2f9b::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:2f9b::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 08:19:39.770602 2026] [security2:error] [pid 29728:tid 29728] [client 2a01:4f9:c013:2f9b::1:33938] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "centralbaptistalcoa.org"] [uri "/app/.env"] [unique_id "ai_t2wWNKrop1eY-PaoblAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-15 11:49:08 (1 day ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇹 2a00:1450:4025:1805::127

🇺🇸 158.247.18.7

🇰🇷 116.125.120.27

🇪🇸 45.12.57.0

🇺🇸 35.231.59.130

🇺🇸 20.106.198.163

🇷🇴 2.57.122.177

🇩🇪 2a01:599:71a:6097:77db:d967:ebc9:4390

🇰🇷 221.162.3.119

🇩🇪 217.181.94.59

🇨🇦 217.181.83.239

🇺🇿 213.230.127.104

🇩🇪 195.63.25.194

🇨🇦 195.63.18.245

🇨🇳 123.165.85.7

🇨🇳 111.49.98.101

🇮🇩 103.151.140.79

🇷🇺 90.188.59.70

🇷🇸 77.105.37.219

🇳🇱 45.148.10.152