JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a02:4780:a:2041:0:1bd4:528:1

2a02:4780:a:2041:0:1bd4:528:1 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 67%: ?

67%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Hostinger International Limited
Usage Type	Content Delivery Network
ASN	AS47583
Domain Name	hostinger.com
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	Manchester, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a02:4780:a:2041:0:1bd4:528:1

Whois 2a02:4780:a:2041:0:1bd4:528:1

IP Abuse Reports for 2a02:4780:a:2041:0:1bd4:528:1:

This IP address has been reported a total of 47 times from 19 distinct sources. 2a02:4780:a:2041:0:1bd4:528:1 was first reported on June 6th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Nrbrtkls	2026-06-10 08:15:49 (2 weeks ago)	Scanning for .env secrets files on Cloudflare-fronted site	Web App Attack
🇳🇱 Savvii	2026-06-08 11:50:20 (2 weeks ago)	20 attempts against mh-misbehave-ban on frost	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 10:13:12 (2 weeks ago)	2a02:4780:a:2041:0:1bd4:528:1 - - [08/Jun/2026:18:13:12 +0800] "GET /member/.env HTTP/1.1" 404 196 " ... show more 2a02:4780:a:2041:0:1bd4:528:1 - - [08/Jun/2026:18:13:12 +0800] "GET /member/.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 2a02:4780:a:2041:0:1bd4:528:1 - - [08/Jun/2026:18:13:12 +0800] "GET /backend/.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 2a02:4780:a:2041:0:1bd4:528:1 - - [08/Jun/2026:18:13:12 +0800] "GET /app/.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 2a02:4780:a:2041:0:1bd4:528:1 - - [08/Jun/2026:18:13:12 +0800] "GET /admin/.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 2a02:4780:a:2041:0:1bd4:528:1 - - [08/Jun/2026:18:13:12 +0800] "GET /laravel/.env HTTP/1.1" 404 ... show less	Bad Web Bot Web App Attack
🇫🇮 stinpriza	2026-06-08 08:38:07 (2 weeks ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 08:28:32 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2041:0:1bd4:528:1 (Unknown): 1 in t ... show more (mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2041:0:1bd4:528:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:28:27.026099 2026] [security2:error] [pid 25708:tid 25708] [client 2a02:4780:a:2041:0:1bd4:528:1:20354] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "onward.ws"] [uri "/app/.env"] [unique_id "aiZ9K7EjYVsoZrK2iuLJ_QAAAGs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 06:12:46 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2041:0:1bd4:528:1 (Unknown): 1 in t ... show more (mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2041:0:1bd4:528:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 02:12:42.652280 2026] [security2:error] [pid 11015:tid 11015] [client 2a02:4780:a:2041:0:1bd4:528:1:47964] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jiffycareers.com"] [uri "/member/.env"] [unique_id "aiZdWlFsZSetQZ0mWQ4sQAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 baku.hosting	2026-06-08 05:16:25 (2 weeks ago)	CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 2a02:4780:a:2041:0:1bd4:528:1 ... show more CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 2a02:4780:a:2041:0:1bd4:528:1 (Unknown): 5 in the last 3600 secs show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 04:22:31 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2041:0:1bd4:528:1 (Unknown): 1 in t ... show more (mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2041:0:1bd4:528:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 00:22:27.420957 2026] [security2:error] [pid 14690:tid 14690] [client 2a02:4780:a:2041:0:1bd4:528:1:54016] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sawmat.com"] [uri "/app/.env"] [unique_id "aiZDg_NozH13GTQtA5XRaAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-08 04:00:43 (2 weeks ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 00:33:35 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2041:0:1bd4:528:1 (Unknown): 1 in t ... show more (mod_security) mod_security (id:210492) triggered by 2a02:4780:a:2041:0:1bd4:528:1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 20:33:30.122525 2026] [security2:error] [pid 24810:tid 24810] [client 2a02:4780:a:2041:0:1bd4:528:1:32754] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fewo-eva.at"] [uri "/dev/.env"] [unique_id "aiYN2tNUipMGjlNtlMquKQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-08 00:30:19 (2 weeks ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇳🇱 Site.eu	2026-06-07 23:45:00 (2 weeks ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 4server	2026-06-07 22:53:07 (2 weeks ago)	[MonJun0800:53:02.2653812026][security2:error][pid274321:tid274436][client2a02:4780:a:2041:0:1bd4:52 ... show more [MonJun0800:53:02.2653812026][security2:error][pid274321:tid274436][client2a02:4780:a:2041:0:1bd4:528:1:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"fondazionepetronillapontirone.ch\"][uri\"/dev/.env\"][unique_id\"aiX2TvDEfpJytCMFQakuOgAAAI4\"] show less	Port Scan Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-07 22:07:57 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06. show less	Web App Attack SSH Hacking
🇫🇮 YF	2026-06-07 20:00:50 (2 weeks ago)	404 errors Vulnerability scan	Web App Attack

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 205.237.105.154

🇺🇸 195.184.76.119

🇳🇬 165.154.11.48

🇮🇹 93.95.216.100

🇩🇪 8.211.15.33

🇳🇱 185.223.235.20

🇺🇸 174.27.213.193

🇲🇾 160.187.211.96

🇺🇸 147.185.132.120

🇺🇸 147.185.132.58

🇨🇳 117.177.102.79

🇻🇳 115.77.186.217

🇺🇸 91.230.168.253

🇺🇸 91.230.168.123

🇫🇮 77.105.161.120

🇬🇧 35.203.211.41

🇺🇸 207.90.244.19

🇺🇸 195.184.76.242

🇺🇸 195.184.76.34

🇦🇷 181.110.143.242