JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a02:c207:2332:4341::1

2a02:c207:2332:4341::1 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 55%: ?

55%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3324341.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a02:c207:2332:4341::1

Whois 2a02:c207:2332:4341::1

IP Abuse Reports for 2a02:c207:2332:4341::1:

This IP address has been reported a total of 18 times from 9 distinct sources. 2a02:c207:2332:4341::1 was first reported on June 10th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-16 05:15:03 (3 days ago)	9 attacks on env grabbing URLs: GET /database/.env HTTP/1.1	Hacking
🇺🇸 TPI-Abuse	2026-06-15 20:22:01 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserve ... show more (mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 16:21:54.938212 2026] [security2:error] [pid 13959:tid 13959] [client 2a02:c207:2332:4341::1:35042] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "linearconceptsllc.com"] [uri "/database/.env"] [unique_id "ajBe4rlCe3OCwP_cd_IUagAAAFc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:51:01 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserve ... show more (mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:50:57.517951 2026] [security2:error] [pid 28429:tid 28429] [client 2a02:c207:2332:4341::1:55620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seishin-kan.org"] [uri "/database/.env"] [unique_id "ajBXobUZUC5HjO_fRrjUQgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 18:05:12 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserve ... show more (mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:05:07.619793 2026] [security2:error] [pid 25976:tid 25976] [client 2a02:c207:2332:4341::1:32946] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ahuramazda.com"] [uri "/.env"] [unique_id "ajA-0-o9Co_aq-RbzF0wIAAAAIs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 17:28:21 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserve ... show more (mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:28:14.668526 2026] [security2:error] [pid 22841:tid 22850] [client 2a02:c207:2332:4341::1:40584] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dermatologycoloradosprings.com"] [uri "/.env"] [unique_id "ajA2LkWUI6OiBsghuQXLeQAAAIc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:36:06 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserve ... show more (mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:36:01.212964 2026] [security2:error] [pid 27680:tid 27680] [client 2a02:c207:2332:4341::1:42680] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "osbyink.com"] [uri "/database/.env"] [unique_id "ajAp8UaU-oOdWOLEYp_WXwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 15:27:03 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserve ... show more (mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 11:26:58.653308 2026] [security2:error] [pid 10873:tid 10873] [client 2a02:c207:2332:4341::1:53190] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bridging-lives.com"] [uri "/api/.env"] [unique_id "ajAZwpFNCxlZKnIjf10YHAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-15 14:39:38 (4 days ago)	[MonJun1516:39:32.9466062026][security2:error][pid72768:tid72882][client2a02:c207:2332:4341::1:0]Mod ... show more [MonJun1516:39:32.9466062026][security2:error][pid72768:tid72882][client2a02:c207:2332:4341::1:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"assmra.org\"][uri\"/api/.env\"][unique_id\"ajAOpKfwTEtp9SNMy9kz6gAAAIw\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 13:44:24 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserve ... show more (mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 09:44:19.828029 2026] [security2:error] [pid 22379:tid 22379] [client 2a02:c207:2332:4341::1:33158] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adventiststoday.com"] [uri "/api/.env"] [unique_id "ajABs8Vu_Re1Lb6vGv1DCQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 MarkGGN	2026-06-15 12:56:55 (4 days ago)	Web attack. 2a02:c207:2332:4341::1 - - [15/Jun/2026:14:56:55 +0200] "GET /api/.env HTTP/1.1" 404 75 ... show more Web attack. 2a02:c207:2332:4341::1 - - [15/Jun/2026:14:56:55 +0200] "GET /api/.env HTTP/1.1" 404 75 "http:///api/.env" "Go-http-client/1.1" 2a02:c207:2332:4341::1 - - [15/Jun/2026:14:56:55 +0200] "GET /app/.env HTTP/1.1" 404 75 "http:///app/.env" "Go-http-client/1.1" show less	Web App Attack
🇳🇱 e.fierstra	2026-06-15 12:54:53 (4 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 11:48:08 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserve ... show more (mod_security) mod_security (id:210492) triggered by 2a02:c207:2332:4341::1 (vmi3324341.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 07:48:04.555858 2026] [security2:error] [pid 2208:tid 2208] [client 2a02:c207:2332:4341::1:36422] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "openkiwiai.com"] [uri "/.env"] [unique_id "ai_mdP3gqpKRZIXOzptfBgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WellSpring	2026-06-15 09:54:01 (4 days ago)	env leak on wellspr.ing/appdata/.env — WellSpr.ing/NetSentinel civic-AI security layer	Web App Attack
🇱🇻 garmtech.com	2026-06-15 09:06:27 (4 days ago)	IM360 WAF: Direct access to sensitive file or dotfile MV:/.env	Web App Attack
🇳🇱 BlueWire Hosting	2026-06-15 08:57:56 (4 days ago)	Probing websites for vulnerabilities	Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 124.74.9.190

🇨🇳 120.48.148.35

🇨🇳 117.158.160.42

🇺🇸 65.49.1.120

🇫🇮 147.185.133.219

🇨🇳 111.26.106.117

🇺🇸 108.171.104.14

🇹🇼 101.13.5.32

🇷🇺 94.243.15.221

🇮🇷 94.139.183.254

🇳🇱 91.92.241.106

🇬🇧 86.173.0.237

🇨🇦 85.217.149.49

🇪🇸 83.51.222.81

🇸🇬 47.79.120.176

🇳🇱 45.148.10.141

🇨🇳 36.132.129.194

🇷🇴 2.57.122.177

🇩🇪 213.209.159.236

🇳🇱 176.65.139.105