JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a06:a880:5:60c5::1

2a06:a880:5:60c5::1 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	STYLISH BY A&L SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	07internet.ro
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a06:a880:5:60c5::1

Whois 2a06:a880:5:60c5::1

IP Abuse Reports for 2a06:a880:5:60c5::1:

This IP address has been reported a total of 29 times from 19 distinct sources. 2a06:a880:5:60c5::1 was first reported on June 19th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-22 22:03:08 (1 day ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21. show less	Web App Attack SSH Hacking
🇳🇱 e.fierstra	2026-06-21 17:38:38 (2 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 AetherFox	2026-06-21 15:48:39 (2 days ago)	AetherFox VoidGuard detected: [Sun Jun 21 15:48:36.978060 2026] [authz_core:error] [pid 1554627:tid ... show more AetherFox VoidGuard detected: [Sun Jun 21 15:48:36.978060 2026] [authz_core:error] [pid 1554627:tid 1554634] [client 2a06:a880:5:60c5::1:47006] AH01630: client denied by server configuration: proxy:https://[MASKED]/wp-content/debug.log [Sun Jun 21 15:48:36.979066 2026] [authz_core:error] [pid 1554627:tid 1554661] [client 2a06:a880:5:60c5::1:47050] AH01630: client denied by server configuration: proxy:https://[MASKED]/.env [Sun Jun 21 15:48:38.416155 2026] [authz_core:error] [pid 1554627:tid 1554641] [client 2a06:a880:5:60c5::1:47022] AH01630: client denied by server configuration: proxy:https://[MASKED]/.aws/credentials [Sun Jun 21 15:48:38.577638 2026] [authz_core:error] [pid 1554627:tid 1554637] [client 2a06:a880:5:60c5::1:47034] AH01630: client denied by server configuration: proxy:https://[MASKED]/secrets.yml [Sun Jun 21 15:48:38.577698 2026] [authz_core:error] [pid 1554627:tid 1554636] [client 2a06:a880:5:60c5::1:47030] AH01630: client denied by ser ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 23:24:31 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 19:24:27.482096 2026] [security2:error] [pid 27892:tid 27896] [client 2a06:a880:5:60c5::1:42760] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.julianositalianrestaurant.com"] [uri "/.env"] [unique_id "ajchK-HOP9cPCqT5QjneKQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Aetherweb Ark	2026-06-20 22:39:17 (3 days ago)	(mod_security) mod_security (id:949110) triggered by 2a06:a880:5:60c5::1 (Unknown): N in the last X ... show more (mod_security) mod_security (id:949110) triggered by 2a06:a880:5:60c5::1 (Unknown): N in the last X secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 21:33:54 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 17:33:49.642707 2026] [security2:error] [pid 24778:tid 24778] [client 2a06:a880:5:60c5::1:46452] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tulsatvmemories.com"] [uri "/.env.example"] [unique_id "ajcHPUr8mWFOHKQDug5ACAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 19:50:27 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 15:50:17.981418 2026] [security2:error] [pid 30853:tid 30878] [client 2a06:a880:5:60c5::1:42674] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "officialseniorworldgolfranking.com"] [uri "/api/.env"] [unique_id "ajbu-TEw3cJ-7Mht-SrbIAAAAM4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 18:49:10 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 14:49:05.652537 2026] [security2:error] [pid 4755:tid 4755] [client 2a06:a880:5:60c5::1:50036] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "backstore.com"] [uri "/.env"] [unique_id "ajbgoSOs8BnonAx_8zOKHgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-20 18:32:01 (3 days ago)	2a06:a880:5:60c5::1 - - [20/Jun/2026:21:32:01 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 ( ... show more 2a06:a880:5:60c5::1 - - [20/Jun/2026:21:32:01 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" 2a06:a880:5:60c5::1 - - [20/Jun/2026:21:32:01 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" ... show less	Web App Attack
🇩🇪 tinect	2026-06-20 16:13:08 (3 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇩🇪 maxpower	2026-06-20 15:58:33 (3 days ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a06:a880:5:60c5::1 (-): 2 in the last 3 ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a06:a880:5:60c5::1 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2a06:a880:5:60c5::1 - - [20/Jun/2026:17:58:30 +0200] "GET /secrets.yml HTTP/2.0" 404 13321 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" "2a06:a880:5:60c5::1" host=centrolarca.eu 2a06:a880:5:60c5::1 - - [20/Jun/2026:17:58:30 +0200] "GET /.aws/credentials HTTP/2.0" 404 13321 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" "2a06:a880:5:60c5::1" host=centrolarca.eu show less	Port Scan
🇩🇪 macrob	2026-06-20 10:26:22 (3 days ago)	2026/06/20 10:26:20 [error] 3184354#3184354: 318476182 access forbidden by rule, client: 2a06:a880: ... show more 2026/06/20 10:26:20 [error] 3184354#3184354: 318476182 access forbidden by rule, client: 2a06:a880:5:60c5::1, server: fn.binixo.es, request: "GET /.env HTTP/2.0", host: "www.fastcredit.net.ua" 2026/06/20 10:26:20 [error] 3184355#3184355: 318476183 access forbidden by rule, client: 2a06:a880:5:60c5::1, server: fn.binixo.es, request: "GET /api/.env HTTP/2.0", host: "www.fastcredit.net.ua" 2026/06/20 10:26:20 [error] 3184355#3184355: 318476184 access forbidden by rule, client: 2a06:a880:5:60c5::1, server: fn.binixo.es, request: "GET /.aws/credentials HTTP/2.0", host: "www.fastcredit.net.ua" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 10:11:00 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:60c5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 06:10:54.259869 2026] [security2:error] [pid 21982:tid 21982] [client 2a06:a880:5:60c5::1:49342] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "namefinder.com"] [uri "/.env.backup"] [unique_id "ajZnLmdlNZOLWcqXUfv0TAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ghostwarriors	2026-06-20 08:50:23 (3 days ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ksol-hostmaster	2026-06-20 08:46:10 (3 days ago)	2026/06/20 10:46:09 [error] 99010#161421: 2140576 limiting requests, excess: 0.882 by zone "crawler ... show more 2026/06/20 10:46:09 [error] 99010#161421: 2140576 limiting requests, excess: 0.882 by zone "crawler", client: 2a06:a880:5:60c5::1, server: crxforum.ksol.io, request: "GET /.env.local HTTP/2.0", host: "crxforum.ksol.io" ... show less	Bad Web Bot

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 193.176.31.201

🇮🇷 193.151.133.105

🇺🇸 170.106.105.73

🇺🇸 147.185.132.132

🇨🇳 101.76.248.214

🇺🇸 45.3.62.134

🇨🇱 201.219.236.114

🇺🇸 191.102.187.107

🇵🇱 188.146.156.97

🇹🇭 182.232.184.39

🇵🇹 178.166.99.1

🇺🇸 172.253.85.245

🇺🇸 162.216.149.246

🇻🇳 103.129.127.244

🇺🇸 65.111.5.232

🇱🇹 45.227.254.170

🇬🇧 45.82.76.108

🇧🇷 205.210.31.177

🇮🇳 203.190.153.90

🇳🇱 193.176.31.250