JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a04:c300:400::1df

2a04:c300:400::1df was found in our database!

This IP was reported 48 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	advinservers.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a04:c300:400::1df

Whois 2a04:c300:400::1df

IP Abuse Reports for 2a04:c300:400::1df:

This IP address has been reported a total of 48 times from 19 distinct sources. 2a04:c300:400::1df was first reported on June 20th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-22 02:30:11 (2 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇳🇱 e.fierstra	2026-06-22 02:06:42 (2 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇳🇴 Abuse Buster	2026-06-22 01:43:24 (2 hours ago)	2a04:c300:400::1df - [22/Jun/2026:03:43:19 +0200] "GET /wp-content/debug.log HTTP/2.0" 404 4944 "-" ... show more 2a04:c300:400::1df - [22/Jun/2026:03:43:19 +0200] "GET /wp-content/debug.log HTTP/2.0" 404 4944 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" Connecting ip: 2a04:c300:400::1df Forwared for: 2a04:c300:400::1df 2a04:c300:400::1df - [22/Jun/2026:03:43:21 +0200] "GET /firebase_credentials.json HTTP/2.0" 404 4944 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" Connecting ip: 2a04:c300:400::1df Forwared for: 2a04:c300:400::1df 2a04:c300:400::1df - [22/Jun/2026:03:43:21 +0200] "GET /google-cloud.json HTTP/2.0" 404 4944 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" Connecting ip: 2a04:c300:400::1df Forwared for: 2a04:c300:400::1df 2a04:c300:400::1df - [22/Jun/2026:03:43:21 +0200] "GET /.kube/config HTTP/2.0" 403 146 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/15 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 01:21:35 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 21:21:31.744919 2026] [security2:error] [pid 5342:tid 5342] [client 2a04:c300:400::1df:17630] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.guldunyayayinlari.com"] [uri "/.env.test"] [unique_id "ajiOG0746bvA30GDHGy-PwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-06-22 01:10:03 (3 hours ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇳🇱 SysAdmin Dylan	2026-06-22 01:07:31 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1df (Unknown): 10 in the last 36 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1df (Unknown): 10 in the last 3600 secs show less	Brute-Force
Anonymous	2026-06-22 00:37:10 (3 hours ago)	2a04:c300:400::1df - - [21/Jun/2026:21:37:07 -0300] "GET /wp-content/debug.log HTTP/1.1" 404 870 "-" ... show more 2a04:c300:400::1df - - [21/Jun/2026:21:37:07 -0300] "GET /wp-content/debug.log HTTP/1.1" 404 870 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 2a04:c300:400::1df - - [21/Jun/2026:21:37:08 -0300] "GET /api/client_secret.json HTTP/1.1" 404 870 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0" 2a04:c300:400::1df - - [21/Jun/2026:21:37:08 -0300] "GET /config.json HTTP/1.1" 404 870 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 2a04:c300:400::1df - - [21/Jun/2026:21:37:08 -0300] "GET /.env HTTP/1.1" 403 874 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15" 2a04:c300:400::1df - - [21/Jun/2026:21:37:08 -0300] "GET /src/.env HTTP/1.1" 403 874 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/14 ... show less	Port Scan
🇬🇧 venus.launch.bz	2026-06-21 23:59:37 (4 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 2a04:c300:400::1df (Unknown)	SQL Injection
🇳🇱 homeshowdomain.nl	2026-06-21 22:01:58 (6 hours ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-20. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-21 21:23:17 (7 hours ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 17:23:14.496305 2026] [security2:error] [pid 9198:tid 9198] [client 2a04:c300:400::1df:58314] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.captainquirks.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.captainquirks.com"] [uri "/wp-content/debug.log"] [unique_id "ajhWQkGQFbnFwoostyPC5wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-21 19:47:54 (8 hours ago)	[SunJun2121:47:50.3150912026][security2:error][pid961248:tid961269][client2a04:c300:400::1df:0]ModSe ... show more [SunJun2121:47:50.3150912026][security2:error][pid961248:tid961269][client2a04:c300:400::1df:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"elyon2.ch\"][uri\"/wp-content/debug.log\"][unique_id\"ajg_5hEDcpGPBZq8Egn8cwAAAFI\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 17:55:50 (10 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:55:42.548901 2026] [security2:error] [pid 3504:tid 3504] [client 2a04:c300:400::1df:7010] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.tritec.com.gt"] [uri "/src/.env"] [unique_id "ajglngavuYGf815y-_58RQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 17:35:13 (10 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:35:08.654249 2026] [security2:error] [pid 4591:tid 4591] [client 2a04:c300:400::1df:18590] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.usfspirit.com"] [uri "/.env.local"] [unique_id "ajggzMhA-gt6kpHRt2XOlQAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 15:52:11 (12 hours ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1df (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 11:52:05.071040 2026] [security2:error] [pid 8487:tid 8487] [client 2a04:c300:400::1df:17416] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ipv6.aangfl.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ipv6.aangfl.com"] [uri "/wp-content/debug.log"] [unique_id "ajgIpfPYN-xhaUtrvkdvdwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 updown.io	2026-06-21 15:31:12 (13 hours ago)	{"level":"info","ts":1782054928.1560395,"logger":"http.log.access.log0","msg":"handled request","req ... show more {"level":"info","ts":1782054928.1560395,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1df","remote_port":"51402","client_ip":"2a04:c300:400::1df","proto":"HTTP/1.1","method":"GET","host":"ncef.status.updown.io","uri":"/","headers":{"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"],"Accept":["/"]}},"bytes_read":0,"user_id":"","duration":0.000103408,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://ncef.status.updown.io/"],"Content-Type":[]}} {"level":"info","ts":1782054934.0744243,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1df","remote_port":"37150","client_ip":"2a04:c300:400::1df","proto":"HTTP/1.1","method":"GET","host":"ncef.status.updown.io","uri":"/appsettings.Development.json","headers":{"User-Agent":["Mozilla/5.0 (X11; ... show less	DDoS Attack Web App Attack

Showing 1 to 15 of 48 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 114.31.178.164

🇺🇸 66.132.195.105

🇺🇸 35.153.178.114

🇺🇸 20.64.105.115

🇺🇸 2607:f8b0:4004:1007::12d

🇧🇷 205.210.31.206

🇧🇷 185.100.215.213

🇧🇷 170.0.62.165

🇨🇳 124.88.174.143

🇻🇳 123.20.225.211

🇭🇰 118.26.39.178

🇮🇩 103.31.39.143

🇳🇱 81.19.216.82

🇺🇸 69.73.187.130

🇩🇪 43.228.157.8

🇸🇦 188.53.188.130

🇺🇸 172.236.228.39

🇭🇰 124.156.129.246

🇧🇷 69.6.251.43

🇳🇱 45.198.224.136