JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a04:c300:400::1b3

2a04:c300:400::1b3 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 76%: ?

76%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	advinservers.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a04:c300:400::1b3

Whois 2a04:c300:400::1b3

IP Abuse Reports for 2a04:c300:400::1b3:

This IP address has been reported a total of 45 times from 15 distinct sources. 2a04:c300:400::1b3 was first reported on June 21st 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-25 04:47:33 (5 days ago)	(mod_security) mod_security triggered on hostname [redacted] 2a04:c300:400::1b3 (Unknown)	SQL Injection
🇺🇸 TPI-Abuse	2026-06-24 23:10:41 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 19:10:34.040989 2026] [security2:error] [pid 20426:tid 20426] [client 2a04:c300:400::1b3:23316] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.dianadelapava.com"] [uri "/.env.staging"] [unique_id "ajxj6rd3FxOMSWfQZcz0LAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-24 23:01:27 (5 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 16:54:58 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 12:54:51.933820 2026] [security2:error] [pid 1549:tid 1549] [client 2a04:c300:400::1b3:57876] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.tacanicsa.com"] [uri "/.env.old"] [unique_id "ajwL297jDZ0s6EaQ7y5vOgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 16:33:37 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 12:33:32.950120 2026] [security2:error] [pid 8819:tid 8819] [client 2a04:c300:400::1b3:21208] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.alissacaputo.com"] [uri "/.env.local"] [unique_id "ajwG3GRYBk3-R2bhqYHXvwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 13:57:31 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 09:57:26.634088 2026] [security2:error] [pid 18301:tid 18301] [client 2a04:c300:400::1b3:18682] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.bikiniadvice.com"] [uri "/.env"] [unique_id "ajviRll52mbO370CScUGsgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 09:50:47 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 05:50:40.330498 2026] [security2:error] [pid 12130:tid 12130] [client 2a04:c300:400::1b3:34736] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.kristencorley.com"] [uri "/.env"] [unique_id "ajuocII2WcTUhYjSYCuzkwAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 strefapi_com	2026-06-24 09:16:01 (6 days ago)	Brute-force, web ...	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 06:36:23 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 02:36:16.451053 2026] [security2:error] [pid 22918:tid 22918] [client 2a04:c300:400::1b3:9710] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.caddydad.com"] [uri "/.env"] [unique_id "ajt64EmS2zbbqZHxHWBrggAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2026-06-24 05:15:20 (6 days ago)	59 attacks on env grabbing URLs, config grabbing URLs (type 2), password grabbing URLs, VC URLs: GET ... show more 59 attacks on env grabbing URLs, config grabbing URLs (type 2), password grabbing URLs, VC URLs: GET /.env.local.copy HTTP/1.1 GET /application_default_credentials.json HTTP/1.1 GET /.aws/credentials HTTP/1.1 GET /.git/HEAD HTTP/1.1 show less	Hacking
Anonymous	2026-06-23 02:38:53 (1 week ago)	CrowdSec decision: crowdsecurity/http-crawl-non_statics (origin: crowdsec)	Port Scan
🇺🇸 TPI-Abuse	2026-06-23 00:35:20 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 20:35:14.837043 2026] [security2:error] [pid 24037:tid 24037] [client 2a04:c300:400::1b3:59330] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.karohali.chevronparkett.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.karohali.chevronparkett.com"] [uri "/wp-content/debug.log"] [unique_id "ajnUwp_ycnP_A1tJZgbAfgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-23 00:31:38 (1 week ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-22 23:13:03 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b3 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 19:12:54.344199 2026] [security2:error] [pid 28208:tid 28208] [client 2a04:c300:400::1b3:42074] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.midnight-tech.com"] [uri "/.env"] [unique_id "ajnBdpKtCD86ShfEhvMQtQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-22 22:03:17 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21. show less	Web App Attack SSH Hacking

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 45.148.10.147

🇨🇳 223.247.222.47

🇦🇷 186.122.2.66

🇳🇱 176.65.148.158

🇮🇳 122.161.52.241

🇮🇳 110.235.234.124

🇰🇪 102.210.28.35

🇬🇧 37.10.113.218

🇧🇷 24.152.18.116

🇪🇸 194.146.92.22

🇸🇬 193.37.32.183

🇧🇷 187.88.65.153

🇺🇸 172.174.17.234

🇺🇸 170.23.30.88

🇬🇧 154.16.44.50

🇮🇳 152.59.185.188

🇷🇺 141.101.227.30

🇵🇰 103.151.46.103

🇭🇷 82.23.221.143

🇷🇴 80.94.92.55