JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a06:a880:5:2fac::1

2a06:a880:5:2fac::1 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 85%: ?

85%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	STYLISH BY A&L SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	07internet.ro
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a06:a880:5:2fac::1

Whois 2a06:a880:5:2fac::1

IP Abuse Reports for 2a06:a880:5:2fac::1:

This IP address has been reported a total of 27 times from 14 distinct sources. 2a06:a880:5:2fac::1 was first reported on June 18th 2026, and the most recent report was 3 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Viveronese	2026-06-20 00:22:33 (3 minutes ago)	HTTP vulnerability scanning	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-19 22:12:46 (2 hours ago)	2a06:a880:5:2fac::1 - - [20/Jun/2026:01:12:44 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "Mozilla/5 ... show more 2a06:a880:5:2fac::1 - - [20/Jun/2026:01:12:44 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Perplexity-User/1.0; +https://perplexity.ai/perplexity-user" ... show less	Web App Attack
Anonymous	2026-06-19 21:21:06 (3 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-19 20:57:36 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 16:57:30.510206 2026] [security2:error] [pid 31992:tid 31992] [client 2a06:a880:5:2fac::1:42572] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marxistphilosophy.org"] [uri "/.env"] [unique_id "ajWtOqcU_w_K0B5YpwqkowAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Roderic	2026-06-19 20:42:38 (3 hours ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted])	Bad Web Bot
🇪🇸 alferez	2026-06-19 20:21:18 (4 hours ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇦 URAN Publishing Service	2026-06-19 18:57:14 (5 hours ago)	2a06:a880:5:2fac::1 - - [19/Jun/2026:21:57:11 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 ( ... show more 2a06:a880:5:2fac::1 - - [19/Jun/2026:21:57:11 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 2a06:a880:5:2fac::1 - - [19/Jun/2026:21:57:13 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 18:47:37 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:47:33.235656 2026] [security2:error] [pid 24291:tid 24291] [client 2a06:a880:5:2fac::1:38448] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.todi.org"] [uri "/api/.env"] [unique_id "ajWOxaJpE-Y-v7pP4BTBkgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 09:41:27 (14 hours ago)	"GET /.aws/credentials HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 01:42:06 (22 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 21:42:02.955397 2026] [security2:error] [pid 22073:tid 22073] [client 2a06:a880:5:2fac::1:55152] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fydelitybags.com"] [uri "/.env.example"] [unique_id "ajSeapzx800e6J9hDkMzVQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 01:07:54 (23 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 21:07:47.107982 2026] [security2:error] [pid 10722:tid 10722] [client 2a06:a880:5:2fac::1:42244] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "friendlyfarm4fun.com"] [uri "/.env"] [unique_id "ajSWYwQ2n8M0WbnorsAaiAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 london2038.com	2026-06-19 00:22:05 (1 day ago)	Probing for exploits 2a06:a880:5:2fac::1 - - [19/Jun/2026:02:21:54 +0200] "GET /.env HTTP/1.1" 422 0 ... show more Probing for exploits 2a06:a880:5:2fac::1 - - [19/Jun/2026:02:21:54 +0200] "GET /.env HTTP/1.1" 422 0 "-" "Mozilla/5.0 (compatible; Claude-Web/1.0; +https://www.anthropic.com)" 2a06:a880:5:2fac::1 - - [19/Jun/2026:02:22:03 +0200] "GET /.env.example HTTP/1.1" 422 0 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; GPTBot/1.2; +https://openai.com/gptbot" show less	Hacking Web App Attack
🇩🇪 Skyrider	2026-06-19 00:20:55 (1 day ago)	Nginx: HTTP 4xx probe/scan attempts. Automated fail2ban report.	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 23:00:06 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 19:00:02.429652 2026] [security2:error] [pid 1829:tid 1829] [client 2a06:a880:5:2fac::1:38184] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fiestadj.com.mx"] [uri "/.env"] [unique_id "ajR4chUFDZaUzcZxuW7tYwAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 22:09:47 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:2fac::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 18:09:42.200109 2026] [security2:error] [pid 27059:tid 27059] [client 2a06:a880:5:2fac::1:41120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fancyspider.net"] [uri "/.env.production"] [unique_id "ajRspqwpKCePLiQ4X5KAtAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.227

🇳🇱 45.148.10.121

🇧🇷 201.17.133.138

🇸🇪 188.149.83.123

🇧🇷 186.248.197.77

🇩🇪 167.94.146.39

🇺🇸 136.144.35.221

🇺🇸 136.61.40.11

🇮🇳 122.166.49.42

🇺🇸 107.155.48.46

🇳🇱 91.92.40.4

🇬🇧 82.2.229.29

🇺🇸 76.46.29.153

🇳🇱 45.148.10.141

🇸🇬 43.156.61.33

🇬🇧 35.203.211.24

🇳🇱 31.14.32.7

🇳🇱 20.13.123.92

🇻🇳 14.225.7.70

🇺🇸 3.83.245.221