AbuseIPDB » 2a0b:64c0:1::143

2a0b:64c0:1::143 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 28%: ?

28%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RoyaleHosting BV
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212477
Hostname(s)	hosted-by.royalehosting.net
Domain Name	royalehosting.net
Country	Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 2a0b:64c0:1::143

Whois 2a0b:64c0:1::143

IP Abuse Reports for 2a0b:64c0:1::143:

This IP address has been reported a total of 13 times from 8 distinct sources. 2a0b:64c0:1::143 was first reported on February 18th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Anonymous	2025-02-19 07:22:16 (1 month ago)	Ports: 80,443; Direction: 0; Trigger: LF_MODSEC	Brute-Force SSH
openstrike.co.uk	2025-02-19 06:12:44 (1 month ago)	11 attacks on deployment descriptor URLs, password grabbing URLs: GET /src/main/webapp/WEB-INF ... show more11 attacks on deployment descriptor URLs, password grabbing URLs: GET /src/main/webapp/WEB-INF/web.xml HTTP/1.1 GET /home/user/.aws/credentials HTTP/1.1 show less	Hacking
TPI-Abuse	2025-02-19 04:09:59 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): ... show more(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 18 23:09:51.442903 2025] [security2:error] [pid 22315:tid 22315] [client 2a0b:64c0:1::143:36812] [client 2a0b:64c0:1::143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "compassionfatigue.org"] [uri "/.env"] [unique_id "Z7VZj5NkI7JnBQ_lWIrhXgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-02-19 01:13:46 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): ... show more(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 18 20:13:40.123929 2025] [security2:error] [pid 11279:tid 11279] [client 2a0b:64c0:1::143:60188] [client 2a0b:64c0:1::143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "businessvaluationapp.com"] [uri "/.env"] [unique_id "Z7UwRGWCfWZ_ILtN6OsYwgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-02-19 00:33:36 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): ... show more(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 18 19:33:28.089315 2025] [security2:error] [pid 432965:tid 432965] [client 2a0b:64c0:1::143:52762] [client 2a0b:64c0:1::143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "davidocchino.com"] [uri "/.env"] [unique_id "Z7Um2MmX3zqWQo_tiDBc_wAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
dynamix	2025-02-18 23:58:36 (1 month ago)	Multiple WAF Violations	Web App Attack
TPI-Abuse	2025-02-18 21:41:45 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): ... show more(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 18 16:41:36.112424 2025] [security2:error] [pid 9993:tid 9993] [client 2a0b:64c0:1::143:57416] [client 2a0b:64c0:1::143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blairapartments.com"] [uri "/.env"] [unique_id "Z7T-kDk-YhBHcW-kdWInZQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-02-18 12:22:43 (1 month ago)	Aggressive web scan	Web App Attack
Anonymous	2025-02-18 10:47:56 (1 month ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
london2038.com	2025-02-18 08:11:53 (1 month ago)	Probing for exploits 2a0b:64c0:1::143 - - [18/Feb/2025:09:11:49 +0100] "GET /.env HTTP/1.1" 42 ... show moreProbing for exploits 2a0b:64c0:1::143 - - [18/Feb/2025:09:11:49 +0100] "GET /.env HTTP/1.1" 422 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" 2a0b:64c0:1::143 - - [18/Feb/2025:09:11:49 +0100] "GET /config.java HTTP/1.1" 422 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" show less	Hacking Web App Attack
TPI-Abuse	2025-02-18 07:46:29 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): ... show more(mod_security) mod_security (id:210492) triggered by 2a0b:64c0:1::143 (hosted-by.royalehosting.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 18 02:46:19.444519 2025] [security2:error] [pid 31023:tid 31023] [client 2a0b:64c0:1::143:50264] [client 2a0b:64c0:1::143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "handi-finder.com"] [uri "/.env"] [unique_id "Z7Q6y2Er9oFqjqmrN-jzpQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
cmbplf	2025-02-18 05:26:31 (1 month ago)	122 requests to *.env	Brute-Force Bad Web Bot
4server	2025-02-18 04:51:00 (1 month ago)	[TueFeb1805:50:51.8975772025][security2:error][pid1497088:tid1497253][client2a0b:64c0:1::143:0][clie ... show more[TueFeb1805:50:51.8975772025][security2:error][pid1497088:tid1497253][client2a0b:64c0:1::143:0][client2a0b:64c0:1::143]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"hostingedominio.com\"][uri\"/.env\"][unique_id\"Z7QRq9-Nrig5VV4FDVX9GQAAAAk\"][TueFeb1805:50:51.9599562025][security2:error][pid1497088:tid1497253][client2a0b:64c0:1::143:0][client2a0b:64c0:1::143]ModSecurity:Accessdeniedwithcode403$phase2$.Stringmatchwithin\".asa/.asax/.ascx/.backup/.bak/.bat/.cdx/.cer/.cfg/.cmd/.com/.config/.conf/.cs/.csproj/.csr/.dat/ show less	Blog Spam