JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a02:c207:2303:1109::1

2a02:c207:2303:1109::1 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 37%: ?

37%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3031109.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a02:c207:2303:1109::1

Whois 2a02:c207:2303:1109::1

IP Abuse Reports for 2a02:c207:2303:1109::1:

This IP address has been reported a total of 13 times from 8 distinct sources. 2a02:c207:2303:1109::1 was first reported on February 14th 2026, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-26 20:16:00 (8 hours ago)	Web attack blocked by Wordfence on www.gerhuntjens.nl (1 hit). Reported by CRMON.	Web App Attack
🇺🇸 lostswordfish.com	2026-06-26 17:50:05 (11 hours ago)	Wordfence waf block on 1105merrystreet	Web App Attack
🇩🇪 LRob.fr	2026-06-26 06:15:06 (22 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-25 02:00:18 (2 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 factor1	2026-06-24 19:54:09 (2 days ago)	Fail2ban at churndash Reports Abuse.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 20:35:52 (3 days ago)	(mod_security) mod_security (id:225170) triggered by 2a02:c207:2303:1109::1 (vmi3031109.contaboserve ... show more (mod_security) mod_security (id:225170) triggered by 2a02:c207:2303:1109::1 (vmi3031109.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 16:35:47.239179 2026] [security2:error] [pid 318:tid 318] [client 2a02:c207:2303:1109::1:40806] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|drgtek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "drgtek.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajruI4nDL0Z5v2cJiZnoowAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 15:26:07 (3 days ago)	(mod_security) mod_security (id:225170) triggered by 2a02:c207:2303:1109::1 (vmi3031109.contaboserve ... show more (mod_security) mod_security (id:225170) triggered by 2a02:c207:2303:1109::1 (vmi3031109.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 11:25:59.857773 2026] [security2:error] [pid 15314:tid 15314] [client 2a02:c207:2303:1109::1:56560] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.rohanbyles.com.au\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rohanbyles.com.au"] [uri "/wp-json/wp/v2/users"] [unique_id "ajqlh21EIH-fHhCRipcAIAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 04:11:19 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 2a02:c207:2303:1109::1 (vmi3031109.contaboserve ... show more (mod_security) mod_security (id:225170) triggered by 2a02:c207:2303:1109::1 (vmi3031109.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 00:11:13.339149 2026] [security2:error] [pid 29126:tid 29126] [client 2a02:c207:2303:1109::1:48476] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.campos.tv\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.campos.tv"] [uri "/wp-json/wp/v2/users"] [unique_id "ajoHYZ_CZ3S4qGEwE7-9IwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 21:13:11 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 2a02:c207:2303:1109::1 (vmi3031109.contaboserve ... show more (mod_security) mod_security (id:225170) triggered by 2a02:c207:2303:1109::1 (vmi3031109.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 17:13:03.318915 2026] [security2:error] [pid 21163:tid 21163] [client 2a02:c207:2303:1109::1:53180] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.allotrope.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.allotrope.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajhT35FbT_7lvygmoT1lzwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-19 06:46:44 (4 months ago)	Failed Wordpress login	Hacking Brute-Force Web App Attack
🇩🇪 Hazzard	2026-02-18 14:32:27 (4 months ago)	(wordpress) Failed wordpress login from 2a02:c207:2303:1109::1 (FR/France/Bas-Rhin/Lauterbourg/vmi30 ... show more (wordpress) Failed wordpress login from 2a02:c207:2303:1109::1 (FR/France/Bas-Rhin/Lauterbourg/vmi3031109.contaboserver.net/[redacted]): (CF_ENABLE) show less	Brute-Force
🇩🇪 LRob.fr	2026-02-14 15:51:16 (4 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-02-14 15:19:19 (4 months ago)	2a02:c207:2303:1109::1 - - [14/Feb/2026:08:19:19 -0700] "POST /xmlrpc.php HTTP/1.1" 200 415 "-" "Moz ... show more 2a02:c207:2303:1109::1 - - [14/Feb/2026:08:19:19 -0700] "POST /xmlrpc.php HTTP/1.1" 200 415 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.43 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 OPR/120.0.0.0" ... show less	Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 194.187.176.37

🇳🇱 185.223.235.50

🇨🇦 147.194.85.167

🇺🇸 147.182.241.81

🇺🇸 143.198.238.87

🇸🇬 139.99.90.59

🇰🇷 118.39.234.238

🇺🇸 70.9.0.195

🇱🇹 45.227.254.170

🇺🇸 45.156.129.52

🇬🇹 45.5.119.28

🇭🇰 8.217.160.32

🇨🇳 223.100.224.75

🇺🇸 216.218.206.111

🇧🇷 201.2.140.186

🇩🇪 194.187.176.204

🇳🇱 185.242.226.87

🇮🇶 169.224.21.90

🇻🇳 118.69.109.90

🇿🇦 102.66.146.190