JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a01:4f9:c013:57df::1

2a01:4f9:c013:57df::1 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 52%: ?

52%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Domain Name	hetzner.com
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a01:4f9:c013:57df::1

Whois 2a01:4f9:c013:57df::1

IP Abuse Reports for 2a01:4f9:c013:57df::1:

This IP address has been reported a total of 21 times from 11 distinct sources. 2a01:4f9:c013:57df::1 was first reported on April 18th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 René Hickersberger	2026-06-05 20:12:51 (1 day ago)	[2026-06-05T20:12:51Z] Malicious request to /.continue/config.json	Hacking Bad Web Bot Web App Attack
🇪🇸 alferez	2026-06-04 20:19:29 (2 days ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 11:43:50 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 07:43:41.731223 2026] [security2:error] [pid 10944:tid 10944] [client 2a01:4f9:c013:57df::1:57464] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mijnlevensverhaal.com"] [uri "/.env.development"] [unique_id "ah1wbYEVTkLCkndjJqEDLAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 YF	2026-06-01 00:00:46 (6 days ago)	Malicious activity detected — automated analysis	Brute-Force Web App Attack
🇧🇪 cmbplf	2026-05-31 20:44:52 (6 days ago)	101 requests with url.path *config.json	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-31 19:18:17 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 15:18:10.348979 2026] [security2:error] [pid 12236:tid 12236] [client 2a01:4f9:c013:57df::1:42236] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "web103.dnchosting.com"] [uri "/.env.development"] [unique_id "ahyJch5evpIlA0QKKovJtAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 HerrWolf	2026-05-31 09:30:08 (1 week ago)	CrowdSec Detection: crowdsecurity/http-probing	Web App Attack
🇳🇱 Site.eu	2026-05-30 22:18:51 (1 week ago)	Excessive 404/403 errors	Brute-Force
🇫🇷 mrcrassi	2026-05-26 04:41:08 (1 week ago)	Triggered Cloudflare WAF (botFight) from FI. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET ... show more Triggered Cloudflare WAF (botFight) from FI. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /_rNd9xZ7kL3 UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-15 08:43:39 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:43:32.861296 2026] [security2:error] [pid 15876:tid 15876] [client 2a01:4f9:c013:57df::1:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stantontownship.org"] [uri "/.env.backup"] [unique_id "agbctCeUM2HOxusdMhsUdgAAAA4"], referer: https://www.google.com/search?q=stantontownship.org show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 01:40:12 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 21:39:56.604432 2026] [security2:error] [pid 2205:tid 2205] [client 2a01:4f9:c013:57df::1:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.psychoatomicpower.com"] [uri "/.env"] [unique_id "agKE7N7pGL3DaeSDoQtqMgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 07:00:52 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 03:00:45.177821 2026] [security2:error] [pid 29490:tid 29490] [client 2a01:4f9:c013:57df::1:32690] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.ridefilmsinc.com"] [uri "/.env"] [unique_id "agF-nff-YBFmsbVH8N_gUQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 04:23:00 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 00:22:48.796730 2026] [security2:error] [pid 7234:tid 7234] [client 2a01:4f9:c013:57df::1:12530] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.test.high5-vr.com"] [uri "/.env.local"] [unique_id "agFZmMK_bKm0vo4WQOR1pAAAAAU"], referer: https://www.google.com/search?q=www.test.high5-vr.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 19:41:19 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 15:41:09.230402 2026] [security2:error] [pid 27089:tid 27089] [client 2a01:4f9:c013:57df::1:10956] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mta-sts.suffolksystems.com"] [uri "/.env.dev"] [unique_id "agDfVb7K7gxua2xqDj6UoAAAAAk"], referer: https://www.google.com/search?q=www.mta-sts.suffolksystems.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 18:57:15 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a01:4f9:c013:57df::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 14:56:55.917888 2026] [security2:error] [pid 25899:tid 25899] [client 2a01:4f9:c013:57df::1:10284] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sunshinenv.com"] [uri "/wp-config.php"] [unique_id "agDU99ameNe0ggYHtiHTsgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.73.123.169

🇧🇷 187.85.148.98

🇷🇴 80.94.92.182

🇩🇪 43.228.157.16

🇺🇸 2604:a880:400:d1:0:4:8c04:1001

🇸🇪 217.211.208.125

🇨🇳 211.97.69.110

🇦🇷 200.89.159.59

🇳🇦 197.234.87.98

🇬🇧 193.163.125.130

🇧🇷 191.5.32.222

🇹🇷 185.153.231.44

🇳🇱 185.93.89.79

🇧🇷 177.87.96.158

🇨🇳 106.75.144.89

🇰🇿 95.82.72.136

🇧🇬 91.191.209.198

🇷🇴 80.94.92.168

🇺🇸 64.62.197.99

🇳🇱 45.148.10.151