JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420

2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 49%: ?

49%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	netcup GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS197540
Domain Name	netcup.de
Country	🇩🇪 Germany
City	Nuremberg, Bavaria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420

Whois 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420

IP Abuse Reports for 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:

This IP address has been reported a total of 17 times from 10 distinct sources. 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 was first reported on June 15th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-16 05:15:11 (1 week ago)	12 attacks on env grabbing URLs: GET /api/.env HTTP/1.1	Hacking
🇩🇪 Viveronese	2026-06-15 20:50:06 (2 weeks ago)	HTTP vulnerability scanning	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 20:32:19 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ... show more (mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 16:32:10.553532 2026] [security2:error] [pid 29803:tid 29803] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:48972] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seacorre.de"] [uri "/api/.env"] [unique_id "ajBhSlkxIAPFGZghudRXJgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:59:41 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ... show more (mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:59:36.994031 2026] [security2:error] [pid 32545:tid 32625] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:57472] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "prismatik.com"] [uri "/.env"] [unique_id "ajBZqHpN2pvC13fJZ-JqywAAAdY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Teufel100	2026-06-15 19:24:32 (2 weeks ago)	ModSecurity rejected a query	Brute-Force Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:04:59 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ... show more (mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:04:51.680716 2026] [security2:error] [pid 3503:tid 3503] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:54494] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "evolutionmedical.help"] [uri "/api/.env"] [unique_id "ajBM0724Z8klaGd6upaN-AAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 XICTRON	2026-06-15 18:50:06 (2 weeks ago)	ModSecurity rule violation detected by Fail2Ban	Web App Attack
🇬🇧 pinguin	2026-06-15 17:56:30 (2 weeks ago)	Triggered Cloudflare WAF (firewallManaged) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET meth ... show more Triggered Cloudflare WAF (firewallManaged) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /database/.env UA: Go-http-client/1.1 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-15 17:12:59 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ... show more (mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:12:52.555764 2026] [security2:error] [pid 18274:tid 18274] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:50852] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rotorservice.com"] [uri "/api/.env"] [unique_id "ajAylLwNlXkd6Fw6-fhu0wAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:24:58 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ... show more (mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:24:49.628423 2026] [security2:error] [pid 26608:tid 26608] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:37390] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "guavaroad.com"] [uri "/api/.env"] [unique_id "ajAnUYmIuw4vVCLG_gGzQQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 13:11:23 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ... show more (mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 09:11:17.293385 2026] [security2:error] [pid 8689:tid 8689] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:47028] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marcedinc.com"] [uri "/api/.env"] [unique_id "ai_59Wy5eLSvTKoDgdwB_QAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 12:38:21 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): ... show more (mod_security) mod_security (id:210492) triggered by 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 08:38:14.561600 2026] [security2:error] [pid 29045:tid 29045] [client 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420:48148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gardnercastle.com"] [uri "/api/.env"] [unique_id "ai_yNtsK7HAAmeuUVaPp6gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-15 12:03:32 (2 weeks ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-15 11:50:55 (2 weeks ago)	2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 - - [15/Jun/2026:14:50:54 +0300] "GET /app/.env HTTP/1.1" 404 7 ... show more 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 - - [15/Jun/2026:14:50:54 +0300] "GET /app/.env HTTP/1.1" 404 729 "-" "Go-http-client/1.1" 2a0a:4cc0:c2:575:a4ba:baff:fe98:6420 - - [15/Jun/2026:14:50:54 +0300] "GET /.env HTTP/1.1" 404 729 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇸 dtorrer	2026-06-15 11:36:36 (2 weeks ago)	General vulnerability scan.	Port Scan

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.51.132.104

🇸🇬 198.38.91.141

🇫🇷 91.231.89.135

🇺🇸 34.135.200.178

🇺🇸 2607:f8b0:4004:c23::126

🇰🇷 218.144.90.41

🇲🇾 202.165.29.219

🇧🇩 103.112.54.86

🇲🇩 91.208.197.64

🇨🇦 85.217.149.59

🇳🇱 45.153.34.235

🇺🇸 198.1.93.192

🇦🇷 181.111.162.156

🇫🇷 135.125.29.132

🇹🇼 125.229.182.63

🇻🇳 103.110.87.57

🇹🇼 61.231.226.182

🇺🇸 50.78.25.138

🇭🇰 199.45.155.107

🇩🇪 193.124.20.251