AbuseIPDB » 2a04:e8c0:12::1d

2a04:e8c0:12::1d was found in our database!

This IP was reported 726 times. Confidence of Abuse is 64%: ?

64%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Oliver Horscht is trading as SYNLINQ
Usage Type	Data Center/Web Hosting/Transit
ASN	AS44486
Hostname(s)	web01.cloudagunt.de
Domain Name	synlinq.de
Country	Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 2a04:e8c0:12::1d

Whois 2a04:e8c0:12::1d

IP Abuse Reports for 2a04:e8c0:12::1d:

This IP address has been reported a total of 726 times from 74 distinct sources. 2a04:e8c0:12::1d was first reported on February 12th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Anonymous	2025-05-10 06:41:13 (1 week ago)	Failed Wordpress Logins	Web App Attack
Anonymous	2025-05-04 07:21:58 (2 weeks ago)	Failed Wordpress Logins	Web App Attack
LRob.fr	2025-04-29 19:30:06 (3 weeks ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
4server	2025-04-29 19:17:28 (3 weeks ago)	[TueApr2921:17:26.1287882025][security2:error][pid1177617:tid1177680][client2a04:e8c0:12::1d:0][clie ... show more[TueApr2921:17:26.1287882025][security2:error][pid1177617:tid1177680][client2a04:e8c0:12::1d:0][client2a04:e8c0:12::1d]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.7\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.gustotondo.ch\"][uri\"/xmlrpc.php\"][unique_id\"aBElxhoMHEmmas2UYGH1hQAAAIM\"] show less	Port Scan Brute-Force Web App Attack
mawan	2025-04-29 18:30:58 (3 weeks ago)	Suspected of having performed illicit activity on LAX server.	Web App Attack
neckaralb-admin.de	2025-04-29 18:29:34 (3 weeks ago)	(wordpress) Failed login wp-login.php or xmlrpc.php	Web App Attack
4server	2025-04-28 19:12:14 (3 weeks ago)	[MonApr2821:12:11.2684922025][security2:error][pid358276:tid358326][client2a04:e8c0:12::1d:0][client ... show more[MonApr2821:12:11.2684922025][security2:error][pid358276:tid358326][client2a04:e8c0:12::1d:0][client2a04:e8c0:12::1d]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.7\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"mail.vg13.ch\"][uri\"/xmlrpc.php\"][unique_id\"aA_TC15Ocpb_GfqhcUzreQAAAFI\"] show less	Port Scan Brute-Force Web App Attack
nv	2025-04-28 18:57:11 (3 weeks ago)	2a04:e8c0:12::1d - - [28/Apr/2025:20:57:09 +0200] "POST /xmlrpc.php HTTP/2.0" 403 162 "-" "Mozilla/5 ... show more2a04:e8c0:12::1d - - [28/Apr/2025:20:57:09 +0200] "POST /xmlrpc.php HTTP/2.0" 403 162 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0" show less	Web App Attack
LRob.fr	2025-04-28 07:00:14 (3 weeks ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
mawan	2025-04-27 20:12:23 (3 weeks ago)	Suspected of having performed illicit activity on LAX server.	Web App Attack
Hazzard	2025-04-27 19:27:05 (3 weeks ago)	(wordpress) Failed wordpress login from 2a04:e8c0:12::1d (DE/Germany/-/-/web01.cloudagunt.de/[redact ... show more(wordpress) Failed wordpress login from 2a04:e8c0:12::1d (DE/Germany/-/-/web01.cloudagunt.de/[redacted]) show less	Brute-Force
Ba-Yu	2025-04-27 19:12:58 (3 weeks ago)	WP-xmlrpc exploit	Web Spam Blog Spam Hacking Exploited Host Web App Attack
4server	2025-04-27 19:03:34 (3 weeks ago)	[SunApr2721:03:27.9616482025][security2:error][pid3369594:tid3369658][client2a04:e8c0:12::1d:0][clie ... show more[SunApr2721:03:27.9616482025][security2:error][pid3369594:tid3369658][client2a04:e8c0:12::1d:0][client2a04:e8c0:12::1d]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.7\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"gruppobalu.com\"][uri\"/xmlrpc.php\"][unique_id\"aA5_fz6Gx8gzRxrJ8NYFwwAAAUA\"] show less	Port Scan Brute-Force Web App Attack
Mangelot Hosting	2025-04-26 18:24:36 (3 weeks ago)	(WPLOGIN) WP Login Attack 2a04:e8c0:12::1d (web01.cloudagunt.de): 5 in the last 3600 secs; Ports: *; ... show more(WPLOGIN) WP Login Attack 2a04:e8c0:12::1d (web01.cloudagunt.de): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
Anonymous	2025-04-25 15:48:21 (3 weeks ago)	Failed Wordpress Logins	Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩