JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a04:c300:400::1f5

2a04:c300:400::1f5 was found in our database!

This IP was reported 62 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	advinservers.com
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a04:c300:400::1f5

Whois 2a04:c300:400::1f5

IP Abuse Reports for 2a04:c300:400::1f5:

This IP address has been reported a total of 62 times from 35 distinct sources. 2a04:c300:400::1f5 was first reported on June 15th 2026, and the most recent report was 53 seconds ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Blexyel	2026-06-17 00:19:35 (53 seconds ago)	2a04:c300:400::1f5 - - [17/Jun/2026:02:19:35 +0200] "GET /.git/config HTTP/1.1" 200 265 "-" "Mozilla ... show more 2a04:c300:400::1f5 - - [17/Jun/2026:02:19:35 +0200] "GET /.git/config HTTP/1.1" 200 265 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1" "pingusmc.org" ... show less	Brute-Force Web App Attack
🇩🇪 maxpower	2026-06-16 23:48:42 (31 minutes ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a04:c300:400::1f5 (US/United States/-): ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a04:c300:400::1f5 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2a04:c300:400::1f5 - - [17/Jun/2026:01:48:37 +0200] "GET /.aws/credentials HTTP/1.1" 404 355 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15" "-" host=ipv6.tecnousatopescara.it 2a04:c300:400::1f5 - - [17/Jun/2026:01:48:37 +0200] "GET /secrets.json HTTP/1.1" 404 355 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" "-" host=ipv6.tecnousatopescara.it show less	Port Scan
🇳🇱 Site.eu	2026-06-16 22:26:05 (1 hour ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 updown.io	2026-06-16 22:24:47 (1 hour ago)	{"level":"info","ts":1781648683.859193,"logger":"http.log.access.log1","msg":"handled request","requ ... show more {"level":"info","ts":1781648683.859193,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1f5","remote_port":"1294","client_ip":"2a04:c300:400::1f5","proto":"HTTP/1.1","method":"GET","host":"updown.barmaton.nl","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0"],"Accept":["/"],"Accept-Encoding":["gzip"]}},"bytes_read":0,"user_id":"","duration":0.000075714,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://updown.barmaton.nl/"],"Content-Type":[]}} {"level":"info","ts":1781648687.0491471,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"2a04:c300:400::1f5","remote_port":"27172","client_ip":"2a04:c300:400::1f5","proto":"HTTP/1.1","method":"GET","host":"updown.barmaton.nl","uri":"/config.json","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrom ... show less	DDoS Attack Web App Attack
🇨🇭 Ribeye375	2026-06-16 20:45:49 (3 hours ago)	HIPS web-exfiltration - Block tcp/0:65535	Web App Attack
🇩🇪 kkwemi	2026-06-16 19:26:34 (4 hours ago)	Blocked by block-exploit-paths on /wp-content/debug.log	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-16 19:11:31 (5 hours ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1f5 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1f5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 15:11:22.965831 2026] [security2:error] [pid 6179:tid 6179] [client 2a04:c300:400::1f5:57196] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.indoorsfinishing.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.indoorsfinishing.com"] [uri "/wp-content/debug.log"] [unique_id "ajGf2j0wHMavjaH0D8xRHAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 YF	2026-06-16 19:01:07 (5 hours ago)	WordPress directory enumeration	Web App Attack
🇺🇸 Al Coholic	2026-06-16 18:45:25 (5 hours ago)	Automated report (2026-06-17T06:45:25+12:00). Caught probing for env file.	Hacking Web App Attack
🇺🇸 Rocky Mountain Bioengineering Symposium	2026-06-16 18:01:03 (6 hours ago)	2a04:c300:400::1f5 - - [16/Jun/2026:12:01:03 -0600] "GET /.git/config HTTP/1.1" 301 7239 "-" "Mozill ... show more 2a04:c300:400::1f5 - - [16/Jun/2026:12:01:03 -0600] "GET /.git/config HTTP/1.1" 301 7239 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" ... show less	Web App Attack
🇨🇦 john doe	2026-06-16 16:08:27 (8 hours ago)	SentinelBot: Env File Hunting, Backup File Hunt (score: 73)	Bad Web Bot
🇫🇷 debaba	2026-06-16 14:39:07 (9 hours ago)	[16/Jun/2026:14:39:05.784144 +0000] ajFgCaKwW3kXpbRZNYYdywAAAI4 2a04:c300:400::1f5 47638 127.0.0.1 7 ... show more [16/Jun/2026:14:39:05.784144 +0000] ajFgCaKwW3kXpbRZNYYdywAAAI4 2a04:c300:400::1f5 47638 127.0.0.1 7081 [16/Jun/2026:14:39:06.846272 +0000] ajFgCmtJfI ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 12:58:49 (11 hours ago)	(mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1f5 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 2a04:c300:400::1f5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 08:58:44.855773 2026] [security2:error] [pid 20826:tid 20826] [client 2a04:c300:400::1f5:49746] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dbanetwork.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dbanetwork.net"] [uri "/wp-content/debug.log"] [unique_id "ajFIhATnoe4zaIZ8L6d4bgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 pltcldvlpr	2026-06-16 12:52:17 (11 hours ago)	CMS/framework probe: 2a04:c300:400::1f5 - - [16/Jun/2026:14:52:16 +0200] "GET /.env.test HTTP/1.1" 5 ... show more CMS/framework probe: 2a04:c300:400::1f5 - - [16/Jun/2026:14:52:16 +0200] "GET /.env.test HTTP/1.1" 500 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0" asn=- org="-" country=DE ... show less	Web App Attack
🇳🇱 Mangelot Hosting	2026-06-16 12:38:35 (11 hours ago)	(modsecurity) srv201 ModSecurity 2a04:c300:400::1f5 (DE/Germany/-): 10 in the last 3600 secs; Ports: ... show more (modsecurity) srv201 ModSecurity 2a04:c300:400::1f5 (DE/Germany/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack

Showing 1 to 15 of 62 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.42

🇸🇪 171.25.158.28

🇯🇵 124.155.125.131

🇺🇸 67.20.132.65

🇺🇸 47.251.13.59

🇺🇸 45.79.149.61

🇬🇧 35.203.210.24

🇮🇩 34.101.248.224

🇩🇪 213.209.159.56

🇧🇷 179.228.54.137

🇺🇸 150.107.38.176

🇺🇸 147.185.132.129

🇳🇱 138.226.239.10

🇨🇳 109.244.96.121

🇨🇳 106.75.189.197

🇨🇳 106.75.157.47

🇨🇳 106.37.72.234

🇫🇷 85.217.140.12

🇩🇪 69.5.169.173

🇺🇸 66.132.195.19