JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a06:a880:5:74ca::1

2a06:a880:5:74ca::1 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 66%: ?

66%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	STYLISH BY A&L SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	07internet.ro
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a06:a880:5:74ca::1

Whois 2a06:a880:5:74ca::1

IP Abuse Reports for 2a06:a880:5:74ca::1:

This IP address has been reported a total of 16 times from 10 distinct sources. 2a06:a880:5:74ca::1 was first reported on June 18th 2026, and the most recent report was 11 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 22:04:29 (11 minutes ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 18:04:25.564413 2026] [security2:error] [pid 16260:tid 16260] [client 2a06:a880:5:74ca::1:46884] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "suffe.cool"] [uri "/.env.example"] [unique_id "ajRraeTdmfwQ2JSD5R0dSgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 21:39:16 (36 minutes ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:39:12.367182 2026] [security2:error] [pid 6778:tid 6778] [client 2a06:a880:5:74ca::1:51210] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "strawberryhillchristmas.com"] [uri "/.env.example"] [unique_id "ajRlgCR1BnBMKoMZmtDbBgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 21:21:18 (54 minutes ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:21:11.687873 2026] [security2:error] [pid 20019:tid 20019] [client 2a06:a880:5:74ca::1:52332] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stonehillpolicies.myomni.us"] [uri "/.env.example"] [unique_id "ajRhR74TCJv9aVchIXaDwgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-18 20:08:33 (2 hours ago)	2a06:a880:5:74ca::1 - - [18/Jun/2026:23:08:30 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 A ... show more 2a06:a880:5:74ca::1 - - [18/Jun/2026:23:08:30 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Perplexity-User/1.0; +https://perplexity.ai/perplexity-user" 2a06:a880:5:74ca::1 - - [18/Jun/2026:23:08:30 +0300] "GET /api/.env HTTP/1.1" 404 689 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 19:51:44 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 15:51:40.243720 2026] [security2:error] [pid 32688:tid 32688] [client 2a06:a880:5:74ca::1:54866] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "southernreader.com"] [uri "/.env"] [unique_id "ajRMTPuvKefxdfOJO4qfowAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-18 19:45:04 (2 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-18 17:46:14 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 13:46:10.183088 2026] [security2:error] [pid 5580:tid 5580] [client 2a06:a880:5:74ca::1:49310] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "silvermoonpizza.com"] [uri "/.env"] [unique_id "ajQu4keBg-pFFFW3uKeR9gAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 kumiko	2026-06-18 17:37:24 (4 hours ago)	[2026-06-18 20:37:22] User-Agent Spoofing (6 unique User-Agent strings from the same IP address with ... show more [2026-06-18 20:37:22] User-Agent Spoofing (6 unique User-Agent strings from the same IP address within 0 seconds) show less	Bad Web Bot
Anonymous	2026-06-18 17:07:14 (5 hours ago)	[Drupal AbuseIPDB module] Request path is blacklisted. /.env.bak	Web App Attack
🇩🇪 Ba-Yu	2026-06-18 15:59:14 (6 hours ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇳🇿 realstuffie	2026-06-18 15:22:11 (6 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/appsec-vpatch	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 14:47:36 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 10:47:31.101944 2026] [security2:error] [pid 28833:tid 28833] [client 2a06:a880:5:74ca::1:34518] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scatchellsbeefstand.com"] [uri "/.env.example"] [unique_id "ajQFA50e5DKZcryb-ErfjQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇰 ScamAware	2026-06-18 14:45:52 (7 hours ago)	Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ... show more Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 3. Unique request paths counted internally: 3. Cloudflare action: block. Cloudflare source: firewallCustom. show less	Web App Attack
🇩🇪 big-cloud.nl	2026-06-18 14:32:47 (7 hours ago)	Try to access /api/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 14:12:19 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:74ca::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 10:12:11.038736 2026] [security2:error] [pid 11530:tid 11530] [client 2a06:a880:5:74ca::1:52994] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sangalgano.info"] [uri "/api/.env"] [unique_id "ajP8u7fVHOMs0Xj-tRs1MAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.127.71.67

🇱🇾 154.127.68.71

🇺🇸 71.6.237.25

🇨🇳 221.228.203.3

🇧🇪 198.235.24.247

🇨🇴 191.95.145.46

🇨🇳 111.228.33.68

🇷🇴 92.118.39.59

🇪🇸 79.117.76.211

🇺🇸 74.142.22.250

🇩🇪 47.254.167.143

🇳🇱 45.148.10.244

🇨🇳 14.103.112.5

🇦🇲 5.77.132.169

🇧🇪 198.235.24.168

🇺🇸 185.198.240.145

🇨🇳 180.153.197.242

🇳🇱 178.16.53.109

🇺🇸 173.239.240.15

🇺🇸 162.216.149.89