JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a02:752:0:18::16da

2a02:752:0:18::16da was found in our database!

This IP was reported 22 times. Confidence of Abuse is 61%: ?

61%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Glesys AB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42708
Hostname(s)	2a02-752-0-18--16da-static.glesys.net
Domain Name	glesys.com
Country	🇸🇪 Sweden
City	Falkenberg, Halland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a02:752:0:18::16da

Whois 2a02:752:0:18::16da

IP Abuse Reports for 2a02:752:0:18::16da:

This IP address has been reported a total of 22 times from 13 distinct sources. 2a02:752:0:18::16da was first reported on April 30th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 stinpriza	2026-06-15 18:28:09 (5 days ago)	Web App Attack	Web App Attack
🇫🇮 YF	2026-06-15 18:00:44 (5 days ago)	Environment file probe	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 17:35:11 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:752:0:18::16da (2a02-752-0-18--16da-static ... show more (mod_security) mod_security (id:210492) triggered by 2a02:752:0:18::16da (2a02-752-0-18--16da-static.glesys.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:35:07.294928 2026] [security2:error] [pid 16648:tid 16648] [client 2a02:752:0:18::16da:35860] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "astrologydemo.com"] [uri "/.env"] [unique_id "ajA3y4I1xX9gpiNDBOnR5gAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Ba-Yu	2026-06-15 17:33:01 (5 days ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-15 17:25:26 (5 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇦🇺 2000cn.com.au	2026-06-15 17:15:53 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-15 17:02:42 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:752:0:18::16da (2a02-752-0-18--16da-static ... show more (mod_security) mod_security (id:210492) triggered by 2a02:752:0:18::16da (2a02-752-0-18--16da-static.glesys.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:02:38.178845 2026] [security2:error] [pid 11514:tid 11514] [client 2a02:752:0:18::16da:60056] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "roguetechhub.com"] [uri "/.env"] [unique_id "ajAwLnY-pEdQpbH5cVviVwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 16:11:04 (5 days ago)	(apache-useragents) Failed apache-useragents trigger with match [Go-http-client/1.1] from 2a02:752:0 ... show more (apache-useragents) Failed apache-useragents trigger with match [Go-http-client/1.1] from 2a02:752:0:18::16da (2a02-752-0-18--16da-static.glesys.net): 5 in the last 300 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2a02:752:0:18::16da - - [15/Jun/2026:18:11:01 +0200] "GET /app/.env HTTP/1.1" 403 405 "-" "Go-http-client/1.1" 2a02:752:0:18::16da - - [15/Jun/2026:18:11:01 +0200] "GET /.env HTTP/1.1" 403 405 "-" "Go-http-client/1.1" 2a02:752:0:18::16da - - [15/Jun/2026:18:11:01 +0200] "GET /api/.env HTTP/1.1" 403 405 "-" "Go-http-client/1.1" 2a02:752:0:18::16da - - [15/Jun/2026:18:11:01 +0200] "GET /.env HTTP/1.1" 403 3515 "-" "Go-http-client/1.1" 2a02:752:0:18::16da - - [15/Jun/2026:18:11:01 +0200] "GET /app/.env HTTP/1.1" 403 3516 "-" "Go-http-client/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-15 13:12:07 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:752:0:18::16da (2a02-752-0-18--16da-static ... show more (mod_security) mod_security (id:210492) triggered by 2a02:752:0:18::16da (2a02-752-0-18--16da-static.glesys.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 09:12:03.689382 2026] [security2:error] [pid 25372:tid 25372] [client 2a02:752:0:18::16da:49548] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rockshoreadvisors.com"] [uri "/api/.env"] [unique_id "ai_6Iwc4w2I9ck5pEDGWEAAAAAM"], referer: http://rockshoreadvisorygroup.com/api/.env show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-15 11:38:20 (5 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 08:34:56 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:752:0:18::16da (2a02-752-0-18--16da-static ... show more (mod_security) mod_security (id:210492) triggered by 2a02:752:0:18::16da (2a02-752-0-18--16da-static.glesys.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 04:34:49.072152 2026] [security2:error] [pid 11211:tid 11211] [client 2a02:752:0:18::16da:41580] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boat-registration-turkey.com"] [uri "/.env"] [unique_id "ai-5Kfr0ePJmLOj7EZTxFgAAAEs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-02 11:45:04 (2 weeks ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇩🇪 LRob.fr	2026-06-01 19:00:19 (2 weeks ago)	FTP brute-force attack detected by Fail2Ban in plesk-proftpd jail	FTP Brute-Force
Anonymous	2026-05-30 21:20:45 (2 weeks ago)	2026-05-30T16:48:04.062201-03:00 web pure-ftpd: (?@2a02:752:0:18::16da) [WARNING] Authentication fai ... show more 2026-05-30T16:48:04.062201-03:00 web pure-ftpd: (?@2a02:752:0:18::16da) [WARNING] Authentication failed for user [webmaster] 2026-05-30T17:41:13.293323-03:00 web pure-ftpd: (?@2a02:752:0:18::16da) [WARNING] Authentication failed for user [administrator] 2026-05-30T18:20:44.847667-03:00 web pure-ftpd: (?@2a02:752:0:18::16da) [WARNING] Authentication failed for user [vebobinas] ... show less	FTP Brute-Force
🇺🇸 factor1	2026-05-25 23:57:26 (3 weeks ago)	Fail2ban at atlas Reports Abuse.	FTP Brute-Force Brute-Force

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 2620:171:eb:f0::6

🇭🇰 199.45.154.189

🇬🇧 193.176.29.19

🇧🇷 177.30.64.65

🇵🇱 172.253.206.48

🇳🇱 193.39.208.26

🇺🇸 45.156.129.86

🇺🇸 45.92.229.202

🇺🇸 43.130.2.131

🇺🇸 205.210.31.52

🇦🇷 190.220.172.154

🇭🇰 103.14.33.174

🇳🇱 92.63.197.197

🇳🇱 45.148.10.152

🇳🇱 45.148.10.141

🇨🇳 39.104.63.170

🇷🇴 2.57.122.238

🇬🇧 193.176.29.9

🇬🇧 193.163.125.157

🇩🇪 162.158.110.31