JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a04:c300:400::1c1

2a04:c300:400::1c1 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 62%: ?

62%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	advinservers.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a04:c300:400::1c1

Whois 2a04:c300:400::1c1

IP Abuse Reports for 2a04:c300:400::1c1:

This IP address has been reported a total of 24 times from 9 distinct sources. 2a04:c300:400::1c1 was first reported on June 21st 2026, and the most recent report was 7 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-21 21:29:44 (7 minutes ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 17:29:39.570703 2026] [security2:error] [pid 3254:tid 3254] [client 2a04:c300:400::1c1:33274] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.castagnino.com"] [uri "/.env"] [unique_id "ajhXwy7Q0PNvNaTLH-tSmAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HandyTreff.de	2026-06-21 21:13:27 (23 minutes ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -48.008 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -48.008 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0 show less	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-21 19:16:21 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:16:14.598399 2026] [security2:error] [pid 4042:tid 4042] [client 2a04:c300:400::1c1:16948] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.elevese.com"] [uri "/.env"] [unique_id "ajg4frxBgcdfxWk6YBrO1QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 17:24:24 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:24:21.135750 2026] [security2:error] [pid 23909:tid 23909] [client 2a04:c300:400::1c1:34334] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.k2servicesinc.net"] [uri "/.env.test"] [unique_id "ajgeRfHGJ3HpIAvg40cG0gAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Savvii	2026-06-21 16:38:27 (4 hours ago)	20 attempts against mh-misbehave-ban on ozone	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-06-21 16:27:16 (5 hours ago)	(modsecurity) srv101 ModSecurity 2a04:c300:400::1c1 (DE/Germany/-): 10 in the last 3600 secs; Ports: ... show more (modsecurity) srv101 ModSecurity 2a04:c300:400::1c1 (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 16:02:31 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 12:02:26.392980 2026] [security2:error] [pid 14810:tid 14810] [client 2a04:c300:400::1c1:28914] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.ilanknapp.com"] [uri "/.env"] [unique_id "ajgLEsaPm2IC288Sd2HdogAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 15:32:55 (6 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 11:32:50.191283 2026] [security2:error] [pid 12638:tid 12638] [client 2a04:c300:400::1c1:50716] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.misfitranch.com"] [uri "/.env"] [unique_id "ajgEIrr2M7VyA3UU80RVBQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-21 15:26:09 (6 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 15:11:43 (6 hours ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 11:11:36.636343 2026] [security2:error] [pid 16476:tid 16476] [client 2a04:c300:400::1c1:31278] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ipv6.futureproductionsonline.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ipv6.futureproductionsonline.com"] [uri "/wp-content/debug.log"] [unique_id "ajf_KKcTHFinXFAm4LMqawAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 14:54:00 (6 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 10:53:57.051268 2026] [security2:error] [pid 24499:tid 24499] [client 2a04:c300:400::1c1:46080] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.gransla.com"] [uri "/.env"] [unique_id "ajf7Be5lclAVkoYSHzrF5QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 14:34:22 (7 hours ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 10:34:19.275432 2026] [security2:error] [pid 32217:tid 32217] [client 2a04:c300:400::1c1:43920] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|rgtripane.kmelson.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rgtripane.kmelson.com"] [uri "/wp-content/debug.log"] [unique_id "ajf2a63X4egPp5ulExgYtAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 14:05:44 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 10:05:38.957834 2026] [security2:error] [pid 6678:tid 6678] [client 2a04:c300:400::1c1:19112] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.francisautodetailing.com"] [uri "/.env"] [unique_id "ajfvsj821ITBDxEQAIUQxwAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 updown.io	2026-06-21 14:01:12 (7 hours ago)	{"level":"info","ts":1782048814.3250515,"logger":"http.log.access.log0","msg":"handled request","req ... show more {"level":"info","ts":1782048814.3250515,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1c1","remote_port":"21192","client_ip":"2a04:c300:400::1c1","proto":"HTTP/1.1","method":"GET","host":"e1rl.status.updown.io","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15"],"Accept":["/"],"Accept-Encoding":["gzip"]}},"bytes_read":0,"user_id":"","duration":0.000103828,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://e1rl.status.updown.io/"],"Content-Type":[]}} {"level":"info","ts":1782048818.1987705,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1c1","remote_port":"13052","client_ip":"2a04:c300:400::1c1","proto":"HTTP/1.1","method":"GET","host":"e1rl.status.updown.io","uri":"/.kube/config","headers":{"Accept":["text/html,application/xhtml+xml,appli ... show less	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 13:29:09 (8 hours ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1c1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 09:29:02.526616 2026] [security2:error] [pid 14465:tid 14465] [client 2a04:c300:400::1c1:7976] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cgiaquaticcare.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cgiaquaticcare.com"] [uri "/wp-content/debug.log"] [unique_id "ajfnHjCz25_gbowFdeEg5gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4001:c07::12e

🇨🇳 182.127.1.107

🇩🇪 51.68.178.28

🇺🇸 216.25.89.116

🇧🇪 198.235.24.180

🇷🇴 80.94.92.164

🇺🇸 44.232.31.147

🇮🇩 36.84.112.41

🇬🇧 193.163.125.65

🇳🇱 185.223.235.8

🇮🇳 52.140.76.154

🇺🇸 45.66.210.241

🇺🇸 44.78.125.85

🇬🇧 35.203.210.85

🇺🇸 2600:1f18:3120:f505:49e6:66d1:47f8:4c50

🇮🇩 202.145.0.61

🇦🇺 193.114.134.130

🇺🇸 188.213.202.13

🇩🇪 185.65.202.199

🇰🇷 175.198.62.180