JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a04:c300:400::1ba

2a04:c300:400::1ba was found in our database!

This IP was reported 36 times. Confidence of Abuse is 62%: ?

62%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	advinservers.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a04:c300:400::1ba

Whois 2a04:c300:400::1ba

IP Abuse Reports for 2a04:c300:400::1ba:

This IP address has been reported a total of 36 times from 11 distinct sources. 2a04:c300:400::1ba was first reported on June 21st 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-23 23:39:59 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 19:39:53.292081 2026] [security2:error] [pid 14081:tid 14081] [client 2a04:c300:400::1ba:14382] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.gocdt.com"] [uri "/web/.env"] [unique_id "ajsZSaNceYQkNEVyL2q8BwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 14:15:49 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 10:15:45.000358 2026] [security2:error] [pid 10045:tid 10045] [client 2a04:c300:400::1ba:3140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.boliviapuertapuerta.com"] [uri "/app/.env"] [unique_id "ajqVERdf6qxqNgRlt-CpYgAAAC0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Hazzard	2026-06-23 09:57:14 (6 days ago)	(mod_security) mod_security triggered on hostname [redacted]): (CF_ENABLE)	SQL Injection
🇳🇱 e.fierstra	2026-06-23 06:42:04 (6 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-06-23 05:34:41 (6 days ago)	(modsecurity) srv102 ModSecurity 2a04:c300:400::1ba (DE/Germany/-): 10 in the last 3600 secs; Ports: ... show more (modsecurity) srv102 ModSecurity 2a04:c300:400::1ba (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 03:52:10 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 23:52:06.780590 2026] [security2:error] [pid 5134:tid 5161] [client 2a04:c300:400::1ba:61688] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.johnritter.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.johnritter.net"] [uri "/wp-content/debug.log"] [unique_id "ajoC5rLsKU7ho4Zffo3ehAAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-23 03:10:44 (1 week ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 23:25:19 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 19:25:14.685980 2026] [security2:error] [pid 2230:tid 2230] [client 2a04:c300:400::1ba:3082] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.cain2012.org\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.cain2012.org"] [uri "/wp-content/debug.log"] [unique_id "ajnEWhIvK3xOMf_YXjTrAwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 22:37:01 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 18:36:57.592709 2026] [security2:error] [pid 18812:tid 18812] [client 2a04:c300:400::1ba:53234] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|wbcsnet.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wbcsnet.com"] [uri "/wp-content/debug.log"] [unique_id "ajm5CfkCM-vof1Nls0mDrwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-22 22:03:44 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-22 21:50:23 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 17:50:16.582219 2026] [security2:error] [pid 32440:tid 32440] [client 2a04:c300:400::1ba:14512] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.pointillistic.com"] [uri "/.env"] [unique_id "ajmuGFbjHmu_8Ve29b7i3gAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 21:06:36 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 17:06:28.289847 2026] [security2:error] [pid 2676:tid 2676] [client 2a04:c300:400::1ba:5756] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.davidnevue.com"] [uri "/.env.local"] [unique_id "ajmj1P2g8FtliJFHizwjqgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 20:10:38 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 16:10:31.589971 2026] [security2:error] [pid 10091:tid 10091] [client 2a04:c300:400::1ba:2142] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ballast-capital.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ballast-capital.com"] [uri "/wp-content/debug.log"] [unique_id "ajmWtxg3XHMVNSwd0dU-mAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 19:11:13 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ba (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 15:11:05.587826 2026] [security2:error] [pid 15377:tid 15377] [client 2a04:c300:400::1ba:23662] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.texaslawman.net"] [uri "/.env.development"] [unique_id "ajmIycHamU2-q1UUubGkcgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dbmwebdesign	2026-06-22 19:05:16 (1 week ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 183.91.11.36

🇨🇳 223.145.117.92

🇨🇳 221.224.194.3

🇨🇳 218.25.89.208

🇺🇸 207.58.173.176

🇮🇩 202.51.214.99

🇧🇷 201.77.172.239

🇧🇷 200.229.87.164

🇺🇸 196.197.25.34

🇭🇰 118.193.38.134

🇻🇳 116.101.123.227

🇸🇬 114.119.159.8

🇺🇸 104.22.20.171

🇳🇱 91.92.40.231

🇨🇦 85.217.149.12

🇩🇪 84.118.73.172

🇨🇳 61.157.98.99

🇨🇳 47.93.192.43

🇻🇳 45.119.212.99

🇰🇷 43.166.7.113