This IP was reported 64 times. Confidence of
Abuse
is 100%: ?
100%
Important Note: Public IPv6 addresses may implement the SLAAC
privacy extension. With this, the interface identifier is randomly generated. The SLAAC
privacy extension also implements a time out, which is configurable, so that the IPv6
interface addresses will be discarded and a new interface identifier is generated.
This IP address has been reported a total of
64
times from
33 distinct
sources.
2a04:c300:400::1e9 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
{"level":"info","ts":1781829836.317462,"logger":"http.log.access.log0","msg":"handled request","requ ...
show more{"level":"info","ts":1781829836.317462,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1e9","remote_port":"32126","client_ip":"2a04:c300:400::1e9","proto":"HTTP/1.1","method":"GET","host":"wstu.status.updown.io","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"],"Accept":["*/*"],"Accept-Encoding":["gzip"]}},"bytes_read":0,"user_id":"","duration":0.000074863,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://wstu.status.updown.io/"],"Content-Type":[]}}
{"level":"info","ts":1781829839.0054793,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1e9","remote_port":"8554","client_ip":"2a04:c300:400::1e9","proto":"HTTP/1.1","method":"GET","host":"wstu.status.updown.io","uri":"/public/.env","headers":{"Accept-Language":["en-US,en;q=0.9"],"Accept-Encoding":["
...
show less
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-17.
show less
Web App Attack
SSH
Hacking
Anonymous
[Thu Jun 18 22:52:28.606741 2026] [access_compat:error] [pid 1265529:tid 128103019960000] [client 2a ...
show more[Thu Jun 18 22:52:28.606741 2026] [access_compat:error] [pid 1265529:tid 128103019960000] [client 2a04:c300:400::1e9:56788] AH01797: client denied by server configuration: /var/www/nextcloud/config/production.json, referer: https://mesh.dornberger.it/config/production.json
[Thu Jun 18 22:52:28.877258 2026] [access_compat:error] [pid 1265529:tid 128103268525760] [client 2a04:c300:400::1e9:57382] AH01797: client denied by server configuration: /var/www/nextcloud/config/gcp.json, referer: https://mesh.dornberger.it/config/gcp.json
[Thu Jun 18 22:52:28.888123 2026] [access_compat:error] [pid 1265501:tid 128103251723968] [client 2a04:c300:400::1e9:57364] AH01797: client denied by server configuration: /var/www/nextcloud/config/gcp-credentials.json, referer: https://mesh.dornberger.it/config/gcp-credentials.json
[Thu Jun 18 22:52:28.888409 2026] [access_compat:error] [pid 1265502:tid 128102600521408] [client 2a04:c300:400::1e9:57300] AH01797: client denied by server configuration: /var/www/n
...
show less