JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a04:c300:400::1ef

2a04:c300:400::1ef was found in our database!

This IP was reported 61 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	advinservers.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a04:c300:400::1ef

Whois 2a04:c300:400::1ef

IP Abuse Reports for 2a04:c300:400::1ef:

This IP address has been reported a total of 61 times from 29 distinct sources. 2a04:c300:400::1ef was first reported on June 17th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-19 09:44:06 (2 days ago)	Multiple WAF Violations	Web App Attack
🇬🇧 Mendip_Defender	2026-06-19 01:31:04 (2 days ago)	[19/Jun/2026:02:30:57.461526 +0100] ajSb0bMCleA9cukXxPo2VgAAAA4 2a04:c300:400::1ef 33442 2a03:9800:1 ... show more [19/Jun/2026:02:30:57.461526 +0100] ajSb0bMCleA9cukXxPo2VgAAAA4 2a04:c300:400::1ef 33442 2a03:9800:10:1a0::2 7080 [19/Jun/2026:02:30:59.078019 +0100] ajSb06wOObwmMEqC2J2VrQAAAFU 2a04:c300:400::1ef 33802 2a03:9800:10:1a0::2 7080 ... show less	Brute-Force
🇫🇷 Baking333	2026-06-18 23:01:28 (2 days ago)	[redacted] 2a04:c300:400::1ef - - [18/Jun/2026:23:28:48 +0100] "GET / HTTP/1.1" 200 8273 0/475332 "h ... show more [redacted] 2a04:c300:400::1ef - - [18/Jun/2026:23:28:48 +0100] "GET / HTTP/1.1" 200 8273 0/475332 "https://[redacted]/.[redacted]" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1" [redacted] 2a04:c300:400::1ef - - [18/Jun/2026:23:28:48 +0100] "GET / HTTP/1.1" 200 8277 0/512971 "https://[redacted]/.aws/credentials" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" show less	Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-18 22:28:47 (2 days ago)	[redacted] 2a04:c300:400::1ef - - [18/Jun/2026:23:28:43 +0100] "GET /wp-content/[redacted] HTTP/1.1" ... show more [redacted] 2a04:c300:400::1ef - - [18/Jun/2026:23:28:43 +0100] "GET /wp-content/[redacted] HTTP/1.1" 302 5268 0/95963 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0" [redacted] 2a04:c300:400::1ef - - [18/Jun/2026:23:28:45 +0100] "GET /web/.env HTTP/1.1" 302 5268 0/148333 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0" show less	Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-18 22:00:00 (2 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-17. show less	Web App Attack SSH Hacking
Anonymous	2026-06-18 18:10:22 (2 days ago)	2a04:c300:400::1ef - - [18/Jun/2026:18:10:21 +0000] "GET /wp-content/debug.log HTTP/1.1" 404 34273 " ... show more 2a04:c300:400::1ef - - [18/Jun/2026:18:10:21 +0000] "GET /wp-content/debug.log HTTP/1.1" 404 34273 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0" ... show less	Bad Web Bot Web App Attack
🇩🇪 Gwyneth Llewelyn	2026-06-18 15:16:15 (2 days ago)	2026/06/18 16:16:14 [error] 1929836#1929836: 2978167 access forbidden by rule, client: 2a04:c300:40 ... show more 2026/06/18 16:16:14 [error] 1929836#1929836: 2978167 access forbidden by rule, client: 2a04:c300:400::1ef, server: webapp.gwynethllewelyn.net, request: "GET /web/.env HTTP/1.1", host: "webapp.gwynethllewelyn.net" 2026/06/18 16:16:14 [error] 1929836#1929836: 2978150 access forbidden by rule, client: 2a04:c300:400::1ef, server: webapp.gwynethllewelyn.net, request: "GET /.env HTTP/1.1", host: "webapp.gwynethllewelyn.net" 2026/06/18 16:16:14 [error] 1929837#1929837: 2978231 access forbidden by rule, client: 2a04:c300:400::1ef, server: webapp.gwynethllewelyn.net, request: "GET /public/.env HTTP/1.1", host: "webapp.gwynethllewelyn.net" show less	Brute-Force Web App Attack
🇩🇪 YF	2026-06-18 14:00:09 (2 days ago)	404 errors Vulnerability scan	Web App Attack
🇳🇱 e.fierstra	2026-06-18 12:48:10 (2 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-06-18 11:12:14 (2 days ago)	(modsecurity) srv103 ModSecurity 2a04:c300:400::1ef (DE/Germany/-): 10 in the last 3600 secs; Ports: ... show more (modsecurity) srv103 ModSecurity 2a04:c300:400::1ef (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇳🇱 SysAdmin Dylan	2026-06-18 10:02:10 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ef (Unknown): 10 in the last 36 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ef (Unknown): 10 in the last 3600 secs show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-18 09:51:20 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ef (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ef (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 05:51:15.790234 2026] [security2:error] [pid 16699:tid 16699] [client 2a04:c300:400::1ef:29750] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.deanandolsek.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.deanandolsek.com"] [uri "/wp-content/debug.log"] [unique_id "ajO_k2hxGbtDW5aztp4AEAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 08:37:48 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ef (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a04:c300:400::1ef (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 04:37:44.320040 2026] [security2:error] [pid 9774:tid 9774] [client 2a04:c300:400::1ef:39594] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.b9k9.com"] [uri "/.env.test"] [unique_id "ajOuWNDvw9qZt2oMtdL71wAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 07:27:56 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ef (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1ef (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 03:27:49.079904 2026] [security2:error] [pid 18555:tid 18555] [client 2a04:c300:400::1ef:30720] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.rentaroller.com.au\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.rentaroller.com.au"] [uri "/wp-content/debug.log"] [unique_id "ajOd9cuqBbeXkC0nbpE2AAAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 antivoid.xyz	2026-06-18 07:27:39 (3 days ago)		Brute-Force Web App Attack

Showing 1 to 15 of 61 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 141.11.88.20

🇺🇸 138.197.204.198

🇹🇷 85.103.111.163

🇧🇷 187.16.96.250

🇳🇱 176.65.139.216

🇺🇸 117.55.229.156

🇳🇱 93.123.72.183

🇳🇱 88.210.63.69

🇲🇽 46.250.172.178

🇺🇬 41.210.155.254

🇺🇸 34.228.104.231

🇺🇸 216.25.89.141

🇺🇸 167.99.148.102

🇮🇳 139.59.6.60

🇨🇳 120.76.158.232

🇭🇰 118.193.35.202

🇻🇳 113.187.149.210

🇩🇪 64.89.163.245

🇧🇷 45.205.1.73

🇳🇱 45.148.10.141