JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a06:a880:5:ed5b::1

2a06:a880:5:ed5b::1 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 63%: ?

63%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	STYLISH BY A&L SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	07internet.ro
Country	🇳🇱 Netherlands
City	The Hague, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a06:a880:5:ed5b::1

Whois 2a06:a880:5:ed5b::1

IP Abuse Reports for 2a06:a880:5:ed5b::1:

This IP address has been reported a total of 14 times from 11 distinct sources. 2a06:a880:5:ed5b::1 was first reported on June 19th 2026, and the most recent report was 29 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 big-cloud.nl	2026-06-20 14:51:41 (29 minutes ago)	Try to access /.env	Web App Attack
Anonymous	2026-06-20 14:00:26 (1 hour ago)	Automatically blocked after 19 security events. Observed sensitive configuration-file probes. Source ... show more Automatically blocked after 19 security events. Observed sensitive configuration-file probes. Source: Cloudflare security controls. show less	Hacking Web App Attack
🇩🇪 maxpower	2026-06-20 10:28:16 (4 hours ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a06:a880:5:ed5b::1 (-): 2 in the last 3 ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 2a06:a880:5:ed5b::1 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 2a06:a880:5:ed5b::1 - - [20/Jun/2026:12:28:10 +0200] "GET /secrets.yml HTTP/2.0" 404 53013 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot" "-" host=www.confartigianato.pe.it 2a06:a880:5:ed5b::1 - - [20/Jun/2026:12:28:10 +0200] "GET /secrets.json HTTP/2.0" 404 53014 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected])" "-" host=www.confartigianato.pe.it show less	Port Scan
🇬🇧 Marten Mark	2026-06-20 09:01:40 (6 hours ago)	2a06:a880:5:ed5b::1 - - [20/Jun/2026:09:01:39 +0000] "GET /.aws/credentials HTTP/2.0" 404 24193 "-" ... show more 2a06:a880:5:ed5b::1 - - [20/Jun/2026:09:01:39 +0000] "GET /.aws/credentials HTTP/2.0" 404 24193 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ChatGPT-User/1.0; +https://openai.com/bot" ... show less	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-20 08:13:36 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:ed5b::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:ed5b::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 04:13:30.768360 2026] [security2:error] [pid 10789:tid 10816] [client 2a06:a880:5:ed5b::1:44042] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sujugada.com"] [uri "/.env"] [unique_id "ajZLqp2inrLMmq9EmFj2NgAAAVc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Viveronese	2026-06-20 07:19:44 (8 hours ago)	HTTP vulnerability scanning	Web App Attack
🇩🇪 expandmade.com	2026-06-20 06:51:39 (8 hours ago)	trolling for installation vulnerabilities [20/Jun/2026:06:51:39 "GET /backend/.env"]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 05:50:10 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:ed5b::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:ed5b::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 01:50:06.194301 2026] [security2:error] [pid 25570:tid 25570] [client 2a06:a880:5:ed5b::1:54790] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.doctorc.net"] [uri "/.env.bak"] [unique_id "ajYqDuSZdr1GceOs-8KuJwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-19 22:54:31 (16 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 horsemedia	2026-06-19 21:49:32 (17 hours ago)	probing for sensitive configuration files /.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 20:40:33 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:ed5b::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:ed5b::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 16:40:28.558241 2026] [security2:error] [pid 23882:tid 23882] [client 2a06:a880:5:ed5b::1:46764] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.vexxarr.com"] [uri "/api/.env"] [unique_id "ajWpPFBogLS06gqkyc0bhAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-06-19 19:35:03 (19 hours ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 19:20:15 (20 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a06:a880:5:ed5b::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a06:a880:5:ed5b::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 15:20:11.837787 2026] [security2:error] [pid 12552:tid 12552] [client 2a06:a880:5:ed5b::1:55914] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dokuzadabirdeniz.com"] [uri "/api/.env"] [unique_id "ajWWa-DLVkD1iAf7PGe1-gAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-19 18:45:02 (20 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.92

🇺🇸 191.102.159.163

🇺🇸 191.102.157.78

🇩🇪 138.68.70.115

🇺🇸 66.132.186.210

🇺🇸 66.132.172.231

🇮🇶 37.236.163.70

🇰🇷 211.105.44.231

🇺🇸 191.102.157.235

🇺🇸 191.102.157.152

🇺🇸 191.102.157.136

🇺🇸 191.102.155.84

🇭🇰 119.237.139.108

🇫🇮 86.114.24.234

🇺🇸 191.102.155.254

🇺🇸 191.102.155.221

🇺🇸 191.102.155.211

🇺🇸 191.102.155.44

🇰🇷 118.37.214.187

🇻🇳 222.255.39.127