JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a06:a880:5:c593::1

2a06:a880:5:c593::1 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 49%: ?

49%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	STYLISH BY A&L SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	07internet.ro
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a06:a880:5:c593::1

Whois 2a06:a880:5:c593::1

IP Abuse Reports for 2a06:a880:5:c593::1:

This IP address has been reported a total of 13 times from 7 distinct sources. 2a06:a880:5:c593::1 was first reported on June 18th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 alferez	2026-06-19 00:11:16 (2 hours ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 23:31:38 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 19:31:31.011913 2026] [security2:error] [pid 11523:tid 11523] [client 2a06:a880:5:c593::1:53982] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cortona.ws"] [uri "/.env.example"] [unique_id "ajR_08KtQo8FLGRtzXc-JQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 22:34:11 (4 hours ago)	"GET /api/.env HTTP/1.1"	Hacking Web App Attack
🇫🇷 SpaceHost-Server	2026-06-18 22:31:33 (4 hours ago)		Brute-Force Web App Attack
🇩🇪 big-cloud.nl	2026-06-18 21:16:18 (5 hours ago)	Try to access /api/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 21:12:22 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:12:14.732873 2026] [security2:error] [pid 5897:tid 5897] [client 2a06:a880:5:c593::1:41236] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "circlehealthcaregroup.com"] [uri "/.env.example"] [unique_id "ajRfLifSuDqFBYpUcUZeiwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 19:35:30 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 15:35:27.146816 2026] [security2:error] [pid 6419:tid 6419] [client 2a06:a880:5:c593::1:42180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cchockeyhistory.org"] [uri "/.env"] [unique_id "ajRIfwjDPQUzWNSNeO1xVwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 18:23:34 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 14:23:30.848352 2026] [security2:error] [pid 16456:tid 16456] [client 2a06:a880:5:c593::1:45998] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "campnecon.com"] [uri "/.env"] [unique_id "ajQ3ohVlidWgN4epASB_OgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 17:20:26 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 13:20:22.360810 2026] [security2:error] [pid 27175:tid 27175] [client 2a06:a880:5:c593::1:48550] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "buenasfrecuencias.com"] [uri "/api/.env"] [unique_id "ajQo1ho5U9W1Byvef00rlgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 16:25:45 (10 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 12:25:37.640730 2026] [security2:error] [pid 16842:tid 16842] [client 2a06:a880:5:c593::1:50072] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "borzoi-color.batw.net"] [uri "/.env.production"] [unique_id "ajQcAe3BslFA-aF8jnYMiQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 15:00:15 (11 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:c593::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 11:00:10.539755 2026] [security2:error] [pid 8968:tid 8968] [client 2a06:a880:5:c593::1:49100] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blacktvnow.com"] [uri "/.env"] [unique_id "ajQH-ppGYlA7Cuv5-7UcMAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-06-18 14:35:03 (12 hours ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇩🇪 macrob	2026-06-18 14:34:59 (12 hours ago)	2026/06/18 14:34:57 [error] 2926366#2926366: 314553028 access forbidden by rule, client: 2a06:a880: ... show more 2026/06/18 14:34:57 [error] 2926366#2926366: 314553028 access forbidden by rule, client: 2a06:a880:5:c593::1, server: bin-spin.com, request: "GET /.env.example HTTP/1.1", host: "bin-spin.com" 2026/06/18 14:34:57 [error] 2926368#2926368: 314553031 access forbidden by rule, client: 2a06:a880:5:c593::1, server: bin-spin.com, request: "GET /.aws/credentials HTTP/1.1", host: "bin-spin.com" 2026/06/18 14:34:57 [error] 2926368#2926368: 314553032 access forbidden by rule, client: 2a06:a880:5:c593::1, server: bin-spin.com, request: "GET /api/.env HTTP/1.1", host: "bin-spin.com" ... show less	Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.7

🇷🇺 185.94.111.1

🇨🇳 112.46.213.234

🇱🇹 91.224.92.17

🇳🇱 91.92.40.13

🇧🇬 79.124.49.70

🇬🇧 78.153.140.50

🇺🇸 66.132.186.171

🇧🇷 20.226.116.19

🇧🇷 201.159.185.41

🇪🇸 196.196.150.6

🇬🇧 185.216.145.190

🇨🇦 159.203.44.105

🇫🇮 147.185.133.3

🇺🇸 143.198.3.249

🇵🇭 124.105.76.50

🇮🇩 103.150.113.254

🇧🇬 79.124.62.134

🇺🇸 66.132.195.74

🇺🇸 23.29.118.224