JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a09:bac5:a53c:32d::51:48

2a09:bac5:a53c:32d::51:48 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 61%: ?

61%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Cloudflare London, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Las Vegas, Nevada

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a09:bac5:a53c:32d::51:48

Whois 2a09:bac5:a53c:32d::51:48

IP Abuse Reports for 2a09:bac5:a53c:32d::51:48:

This IP address has been reported a total of 49 times from 16 distinct sources. 2a09:bac5:a53c:32d::51:48 was first reported on June 5th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-09 09:35:36 (2 weeks ago)	2a09:bac5:a53c:32d::51:48 - - [09/Jun/2026:17:35:36 +0800] "GET /.git/config HTTP/1.1" 404 196 "-" " ... show more 2a09:bac5:a53c:32d::51:48 - - [09/Jun/2026:17:35:36 +0800] "GET /.git/config HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" ... show less	Bad Web Bot Web App Attack
🇩🇪 HERA - Operations	2026-06-08 22:28:21 (2 weeks ago)	herrmann - searching for vulnerable scripts: config 2026/06/09 00:28:20	Web App Attack
🇨🇦 leithzz	2026-06-08 16:22:46 (2 weeks ago)	Report by Cloudflare.Time: 2026-06-08T16:21:40Z	DDoS Attack
🇺🇸 itsnixk	2026-06-08 12:21:00 (2 weeks ago)	(mod_security) mod_security (id:930130) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the l ... show more (mod_security) mod_security (id:930130) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Mon Jun 08 08:20:55.110269 2026] [security2:error] [pid 39825:tid 39894] [remote 2a09:bac5:a53c:32d::51:48:0] ModSecurity: Access denied with code 406 (phase 1). Matched phrase ".git/" at REQUEST_FILENAME. [file "/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "150"] [id "930130"] [msg "Restricted File Access Attempt"] [redacted] [severity "CRITICAL"] [ver "OWASP_CRS/4.26.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [redacted] [uri "/.git/config"] [unique_id "aiazpyn97-0TMT-LTxVTjAAAYzM"] show less	Port Scan
🇨🇿 akac	2026-06-08 10:01:14 (2 weeks ago)	Web vulnerability scanning: HTTP/1.1 GET /.git/config	Hacking Brute-Force Bad Web Bot Web App Attack
🇬🇧 pinguin	2026-06-08 08:37:25 (2 weeks ago)	Triggered Cloudflare WAF (firewallManaged) from US. Action taken: LOG Protocol: HTTP/1.1 (GET method ... show more Triggered Cloudflare WAF (firewallManaged) from US. Action taken: LOG Protocol: HTTP/1.1 (GET method) Endpoint: /.git/config UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇭 blinx	2026-06-08 05:36:19 (2 weeks ago)	Suspicious activity detected by Modsecurity	Web Spam Port Scan Hacking Bad Web Bot Web App Attack
🇳🇱 Webhoster	2026-06-08 02:30:29 (2 weeks ago)	{"ClientAddr":"162.158.244.148:11085","ClientHost":"2a09:bac5:a53c:32d::51:48","ClientPort":"11085", ... show more {"ClientAddr":"162.158.244.148:11085","ClientHost":"2a09:bac5:a53c:32d::51:48","ClientPort":"11085","ClientUsername":"-","DownstreamContentSize":0,"DownstreamStatus":403,"Duration":19517866,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":19517866,"RequestAddr":"ai.timvdberg.dev","RequestContentSize":0,"RequestCount":273998,"RequestHost":"ai.timvdberg.dev","RequestMethod":"GET","RequestPath":"/.git/HEAD","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"ai@file","StartLocal":"2026-06-08T02:30:28.896227577Z","StartUTC":"2026-06-08T02:30:28.896227577Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"https","level":"info","msg":"","request_Cf-Connecting-Ip":"2a09:bac5:a53c:32d::51:48","request_X-Forwarded-For":"2a09:bac5:a53c:32d::51:48","request_X-Real-Ip":"162.158.244.148","time":"2026-06-08T02:30:28Z"} {"ClientAddr":"162.158.244.149:10064","ClientHost":"2a09:bac5:a53c:32d::51:48","ClientP ... show less	Port Scan Hacking Bad Web Bot Web App Attack
🇺🇸 interbiznw.com	2026-06-08 02:11:33 (2 weeks ago)	malicious-web-requests-vulnerability-scanning	Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 10:22:27 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 06:22:23.403579 2026] [security2:error] [pid 17102:tid 17102] [client 2a09:bac5:a53c:32d::51:48:64818] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "4windsmedia.com"] [uri "/.git/config"] [unique_id "aiVGX66Z8Xg1ZwBhMPYDYgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-07 09:57:55 (2 weeks ago)	[SunJun0711:57:50.2503372026][security2:error][pid2569013:tid2569289][client2a09:bac5:a53c:32d::51:4 ... show more [SunJun0711:57:50.2503372026][security2:error][pid2569013:tid2569289][client2a09:bac5:a53c:32d::51:48:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".git\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"4-server.com\"][uri\"/.git/config\"][unique_id\"aiVAnl7ECkAK0ESuKZciZwAAARE\"] show less	Hacking Web App Attack
🇺🇸 mashamal	2026-06-07 08:45:52 (2 weeks ago)	Vulnerability Probe ...	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 08:20:19 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 04:20:13.975431 2026] [security2:error] [pid 3981:tid 3981] [client 2a09:bac5:a53c:32d::51:48:14282] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "4bearspress.wolter-hausser.com"] [uri "/.git/HEAD"] [unique_id "aiUpvWLgnbV9RIq5p-55oQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 05:53:35 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:53:30.867618 2026] [security2:error] [pid 12269:tid 12269] [client 2a09:bac5:a53c:32d::51:48:32790] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "43cambridge.com"] [uri "/.git/config"] [unique_id "aiUHWhJacyBdA_picT05fQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 01:35:21 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 2a09:bac5:a53c:32d::51:48 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 21:35:16.027555 2026] [security2:error] [pid 9179:tid 9179] [client 2a09:bac5:a53c:32d::51:48:59404] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3dcounty.com"] [uri "/.git/config"] [unique_id "aiTK1BcU5bBNrk8OqN3ViwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 199.45.154.127

🇩🇪 213.209.159.228

🇪🇹 196.188.175.244

🇨🇴 186.99.244.36

🇮🇷 185.113.9.199

🇺🇸 149.72.234.199

🇫🇷 91.231.89.3

🇧🇷 45.229.91.34

🇸🇬 35.187.231.181

🇺🇸 34.148.253.79

🇺🇸 18.217.153.212

🇨🇳 220.181.172.243

🇺🇸 209.126.84.139

🇰🇷 203.245.41.180

🇨🇳 124.88.113.170

🇨🇳 123.138.77.62

🇨🇳 106.4.161.21

🇧🇩 103.183.62.1

🇳🇱 91.92.40.5

🇳🇱 45.148.10.147