This IP was reported 50 times. Confidence of
Abuse
is 100%: ?
100%
Important Note: Public IPv6 addresses may implement the SLAAC
privacy extension. With this, the interface identifier is randomly generated. The SLAAC
privacy extension also implements a time out, which is configurable, so that the IPv6
interface addresses will be discarded and a new interface identifier is generated.
This IP address has been reported a total of
50
times from
26 distinct
sources.
2a04:c300:400::1b8 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b8 (Unknown): 10 in the last 36 ...
show more(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1b8 (Unknown): 10 in the last 3600 secs
show less
59 attacks on password grabbing URLs, config grabbing URLs (type 2), env grabbing URLs, VC URLs:
GET ...
show more59 attacks on password grabbing URLs, config grabbing URLs (type 2), env grabbing URLs, VC URLs:
GET /.aws/credentials HTTP/1.1
GET /appsettings.json HTTP/1.1
GET /.env.local.backup HTTP/1.1
GET /.git/config HTTP/1.1
show less
(modsecurity) srv103 ModSecurity 2a04:c300:400::1b8 (DE/Germany/-): 10 in the last 3600 secs; Ports: ...
show more(modsecurity) srv103 ModSecurity 2a04:c300:400::1b8 (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ...
show moreDetected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 44. Unique request paths counted internally: 44. Cloudflare action: block. Cloudflare source: firewallCustom.
show less
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-22.
show less
{"level":"info","ts":1782242891.5897996,"logger":"http.log.access.log1","msg":"handled request","req ...
show more{"level":"info","ts":1782242891.5897996,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1b8","remote_port":"64360","client_ip":"2a04:c300:400::1b8","proto":"HTTP/1.1","method":"GET","host":"status.savacoop.rs","uri":"/","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15"]}},"bytes_read":0,"user_id":"","duration":0.00009973,"size":0,"status":308,"resp_headers":{"Connection":["close"],"Location":["https://status.savacoop.rs/"],"Content-Type":[],"Server":["Caddy"]}}
{"level":"info","ts":1782242902.500789,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1b8","remote_port":"62338","client_ip":"2a04:c300:400::1b8","proto":"HTTP/1.1","method":"GET","host":"status.savacoop.rs","uri":"/secrets/gcp-key.json","headers":{"Accept-Language":["en-US,en;q=0.9"],"Accept-Encodi
...
show less
404 burst: 20 hits in 5 min, URI /secrets/gcp-credentials.json, Ref , UA Mozilla/5.0 (Windows NT 10. ...
show more404 burst: 20 hits in 5 min, URI /secrets/gcp-credentials.json, Ref , UA Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0
show less