JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a02:2479:b0:8600::1

2a02:2479:b0:8600::1 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 72%: ?

72%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	IONOS SE
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8560
Domain Name	ionos.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a02:2479:b0:8600::1

Whois 2a02:2479:b0:8600::1

IP Abuse Reports for 2a02:2479:b0:8600::1:

This IP address has been reported a total of 31 times from 19 distinct sources. 2a02:2479:b0:8600::1 was first reported on April 30th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-16 22:03:41 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-15. show less	Web App Attack SSH Hacking
🇬🇧 openstrike.co.uk	2026-06-16 05:14:32 (1 week ago)	6 attacks on env grabbing URLs: GET /.env HTTP/1.1	Hacking
🇺🇸 chronos	2026-06-15 23:46:00 (1 week ago)	[AUTORAVALT][[15/06/2026 - 20:46:00 -03:00 UTC] Attack from [2a02:2479:b0:8600::1] Action: BLocKed ... show more [AUTORAVALT][[15/06/2026 - 20:46:00 -03:00 UTC] Attack from [2a02:2479:b0:8600::1] Action: BLocKed Phishing -> Phishing websites and/or email. Email Spam -> Spam email content, infected attachments, and phishing emails. Hacking... Unauthorized attempts to access the server. Spoofing -> Email sender spoofing. Brute-Force -> Credential brute-force attacks on web] ... show less	Brute-Force Email Spam Spoofing Phishing Hacking
🇺🇸 TPI-Abuse	2026-06-15 19:56:16 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:56:08.863074 2026] [security2:error] [pid 7557:tid 7557] [client 2a02:2479:b0:8600::1:34452] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "payrrip.com"] [uri "/config/.env"] [unique_id "ajBY2GBYc3KOpcNTBCraCgAAAHw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:27:35 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:27:28.968535 2026] [security2:error] [pid 19155:tid 19155] [client 2a02:2479:b0:8600::1:57040] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "akronpartybuses.com"] [uri "/api/.env"] [unique_id "ajBSIIeggUcoFL6C4kOb5gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:10:49 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:10:44.743980 2026] [security2:error] [pid 22861:tid 22861] [client 2a02:2479:b0:8600::1:47780] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lidart.org"] [uri "/config/.env"] [unique_id "ajBONJwbSZA2RVdgm-UhcAAAAFI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 BlueWire Hosting	2026-06-15 18:25:05 (1 week ago)	Probing websites for vulnerabilities	Web App Attack
🇳🇱 e.fierstra	2026-06-15 17:40:33 (1 week ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 Ba-Yu	2026-06-15 16:32:27 (1 week ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:22:27 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:22:22.727945 2026] [security2:error] [pid 15906:tid 15906] [client 2a02:2479:b0:8600::1:58822] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "spiralvillage.org"] [uri "/.env"] [unique_id "ajAmvkbalgyGFpNNBhveDAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-15 16:11:48 (1 week ago)	[redacted] 2a02:2479:b0:8600::1 - - [15/Jun/2026:17:11:44 +0100] "GET /api/.env HTTP/1.1" 302 5300 0 ... show more [redacted] 2a02:2479:b0:8600::1 - - [15/Jun/2026:17:11:44 +0100] "GET /api/.env HTTP/1.1" 302 5300 0/45120 "http://[redacted]/api/.env" "Go-http-client/1.1" [redacted] 2a02:2479:b0:8600::1 - - [15/Jun/2026:17:11:44 +0100] "GET /config/.env HTTP/1.1" 302 5268 0/159388 "http://[redacted]/config/.env" "Go-http-client/1.1" show less	Bad Web Bot Web App Attack
Anonymous	2026-06-15 15:56:54 (1 week ago)	2a02:2479:b0:8600::1 - - [15/Jun/2026:15:56:53 +0000] "GET /.env HTTP/1.1" 302 446 "-" "Go-http-clie ... show more 2a02:2479:b0:8600::1 - - [15/Jun/2026:15:56:53 +0000] "GET /.env HTTP/1.1" 302 446 "-" "Go-http-client/1.1" ... show less	Bad Web Bot Web App Attack
🇩🇪 Viveronese	2026-06-15 15:12:57 (1 week ago)	HTTP vulnerability scanning	Web App Attack
🇩🇪 gadix	2026-06-15 13:41:02 (1 week ago)	[15/Jun/2026:15:40:59.275772 +0200] ajAA6xNzHjBr1c0eC_cy8AAAANE 2a02:2479:b0:8600::1 33834 127.0.0.1 ... show more [15/Jun/2026:15:40:59.275772 +0200] ajAA6xNzHjBr1c0eC_cy8AAAANE 2a02:2479:b0:8600::1 33834 127.0.0.1 7081 [15/Jun/2026:15:40:59.366240 +0200] ajAA65osKmxwxOENSzVeaQAAAAA 2a02:2479:b0:8600::1 33840 127.0.0.1 7081 [15/Jun/2026:15:40:59.638332 +0200] ajAA65osKmxwxOENSzVeagAAAAo 2a02:2479:b0:8600::1 33852 127.0.0.1 7081 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 13:34:43 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a02:2479:b0:8600::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 09:34:38.838713 2026] [security2:error] [pid 12653:tid 12653] [client 2a02:2479:b0:8600::1:39618] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "holland-kadaster-registration.com"] [uri "/app/.env"] [unique_id "ai__bkVcYhp4BK_5Ea7ytQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇬 152.32.141.172

🇭🇰 118.193.47.212

🇮🇳 117.221.142.158

🇸🇬 94.231.206.5

🇩🇪 92.246.91.177

🇮🇹 81.57.15.243

🇺🇸 74.142.165.90

🇳🇱 45.156.87.147

🇬🇧 37.10.113.218

🇺🇸 161.35.232.200

🇨🇳 115.191.22.87

🇩🇪 92.246.91.122

🇷🇺 91.241.150.246

🇺🇸 66.132.172.218

🇺🇸 18.97.19.192

🇨🇳 14.19.139.188

🇨🇳 223.243.162.130

🇨🇳 180.184.51.110

🇨🇳 123.55.159.246

🇮🇳 117.221.169.112